From sle-updates at lists.suse.com Mon Aug 1 13:15:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:15:56 +0200 (CEST) Subject: SUSE-RU-2022:2616-1: moderate: Recommended update for scap-security-guide Message-ID: <20220801131556.4F9A8FDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2616-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for scap-security-guide fixes the following issues: - Fix the build for RHEL 7 and clones (python-setuptools is used) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2616=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2616=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2616=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2616=1 Package List: - openSUSE Leap 15.4 (noarch): scap-security-guide-0.1.62-150000.1.42.1 scap-security-guide-debian-0.1.62-150000.1.42.1 scap-security-guide-redhat-0.1.62-150000.1.42.1 scap-security-guide-ubuntu-0.1.62-150000.1.42.1 - openSUSE Leap 15.3 (noarch): scap-security-guide-0.1.62-150000.1.42.1 scap-security-guide-debian-0.1.62-150000.1.42.1 scap-security-guide-redhat-0.1.62-150000.1.42.1 scap-security-guide-ubuntu-0.1.62-150000.1.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): scap-security-guide-0.1.62-150000.1.42.1 scap-security-guide-debian-0.1.62-150000.1.42.1 scap-security-guide-redhat-0.1.62-150000.1.42.1 scap-security-guide-ubuntu-0.1.62-150000.1.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): scap-security-guide-0.1.62-150000.1.42.1 scap-security-guide-debian-0.1.62-150000.1.42.1 scap-security-guide-redhat-0.1.62-150000.1.42.1 scap-security-guide-ubuntu-0.1.62-150000.1.42.1 References: From sle-updates at lists.suse.com Mon Aug 1 13:16:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:16:41 +0200 (CEST) Subject: SUSE-SU-2022:2614-1: moderate: Security update for dwarves and elfutils Message-ID: <20220801131641.932C0FDCF@maintenance.suse.de> SUSE Security Update: Security update for dwarves and elfutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2614-1 Rating: moderate References: #1033084 #1033085 #1033086 #1033087 #1033088 #1033089 #1033090 #1082318 #1104264 #1106390 #1107066 #1107067 #1111973 #1112723 #1112726 #1123685 #1125007 SLE-24501 Cross-References: CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVSS scores: CVE-2017-7607 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7607 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7608 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7609 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7609 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7610 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7610 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7611 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7611 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7612 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7612 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-7613 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-7613 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-16062 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-16062 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-16402 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-16402 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-16403 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-16403 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18310 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18310 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18520 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18520 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-18521 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-18521 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-7146 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7148 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7149 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7150 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7150 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-7664 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7664 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-7665 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-7665 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 19 vulnerabilities, contains one feature is now available. Description: This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2614=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2614=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2614=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2614=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dwarves-1.22-150300.7.3.1 dwarves-debuginfo-1.22-150300.7.3.1 dwarves-debugsource-1.22-150300.7.3.1 elfutils-0.177-150300.11.3.1 elfutils-debuginfo-0.177-150300.11.3.1 elfutils-debugsource-0.177-150300.11.3.1 libasm-devel-0.177-150300.11.3.1 libasm1-0.177-150300.11.3.1 libasm1-debuginfo-0.177-150300.11.3.1 libdw-devel-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libdw1-debuginfo-0.177-150300.11.3.1 libdwarves-devel-1.22-150300.7.3.1 libdwarves1-1.22-150300.7.3.1 libdwarves1-debuginfo-1.22-150300.7.3.1 libebl-devel-0.177-150300.11.3.1 libebl-plugins-0.177-150300.11.3.1 libebl-plugins-debuginfo-0.177-150300.11.3.1 libelf-devel-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libelf1-debuginfo-0.177-150300.11.3.1 - openSUSE Leap 15.3 (x86_64): libasm1-32bit-0.177-150300.11.3.1 libasm1-32bit-debuginfo-0.177-150300.11.3.1 libdw1-32bit-0.177-150300.11.3.1 libdw1-32bit-debuginfo-0.177-150300.11.3.1 libdwarves-devel-32bit-1.22-150300.7.3.1 libdwarves1-32bit-1.22-150300.7.3.1 libdwarves1-32bit-debuginfo-1.22-150300.7.3.1 libebl-plugins-32bit-0.177-150300.11.3.1 libebl-plugins-32bit-debuginfo-0.177-150300.11.3.1 libelf-devel-32bit-0.177-150300.11.3.1 libelf1-32bit-0.177-150300.11.3.1 libelf1-32bit-debuginfo-0.177-150300.11.3.1 - openSUSE Leap 15.3 (noarch): elfutils-lang-0.177-150300.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dwarves-1.22-150300.7.3.1 dwarves-debuginfo-1.22-150300.7.3.1 dwarves-debugsource-1.22-150300.7.3.1 elfutils-0.177-150300.11.3.1 elfutils-debuginfo-0.177-150300.11.3.1 elfutils-debugsource-0.177-150300.11.3.1 libasm-devel-0.177-150300.11.3.1 libasm1-0.177-150300.11.3.1 libasm1-debuginfo-0.177-150300.11.3.1 libdw-devel-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libdw1-debuginfo-0.177-150300.11.3.1 libdwarves-devel-1.22-150300.7.3.1 libdwarves1-1.22-150300.7.3.1 libdwarves1-debuginfo-1.22-150300.7.3.1 libebl-devel-0.177-150300.11.3.1 libebl-plugins-0.177-150300.11.3.1 libebl-plugins-debuginfo-0.177-150300.11.3.1 libelf-devel-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libelf1-debuginfo-0.177-150300.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): elfutils-lang-0.177-150300.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdw1-32bit-0.177-150300.11.3.1 libdw1-32bit-debuginfo-0.177-150300.11.3.1 libdwarves-devel-32bit-1.22-150300.7.3.1 libdwarves1-32bit-1.22-150300.7.3.1 libdwarves1-32bit-debuginfo-1.22-150300.7.3.1 libebl-plugins-32bit-0.177-150300.11.3.1 libebl-plugins-32bit-debuginfo-0.177-150300.11.3.1 libelf1-32bit-0.177-150300.11.3.1 libelf1-32bit-debuginfo-0.177-150300.11.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dwarves-1.22-150300.7.3.1 dwarves-debuginfo-1.22-150300.7.3.1 dwarves-debugsource-1.22-150300.7.3.1 elfutils-0.177-150300.11.3.1 elfutils-debuginfo-0.177-150300.11.3.1 elfutils-debugsource-0.177-150300.11.3.1 libasm1-0.177-150300.11.3.1 libasm1-debuginfo-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libdw1-debuginfo-0.177-150300.11.3.1 libdwarves-devel-1.22-150300.7.3.1 libdwarves1-1.22-150300.7.3.1 libdwarves1-debuginfo-1.22-150300.7.3.1 libebl-plugins-0.177-150300.11.3.1 libebl-plugins-debuginfo-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libelf1-debuginfo-0.177-150300.11.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dwarves-1.22-150300.7.3.1 dwarves-debuginfo-1.22-150300.7.3.1 dwarves-debugsource-1.22-150300.7.3.1 elfutils-0.177-150300.11.3.1 elfutils-debuginfo-0.177-150300.11.3.1 elfutils-debugsource-0.177-150300.11.3.1 libasm1-0.177-150300.11.3.1 libasm1-debuginfo-0.177-150300.11.3.1 libdw1-0.177-150300.11.3.1 libdw1-debuginfo-0.177-150300.11.3.1 libdwarves-devel-1.22-150300.7.3.1 libdwarves1-1.22-150300.7.3.1 libdwarves1-debuginfo-1.22-150300.7.3.1 libebl-plugins-0.177-150300.11.3.1 libebl-plugins-debuginfo-0.177-150300.11.3.1 libelf1-0.177-150300.11.3.1 libelf1-debuginfo-0.177-150300.11.3.1 References: https://www.suse.com/security/cve/CVE-2017-7607.html https://www.suse.com/security/cve/CVE-2017-7608.html https://www.suse.com/security/cve/CVE-2017-7609.html https://www.suse.com/security/cve/CVE-2017-7610.html https://www.suse.com/security/cve/CVE-2017-7611.html https://www.suse.com/security/cve/CVE-2017-7612.html https://www.suse.com/security/cve/CVE-2017-7613.html https://www.suse.com/security/cve/CVE-2018-16062.html https://www.suse.com/security/cve/CVE-2018-16402.html https://www.suse.com/security/cve/CVE-2018-16403.html https://www.suse.com/security/cve/CVE-2018-18310.html https://www.suse.com/security/cve/CVE-2018-18520.html https://www.suse.com/security/cve/CVE-2018-18521.html https://www.suse.com/security/cve/CVE-2019-7146.html https://www.suse.com/security/cve/CVE-2019-7148.html https://www.suse.com/security/cve/CVE-2019-7149.html https://www.suse.com/security/cve/CVE-2019-7150.html https://www.suse.com/security/cve/CVE-2019-7664.html https://www.suse.com/security/cve/CVE-2019-7665.html https://bugzilla.suse.com/1033084 https://bugzilla.suse.com/1033085 https://bugzilla.suse.com/1033086 https://bugzilla.suse.com/1033087 https://bugzilla.suse.com/1033088 https://bugzilla.suse.com/1033089 https://bugzilla.suse.com/1033090 https://bugzilla.suse.com/1082318 https://bugzilla.suse.com/1104264 https://bugzilla.suse.com/1106390 https://bugzilla.suse.com/1107066 https://bugzilla.suse.com/1107067 https://bugzilla.suse.com/1111973 https://bugzilla.suse.com/1112723 https://bugzilla.suse.com/1112726 https://bugzilla.suse.com/1123685 https://bugzilla.suse.com/1125007 From sle-updates at lists.suse.com Mon Aug 1 13:18:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:18:47 +0200 (CEST) Subject: SUSE-RU-2022:2612-1: moderate: Recommended update for obs-service-kiwi_metainfo_helper Message-ID: <20220801131847.4038DFDCF@maintenance.suse.de> SUSE Recommended Update: Recommended update for obs-service-kiwi_metainfo_helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2612-1 Rating: moderate References: #1195061 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for obs-service-kiwi_metainfo_helper fixes the following issues: - Generate OS_VERSION_NO_DASH based on os-release VERSION, to replace dash with space in OS name (bsc#1195061) - Improve examples in README. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2612=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2612=1 Package List: - openSUSE Leap 15.4 (noarch): obs-service-kiwi_metainfo_helper-0.6-150000.1.18.1 - openSUSE Leap 15.3 (noarch): obs-service-kiwi_metainfo_helper-0.6-150000.1.18.1 References: https://bugzilla.suse.com/1195061 From sle-updates at lists.suse.com Mon Aug 1 13:19:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:19:16 +0200 (CEST) Subject: SUSE-SU-2022:2617-1: important: Security update for oracleasm Message-ID: <20220801131916.A6CEAFDCF@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2617-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-2617=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): oracleasm-kmp-rt-2.0.8_k5.3.18_150300.93-150300.3.2.4 oracleasm-kmp-rt-debuginfo-2.0.8_k5.3.18_150300.93-150300.3.2.4 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Mon Aug 1 13:19:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:19:49 +0200 (CEST) Subject: SUSE-SU-2022:2609-1: important: Security update for booth Message-ID: <20220801131949.48EB7FDCF@maintenance.suse.de> SUSE Security Update: Security update for booth ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2609-1 Rating: important References: #1201946 Cross-References: CVE-2022-2553 CVSS scores: CVE-2022-2553 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2609=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2609=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): booth-1.0+20210519.bfb2f92-150400.3.3.1 booth-debuginfo-1.0+20210519.bfb2f92-150400.3.3.1 booth-debugsource-1.0+20210519.bfb2f92-150400.3.3.1 booth-test-1.0+20210519.bfb2f92-150400.3.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): booth-1.0+20210519.bfb2f92-150400.3.3.1 booth-debuginfo-1.0+20210519.bfb2f92-150400.3.3.1 booth-debugsource-1.0+20210519.bfb2f92-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2553.html https://bugzilla.suse.com/1201946 From sle-updates at lists.suse.com Mon Aug 1 13:20:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:20:27 +0200 (CEST) Subject: SUSE-SU-2022:2605-1: important: Security update for booth Message-ID: <20220801132027.E1CBDFDCF@maintenance.suse.de> SUSE Security Update: Security update for booth ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2605-1 Rating: important References: #1201946 Cross-References: CVE-2022-2553 CVSS scores: CVE-2022-2553 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Availability GEO 12-SP4 SUSE Linux Enterprise High Availability GEO 12-SP5 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability GEO 12-SP5: zypper in -t patch SUSE-SLE-HA-GEO-12-SP5-2022-2605=1 - SUSE Linux Enterprise High Availability GEO 12-SP4: zypper in -t patch SUSE-SLE-HA-GEO-12-SP4-2022-2605=1 Package List: - SUSE Linux Enterprise High Availability GEO 12-SP5 (s390x x86_64): booth-1.0-42.3.1 booth-debuginfo-1.0-42.3.1 booth-debugsource-1.0-42.3.1 - SUSE Linux Enterprise High Availability GEO 12-SP4 (s390x x86_64): booth-1.0-42.3.1 booth-debuginfo-1.0-42.3.1 booth-debugsource-1.0-42.3.1 References: https://www.suse.com/security/cve/CVE-2022-2553.html https://bugzilla.suse.com/1201946 From sle-updates at lists.suse.com Mon Aug 1 13:22:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:22:24 +0200 (CEST) Subject: SUSE-SU-2022:2615-1: important: Security update for the Linux Kernel Message-ID: <20220801132224.AA083FDCF@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2615-1 Rating: important References: #1055117 #1061840 #1065729 #1071995 #1089644 #1103269 #1118212 #1121726 #1137728 #1156395 #1157038 #1157923 #1175667 #1179439 #1179639 #1180814 #1183682 #1183872 #1184318 #1184924 #1187716 #1188885 #1189998 #1190137 #1190208 #1190336 #1190497 #1190768 #1190786 #1190812 #1191271 #1191663 #1192483 #1193064 #1193277 #1193289 #1193431 #1193556 #1193629 #1193640 #1193787 #1193823 #1193852 #1194086 #1194111 #1194191 #1194409 #1194501 #1194523 #1194526 #1194583 #1194585 #1194586 #1194625 #1194765 #1194826 #1194869 #1195099 #1195287 #1195478 #1195482 #1195504 #1195651 #1195668 #1195669 #1195775 #1195823 #1195826 #1195913 #1195915 #1195926 #1195944 #1195957 #1195987 #1196079 #1196114 #1196130 #1196213 #1196306 #1196367 #1196400 #1196426 #1196478 #1196514 #1196570 #1196723 #1196779 #1196830 #1196836 #1196866 #1196868 #1196869 #1196901 #1196930 #1196942 #1196960 #1197016 #1197157 #1197227 #1197243 #1197292 #1197302 #1197303 #1197304 #1197362 #1197386 #1197501 #1197601 #1197661 #1197675 #1197761 #1197817 #1197819 #1197820 #1197888 #1197889 #1197894 #1197915 #1197917 #1197918 #1197920 #1197921 #1197922 #1197926 #1198009 #1198010 #1198012 #1198013 #1198014 #1198015 #1198016 #1198017 #1198018 #1198019 #1198020 #1198021 #1198022 #1198023 #1198024 #1198027 #1198030 #1198034 #1198058 #1198217 #1198379 #1198400 #1198402 #1198412 #1198413 #1198438 #1198484 #1198577 #1198585 #1198660 #1198802 #1198803 #1198806 #1198811 #1198826 #1198835 #1198968 #1198971 #1199011 #1199024 #1199035 #1199046 #1199052 #1199063 #1199163 #1199173 #1199260 #1199314 #1199390 #1199426 #1199433 #1199439 #1199482 #1199487 #1199505 #1199507 #1199605 #1199611 #1199626 #1199631 #1199650 #1199657 #1199674 #1199736 #1199793 #1199839 #1199875 #1199909 #1200015 #1200019 #1200045 #1200046 #1200144 #1200205 #1200211 #1200259 #1200263 #1200284 #1200315 #1200343 #1200420 #1200442 #1200475 #1200502 #1200567 #1200569 #1200571 #1200572 #1200599 #1200600 #1200608 #1200611 #1200619 #1200692 #1200762 #1200763 #1200806 #1200807 #1200808 #1200809 #1200810 #1200812 #1200815 #1200816 #1200820 #1200822 #1200824 #1200825 #1200827 #1200828 #1200829 #1200830 #1200845 #1200882 #1200925 #1201050 #1201160 #1201171 #1201177 #1201193 #1201196 #1201218 #1201222 #1201228 #1201251 #150300 SLE-13513 SLE-13521 SLE-15442 SLE-17855 SLE-18194 SLE-18234 SLE-18375 SLE-18377 SLE-18378 SLE-18382 SLE-18385 SLE-18901 SLE-18938 SLE-18978 SLE-19001 SLE-19026 SLE-19242 SLE-19249 SLE-19253 SLE-19924 SLE-21315 SLE-23643 SLE-24072 SLE-24093 SLE-24350 SLE-24549 Cross-References: CVE-2021-26341 CVE-2021-33061 CVE-2021-4204 CVE-2021-44879 CVE-2021-45402 CVE-2022-0264 CVE-2022-0494 CVE-2022-0617 CVE-2022-1012 CVE-2022-1016 CVE-2022-1184 CVE-2022-1198 CVE-2022-1205 CVE-2022-1508 CVE-2022-1651 CVE-2022-1652 CVE-2022-1671 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1998 CVE-2022-20132 CVE-2022-20154 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-2318 CVE-2022-23222 CVE-2022-26365 CVE-2022-26490 CVE-2022-29582 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33981 CVE-2022-34918 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4204 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45402 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45402 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-0264 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0264 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0494 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2022-0494 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1508 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L CVE-2022-1651 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1671 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1789 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1789 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1852 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1852 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1972 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1998 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1998 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23222 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23222 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29582 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29582 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33743 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33743 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 48 vulnerabilities, contains 26 features and has 202 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875) - CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674) - CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968) - CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439) - CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433) - CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811) - CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386) - CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111) - CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765) - CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). - CVE-2022-1679: Fixed use-after-free in ath9k in ath9k_hif_usb_rx_cb (bsc#1199487). - CVE-2022-20132: Fixed several potential out of bounds reads via malicious HID device (bsc#1200619). - CVE-2022-1012: Fixed an information leak in net/ipv4/tcp.c (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bnc#1200692). - CVE-2022-1998: Fixed use-after-free in fanotify (bnc#1200284). The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: PM: Revert "Only mark EC GPE for wakeup on Intel systems" (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - Add references to IBM bugs - Add various fsctl structs (bsc#1193629). - Adjust cifssb maximum read size (bsc#1193629). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Test for "silence" field in struct "pcm_format_data" (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913). - ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - amd/display: set backlight only if required (git-fixes). - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - arm64: Add support for user sub-page fault probing (git-fixes) - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - arm64: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - arm64: dts: agilex: use the compatible "intel,socfpga-agilex-hsotg" (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - arm64: fix types in copy_highpage() (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: mm: fix p?d_leaf() (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: socfpga: change qspi to "intel,socfpga-qspi" (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: fix co-processor register typo (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277). - ARM: mediatek: select arch timer for mt7629 (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13" (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: soc-ops: fix error handling (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath11k: Do not check arvif->is_started before sending management frames (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - audit: improve audit queue handling when "audit=1" on cmdline (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Do not let waker requests skip proper accounting (bsc#1184318). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Limit waker detection in time (bsc#1184318). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Relax waker detection for shared queues (bsc#1184318). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - bitfield: add explicit inclusions to the example (git-fixes). - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blktrace: fix use after free for struct blk_trace (bsc#1198017). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - block: do not delete queue kobject before its children (bsc#1198019). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - block: Fix up kabi after blkcg merge fix (bsc#1198020). - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - block: limit request dispatch loop duration (bsc#1198022). - block/mq-deadline: Improve request accounting further (bsc#1198009). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Add check_func_arg_reg_off function (git-fixes). - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#927455 bsc#1198585). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes). - bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning (bsc#1196868). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - cifs: avoid parallel session setups on same channel (bsc#1193629). - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - cifs: check reconnects for channels of active tcons too (bsc#1193629). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - cifs: clean up an inconsistent indenting (bsc#1193629). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - cifs: fix bad fids sent over wire (bsc#1197157). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - cifs: fix handlecache and multiuser (bsc#1193629). - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - cifs: fix minor compile warning (bsc#1193629). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - cifs: fix potential double free during failed mount (bsc#1193629). - cifs: fix potential race with cifsd thread (bsc#1193629). - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - cifs: fix the connection state transitions with multichannel (bsc#1193629). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - cifs: force new session setup and tcon for dfs (bsc#1193629). - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - cifs: make status checks in version independent callers (bsc#1193629). - cifs: mark sessions for reconnection in helper function (bsc#1193629). - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - cifs: move superblock magic defitions to magic.h (bsc#1193629). - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - cifs: print TIDs as hex (bsc#1193629). - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - cifs: release cached dentries only if mount is complete (bsc#1193629). - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - cifs: remove redundant assignment to pointer p (bsc#1193629). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - cifs: remove unused variable ses_selected (bsc#1193629). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - cifs: return the more nuanced writeback error on close() (bsc#1193629). - cifs: serialize all mount attempts (bsc#1193629). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - cifs: skip trailing separators of prefix paths (bsc#1193629). - cifs: smbd: fix typo in comment (bsc#1193629). - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - cifs: use new enum for ses_status (bsc#1193629). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - cifs: writeback fix (bsc#1193629). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - cpufreq-fix-memory-leak-in-sun50i_cpufreq_nvmem_prob.patch: (git-fixes). - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: amlogic - call finalize with bh disabled (git-fixes). - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - dim: initialize all struct fields (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - Documentation: update stable tree link (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - driver base: fix compaction sysfs file leak (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - driver core: dd: fix return value of __setup handler (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - driver: hv: Rename 'alloced' to 'allocated' (git-fixes). - driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - driver: hv: vmbus: Fix potential crash on module unload (git-fixes). - driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - driver: net: xgene: Fix regression in CRC stripping (git-fixes). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - drm/amdgpu: do not do resets on APUs which do not support it (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: do not use BACO for reset in S3 (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes). - drm/amdkfd: Fix GWS queue count (bsc#1190786) - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/amdkfd: remove unused function (git-fixes). - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - drm/ast: Create threshold values for AST2600 (bsc#1190786) - drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - drm: bridge: icn6211: Fix register layout (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/connector: Fix typo in output format (bsc#1190786) - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - drm/edid: Always set RGB444 (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/i915/gem: add missing else (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - drm/i915/ttm: ensure we unmap when purging (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Widen the QGV point mask (git-fixes). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dp: remove fail safe mode related code (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm/dsi: Use "ref" fw clock instead of global name for VCO parent (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm: properly add and remove internal bridges (bsc#1190768) - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/simpledrm: Add "panel orientation" property on non-upright mounted LCD panels (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1190786) - drm/vmwgfx: validate the screen formats (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported "bus-frequency" (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - EDAC/altera: Fix deferred probing (bsc#1190497). - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - EDAC/xgene: Fix deferred probing (bsc#1190497). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - efivars: Respect "block" flag in efivar_entry_set_safe() (git-fixes). - enable DRM_BOCHS as module (bsc#1200572) - epic100: fix use after free on rmmod (git-fixes). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - exec: Force single empty string when argv is empty (bsc#1200571). - ext2: correct max file size computing (bsc#1197820). - ext4: avoid trim error on fs with small groups (bsc#1191271). - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix ext4_fc_stats trace point (git-fixes). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - firmware: use kernel credentials when reading firmware (git-fixes). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1193629). - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - fs: fix fd table size alignment properly (bsc#1200882). - fs: handle circular mappings correctly (bsc#1197918). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - fsnotify: fix wrong lockdep annotations (bsc#1200815). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - fuse: fix fileattr op failure (bsc#1197292). - gen_init_cpio: fix short read file handling (bsc#1193289). - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq: Synchronize interrupt thread startup (git-fixes) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - hide appended member supports_dynamic_smps_6ghz (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - hv_balloon: rate-limit "Unhandled message" warning (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - i2c: qcom-cci: do not delete an unregistered adapter (git-fixes). - i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes). - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: Clear default forwarding VSI during VSI release (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: Do not use GFP_KERNEL in atomic context (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: kabi protect ice_pf (bsc#1200502). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - init/main.c: return 1 from handled __setup() functions (git-fixes). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - Input: synaptics: retry query upon error (bsc#1194086). - Input: wm97xx: Simplify resource management (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - iocost: do not reset the inuse weight of under-weighted debtors (git-fixes). - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - iomap: iomap_write_failed fix (bsc#1200829). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Correctly print AQ errors if completions are not received (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Do not send reset commands if FW isn't running (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). - io_uring: do not halt iopoll too early (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes). - iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: pcie: fix locking when "HW not ready" (git-fixes). - iwlwifi: pcie: gen2: fix locking when "HW not ready" (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ixgbe: ensure IPsec VF - PF compatibility (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI: Fix kABI after "x86/mm/cpa: Generalize __set_memory_enc_pgtable()" (jsc#SLE-19924). - kABI fix of sysctl_run_estimation (git-fixes). - kABI: fix rndis_parameters locking (git-fixes). - kABI: ivtv: restore caps member (git-fixes). - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - kABI workaround for fxls8962af iio accel drivers (git-fixes). - kABI workaround for pci quirks (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - kselftest/arm64: bti: force static linking (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - KVM: VMX: Read Posted Interrupt "control" exactly once per loop iteration (git-fixes). - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - KVM: VMX: Remove defunct "nr_active_uret_msrs" field (git-fixes). - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes). - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req (git-fixes). - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - lib: bitmap: fix many kernel-doc warnings (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - lib/iov_iter: initialize "flags" in new pipe_buffer (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998). - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - LSM: general protection fault in legacy_parse_param (git-fixes). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - mac80211: fix forwarded mesh frames AC and queue selection (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).") - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - maple: fix wrong return value of maple_bus_init() (git-fixes). - md: Do not set mddev private to NULL in raid0 pers->free (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: camss: csid-170: do not enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: vfe-170: fix "VFE halt timeout" error (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: i2c: max9286: Use "maxim,gpio-poc" property (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: ov5648: Do not pack controls struct (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Fix set format try processing path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: rockchip/rga: do proper error checking in probe (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: add raptor lake point S DID (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - mlx5: kabi protect lag_mp (git-fixes). - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: block: fix read single on recovery logic (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - mm, thp: lock filemap when truncating page cache (bsc#1198023). - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - modpost: restore the warning message for missing symbol versions (git-fixes). - Move upstreamed ALSA fix into sorted section - Move upstreamed x86 patches into sorted section - mptcp: add missing documented NL params (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: fix encap offload ethernet type check (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - net: bnxt_ptp: fix compilation error (bsc#1199736). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Remove unused enum (bsc#1200502). - net: ipa: disable HOLB drop when updating timer (git-fixes). - net: ipa: HOLB register sometimes must be written twice (git-fixes). - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - net: marvell: prestera: fix double free issue on err path (git-fixes). - net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net: mvmdio: fix compilation warning (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: correct spelling error of media in documentation (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: sfc: add missing xdp queue reinitialization (git-fixes). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *" (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Use a mutex for locking "struct smc_pnettable" (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - nfc: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - nfc: port100: fix use-after-free in port100_send_complete (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483). - NFSD: allow lock state ids to be revoked and then freed (bsc#1192483). - NFSD: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483). - NFSD: Fix a write performance regression (bsc#1197016). - NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes). - NFSD: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes). - NFS: Do not overfill uncached readdir pages (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFSD: prepare for supporting admin-revocation of state (bsc#1192483). - NFSD: Replace use of rwsem with errseq_t (bsc#1196960). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFS: fix broken handling of the softreval mount option (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - nl80211: validate S1G channel width (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - nvme: add verbose error logging (bsc#1200567). Update config files. - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme: send uevent on connection up (jsc#SLE-23643). - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - objtool: Fix code relocs vs weak symbols (git-fixes). - objtool: Fix type of reloc::addend (git-fixes). - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - of: unittest: update text of expected warnings (git-fixes). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Do not mask irq when mapping (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Do not pass task around when ctx sched in (git-fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf/core: Fix cgroup event list management (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID" (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - platform/x86: asus-wmi: Fix "unsigned 'retval' is never less than zero" smatch warning (bsc#1198058). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp288_fuel_gauge: Drop BIOS version check from "T3 MRD" DMI quirk (git-fixes). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - proc: bootconfig: Add null pointer check (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - psi: fix "defined but not used" warnings when (git-fixes) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - pvpanic: Fix typos in the comments (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qed: display VF trust config (git-fixes). - qede: confirm skb is allocated before using (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - qed: return status of qed_iov_get_link (git-fixes). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - Revert "drm/amd/display: Fix DCN3 B0 DP Alt Mapping" (git-fixes). - Revert "svm: Add warning message for AVIC IPI invalid target" (git-fixes). - rfkill: make new event layout opt-in (git-fixes). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - riscv: Fix fill_callchain return value (git fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390-dasd-fix-data-corruption-for-ESE-devices (bsc#1200205 LTC#198456). - s390/dasd: fix data corruption for ESE devices (git-fixes). - s390-dasd-Fix-read-for-ESE-with-blksize-4k (bsc#1200211 LTC#198457). - s390/dasd: Fix read for ESE with blksize 4k (git-fixes). - s390-dasd-Fix-read-inconsistency-for-ESE-DASD-devices (bsc#1200211 LTC#198457). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390-dasd-prevent-double-format-of-tracks-for-ESE-devices (bsc#1200205 LTC#198456). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - s390/setup: avoid reserving memory above identity mapping (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - sched/core: Export pelt_thermal_tp (git-fixes) - sched/core: Fix forceidle balancing (git-fixes) - sched/core: Mitigate race (git-fixes) - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - sched/fair: Revise comment about lb decision matrix (git-fixes) - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - sched/psi: report zeroes for CPU full at the system level (git-fixes) - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - sched/sugov: Ignore busy filter when rq is capped by (git-fixes) - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: hisi_sas: Fix some issues related to asd_sas_port-phy_list (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftest: KVM: Add open sev dev helper (bsc#1194526). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - selftests: kvm: Remove absent target file (git-fixes). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: Use swap() instead of open coding it (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - slip: fix macro redefine warning (git-fixes). - smb3: add mount parm nosparse (bsc#1193629). - smb3: add trace point for lease not found issue (bsc#1193629). - smb3: add trace point for oplock not found (bsc#1193629). - smb3: check for null tcon (bsc#1193629). - smb3: cleanup and clarify status of tree connections (bsc#1193629). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). - smb3: fix snapshot mount option (bsc#1193629). - [smb3] improve error message when mount options conflict with posix (bsc#1193629). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - [smb3] move more common protocol header definitions to smbfs_common (bsc#1193629). - smb3: send NTLMSSP version information (bsc#1193629). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - staging: most: dim2: use device release method (git-fixes). - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: vc04_services: shut up out-of-range warning (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - staging: vchiq: Refactor vchiq cdev code (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - SUNRPC do not resend a task on an offlined transport (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - supported.conf: add intel_sdsi - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - TOMOYO: fix __setup handlers return values (git-fixes). - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - tools: bpftool: Complete metrics list in "bpftool prog profile" doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, -B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: Fix error handling in async work (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have trace event string test handle zero length strings (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histogram: Fix sorting on old "cpu" value (git-fixes). - tracing/osnoise: Force quiescent states while tracing (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes). - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - udmabuf: validate ubuf->pagecount (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm (git-fixes). - usb: dwc3: pci: Add "snps,dis_u2_susphy_quirk" for Intel Bay Trail (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: gadget: eliminate anonymous module_init and module_exit (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - usb: gadget: validate endpoint index for xilinx udc (git-fixes). - usb: gadget: validate interface OS descriptor requests (git-fixes). - usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - usb: new quirk for Dell Gen 2 devices (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - usb: serial: cp210x: add NCR Retail IO box id (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - usb: serial: io_ti: add Agilent E5805A support (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - usb: serial: option: add Quectel BG95 modem (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - usb: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add support for DW5829e (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: serial: option: add Telit LE910R1 compositions (git-fixes). - usb: serial: option: add ZTE MF286D modem (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - usb: serial: pl2303: fix GS type detection (git-fixes). - usb: serial: pl2303: fix type detection for odd device (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: simple: add Nokia phone driver (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: eliminate anonymous module_init and module_exit (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - usb: zaurus: support another broken Zaurus (git-fixes). - vdpasim: allow to enable a vq repeatedly (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes). - vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio_blk: eliminate anonymous module_init and module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init and module_exit (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-net: realign page_to_skb() after merges (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - vsprintf: Fix potential unaligned access (bsc#1198379). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - x86/kvmclock: Fix Hyper-V Isolated VM boot issue when vCPUs 64 (bsc#1183682). - x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682). - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: fix is_xen_pmu() (git-fixes). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xfs: drop async cache flushes from CIL commits (bsc#1195669). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with pool migrate_lock (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2615=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2615=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-azure-5.14.21-150400.14.7.1 cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.7.1 dlm-kmp-azure-5.14.21-150400.14.7.1 dlm-kmp-azure-debuginfo-5.14.21-150400.14.7.1 gfs2-kmp-azure-5.14.21-150400.14.7.1 gfs2-kmp-azure-debuginfo-5.14.21-150400.14.7.1 kernel-azure-5.14.21-150400.14.7.1 kernel-azure-debuginfo-5.14.21-150400.14.7.1 kernel-azure-debugsource-5.14.21-150400.14.7.1 kernel-azure-devel-5.14.21-150400.14.7.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.7.1 kernel-azure-extra-5.14.21-150400.14.7.1 kernel-azure-extra-debuginfo-5.14.21-150400.14.7.1 kernel-azure-livepatch-devel-5.14.21-150400.14.7.1 kernel-azure-optional-5.14.21-150400.14.7.1 kernel-azure-optional-debuginfo-5.14.21-150400.14.7.1 kernel-syms-azure-5.14.21-150400.14.7.1 kselftests-kmp-azure-5.14.21-150400.14.7.1 kselftests-kmp-azure-debuginfo-5.14.21-150400.14.7.1 ocfs2-kmp-azure-5.14.21-150400.14.7.1 ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.7.1 reiserfs-kmp-azure-5.14.21-150400.14.7.1 reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.7.1 - openSUSE Leap 15.4 (noarch): kernel-devel-azure-5.14.21-150400.14.7.1 kernel-source-azure-5.14.21-150400.14.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): kernel-azure-5.14.21-150400.14.7.1 kernel-azure-debuginfo-5.14.21-150400.14.7.1 kernel-azure-debugsource-5.14.21-150400.14.7.1 kernel-azure-devel-5.14.21-150400.14.7.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.7.1 kernel-syms-azure-5.14.21-150400.14.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): kernel-devel-azure-5.14.21-150400.14.7.1 kernel-source-azure-5.14.21-150400.14.7.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-4204.html https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2021-45402.html https://www.suse.com/security/cve/CVE-2022-0264.html https://www.suse.com/security/cve/CVE-2022-0494.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1198.html https://www.suse.com/security/cve/CVE-2022-1205.html https://www.suse.com/security/cve/CVE-2022-1508.html https://www.suse.com/security/cve/CVE-2022-1651.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1671.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1789.html https://www.suse.com/security/cve/CVE-2022-1852.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1972.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1998.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-23222.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-29582.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-30594.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33743.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1089644 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1118212 https://bugzilla.suse.com/1121726 https://bugzilla.suse.com/1137728 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1157038 https://bugzilla.suse.com/1157923 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1179439 https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1180814 https://bugzilla.suse.com/1183682 https://bugzilla.suse.com/1183872 https://bugzilla.suse.com/1184318 https://bugzilla.suse.com/1184924 https://bugzilla.suse.com/1187716 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1189998 https://bugzilla.suse.com/1190137 https://bugzilla.suse.com/1190208 https://bugzilla.suse.com/1190336 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1190768 https://bugzilla.suse.com/1190786 https://bugzilla.suse.com/1190812 https://bugzilla.suse.com/1191271 https://bugzilla.suse.com/1191663 https://bugzilla.suse.com/1192483 https://bugzilla.suse.com/1193064 https://bugzilla.suse.com/1193277 https://bugzilla.suse.com/1193289 https://bugzilla.suse.com/1193431 https://bugzilla.suse.com/1193556 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1193640 https://bugzilla.suse.com/1193787 https://bugzilla.suse.com/1193823 https://bugzilla.suse.com/1193852 https://bugzilla.suse.com/1194086 https://bugzilla.suse.com/1194111 https://bugzilla.suse.com/1194191 https://bugzilla.suse.com/1194409 https://bugzilla.suse.com/1194501 https://bugzilla.suse.com/1194523 https://bugzilla.suse.com/1194526 https://bugzilla.suse.com/1194583 https://bugzilla.suse.com/1194585 https://bugzilla.suse.com/1194586 https://bugzilla.suse.com/1194625 https://bugzilla.suse.com/1194765 https://bugzilla.suse.com/1194826 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1195099 https://bugzilla.suse.com/1195287 https://bugzilla.suse.com/1195478 https://bugzilla.suse.com/1195482 https://bugzilla.suse.com/1195504 https://bugzilla.suse.com/1195651 https://bugzilla.suse.com/1195668 https://bugzilla.suse.com/1195669 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1195823 https://bugzilla.suse.com/1195826 https://bugzilla.suse.com/1195913 https://bugzilla.suse.com/1195915 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1195944 https://bugzilla.suse.com/1195957 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196114 https://bugzilla.suse.com/1196130 https://bugzilla.suse.com/1196213 https://bugzilla.suse.com/1196306 https://bugzilla.suse.com/1196367 https://bugzilla.suse.com/1196400 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1196723 https://bugzilla.suse.com/1196779 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196866 https://bugzilla.suse.com/1196868 https://bugzilla.suse.com/1196869 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1196930 https://bugzilla.suse.com/1196942 https://bugzilla.suse.com/1196960 https://bugzilla.suse.com/1197016 https://bugzilla.suse.com/1197157 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197243 https://bugzilla.suse.com/1197292 https://bugzilla.suse.com/1197302 https://bugzilla.suse.com/1197303 https://bugzilla.suse.com/1197304 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1197386 https://bugzilla.suse.com/1197501 https://bugzilla.suse.com/1197601 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197761 https://bugzilla.suse.com/1197817 https://bugzilla.suse.com/1197819 https://bugzilla.suse.com/1197820 https://bugzilla.suse.com/1197888 https://bugzilla.suse.com/1197889 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1197915 https://bugzilla.suse.com/1197917 https://bugzilla.suse.com/1197918 https://bugzilla.suse.com/1197920 https://bugzilla.suse.com/1197921 https://bugzilla.suse.com/1197922 https://bugzilla.suse.com/1197926 https://bugzilla.suse.com/1198009 https://bugzilla.suse.com/1198010 https://bugzilla.suse.com/1198012 https://bugzilla.suse.com/1198013 https://bugzilla.suse.com/1198014 https://bugzilla.suse.com/1198015 https://bugzilla.suse.com/1198016 https://bugzilla.suse.com/1198017 https://bugzilla.suse.com/1198018 https://bugzilla.suse.com/1198019 https://bugzilla.suse.com/1198020 https://bugzilla.suse.com/1198021 https://bugzilla.suse.com/1198022 https://bugzilla.suse.com/1198023 https://bugzilla.suse.com/1198024 https://bugzilla.suse.com/1198027 https://bugzilla.suse.com/1198030 https://bugzilla.suse.com/1198034 https://bugzilla.suse.com/1198058 https://bugzilla.suse.com/1198217 https://bugzilla.suse.com/1198379 https://bugzilla.suse.com/1198400 https://bugzilla.suse.com/1198402 https://bugzilla.suse.com/1198412 https://bugzilla.suse.com/1198413 https://bugzilla.suse.com/1198438 https://bugzilla.suse.com/1198484 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198585 https://bugzilla.suse.com/1198660 https://bugzilla.suse.com/1198802 https://bugzilla.suse.com/1198803 https://bugzilla.suse.com/1198806 https://bugzilla.suse.com/1198811 https://bugzilla.suse.com/1198826 https://bugzilla.suse.com/1198835 https://bugzilla.suse.com/1198968 https://bugzilla.suse.com/1198971 https://bugzilla.suse.com/1199011 https://bugzilla.suse.com/1199024 https://bugzilla.suse.com/1199035 https://bugzilla.suse.com/1199046 https://bugzilla.suse.com/1199052 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199163 https://bugzilla.suse.com/1199173 https://bugzilla.suse.com/1199260 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199390 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199433 https://bugzilla.suse.com/1199439 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199611 https://bugzilla.suse.com/1199626 https://bugzilla.suse.com/1199631 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1199674 https://bugzilla.suse.com/1199736 https://bugzilla.suse.com/1199793 https://bugzilla.suse.com/1199839 https://bugzilla.suse.com/1199875 https://bugzilla.suse.com/1199909 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200019 https://bugzilla.suse.com/1200045 https://bugzilla.suse.com/1200046 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200205 https://bugzilla.suse.com/1200211 https://bugzilla.suse.com/1200259 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200284 https://bugzilla.suse.com/1200315 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200420 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200475 https://bugzilla.suse.com/1200502 https://bugzilla.suse.com/1200567 https://bugzilla.suse.com/1200569 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200572 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200611 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200763 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200808 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200812 https://bugzilla.suse.com/1200815 https://bugzilla.suse.com/1200816 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200824 https://bugzilla.suse.com/1200825 https://bugzilla.suse.com/1200827 https://bugzilla.suse.com/1200828 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200830 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1200882 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201160 https://bugzilla.suse.com/1201171 https://bugzilla.suse.com/1201177 https://bugzilla.suse.com/1201193 https://bugzilla.suse.com/1201196 https://bugzilla.suse.com/1201218 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201228 https://bugzilla.suse.com/1201251 https://bugzilla.suse.com/150300 From sle-updates at lists.suse.com Mon Aug 1 13:44:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:44:21 +0200 (CEST) Subject: SUSE-SU-2022:2608-1: important: Security update for booth Message-ID: <20220801134421.E59FFFCED@maintenance.suse.de> SUSE Security Update: Security update for booth ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2608-1 Rating: important References: #1201946 Cross-References: CVE-2022-2553 CVSS scores: CVE-2022-2553 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2608=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2608=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): booth-1.0-150300.18.3.1 booth-debuginfo-1.0-150300.18.3.1 booth-debugsource-1.0-150300.18.3.1 booth-test-1.0-150300.18.3.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): booth-1.0-150300.18.3.1 booth-debuginfo-1.0-150300.18.3.1 booth-debugsource-1.0-150300.18.3.1 References: https://www.suse.com/security/cve/CVE-2022-2553.html https://bugzilla.suse.com/1201946 From sle-updates at lists.suse.com Mon Aug 1 13:44:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:44:59 +0200 (CEST) Subject: SUSE-SU-2022:2606-1: important: Security update for booth Message-ID: <20220801134459.F3FF8FCED@maintenance.suse.de> SUSE Security Update: Security update for booth ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2606-1 Rating: important References: #1201946 Cross-References: CVE-2022-2553 CVSS scores: CVE-2022-2553 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2606=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2606=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): booth-1.0-150100.11.3.1 booth-debuginfo-1.0-150100.11.3.1 booth-debugsource-1.0-150100.11.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): booth-1.0-150100.11.3.1 booth-debuginfo-1.0-150100.11.3.1 booth-debugsource-1.0-150100.11.3.1 References: https://www.suse.com/security/cve/CVE-2022-2553.html https://bugzilla.suse.com/1201946 From sle-updates at lists.suse.com Mon Aug 1 13:45:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:45:48 +0200 (CEST) Subject: SUSE-SU-2022:2611-1: important: Security update for MozillaFirefox Message-ID: <20220801134548.24A7DFCED@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2611-1 Rating: important References: #1201758 Cross-References: CVE-2022-36318 CVE-2022-36319 CVSS scores: CVE-2022-36318 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-36319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.12.0 ESR (bsc#1201758): - CVE-2022-36319: Mouse Position spoofing with CSS transforms - CVE-2022-36318: Directory indexes for bundled resources reflected URL parameters Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2611=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2611=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2611=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2611=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2611=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2611=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2611=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2611=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2611=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2611=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2611=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2611=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2611=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-branding-upstream-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-branding-upstream-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.12.0-150200.152.53.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.12.0-150200.152.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.12.0-150200.152.53.1 MozillaFirefox-debuginfo-91.12.0-150200.152.53.1 MozillaFirefox-debugsource-91.12.0-150200.152.53.1 MozillaFirefox-devel-91.12.0-150200.152.53.1 MozillaFirefox-translations-common-91.12.0-150200.152.53.1 MozillaFirefox-translations-other-91.12.0-150200.152.53.1 References: https://www.suse.com/security/cve/CVE-2022-36318.html https://www.suse.com/security/cve/CVE-2022-36319.html https://bugzilla.suse.com/1201758 From sle-updates at lists.suse.com Mon Aug 1 13:46:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:46:37 +0200 (CEST) Subject: SUSE-SU-2022:2618-1: important: Security update for dovecot22 Message-ID: <20220801134637.2E992FCED@maintenance.suse.de> SUSE Security Update: Security update for dovecot22 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2618-1 Rating: important References: #1201267 Cross-References: CVE-2022-30550 CVSS scores: CVE-2022-30550 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30550 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dovecot22 fixes the following issues: - CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2618=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2618=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2618=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2618=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2618=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2618=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2618=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2618=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dovecot22-2.2.31-19.29.1 dovecot22-backend-mysql-2.2.31-19.29.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.29.1 dovecot22-backend-pgsql-2.2.31-19.29.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.29.1 dovecot22-backend-sqlite-2.2.31-19.29.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.29.1 dovecot22-debuginfo-2.2.31-19.29.1 dovecot22-debugsource-2.2.31-19.29.1 - SUSE OpenStack Cloud 9 (x86_64): dovecot22-2.2.31-19.29.1 dovecot22-backend-mysql-2.2.31-19.29.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.29.1 dovecot22-backend-pgsql-2.2.31-19.29.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.29.1 dovecot22-backend-sqlite-2.2.31-19.29.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.29.1 dovecot22-debuginfo-2.2.31-19.29.1 dovecot22-debugsource-2.2.31-19.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): dovecot22-debuginfo-2.2.31-19.29.1 dovecot22-debugsource-2.2.31-19.29.1 dovecot22-devel-2.2.31-19.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dovecot22-2.2.31-19.29.1 dovecot22-backend-mysql-2.2.31-19.29.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.29.1 dovecot22-backend-pgsql-2.2.31-19.29.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.29.1 dovecot22-backend-sqlite-2.2.31-19.29.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.29.1 dovecot22-debuginfo-2.2.31-19.29.1 dovecot22-debugsource-2.2.31-19.29.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.29.1 dovecot22-backend-mysql-2.2.31-19.29.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.29.1 dovecot22-backend-pgsql-2.2.31-19.29.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.29.1 dovecot22-backend-sqlite-2.2.31-19.29.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.29.1 dovecot22-debuginfo-2.2.31-19.29.1 dovecot22-debugsource-2.2.31-19.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): dovecot22-2.2.31-19.29.1 dovecot22-backend-mysql-2.2.31-19.29.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.29.1 dovecot22-backend-pgsql-2.2.31-19.29.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.29.1 dovecot22-backend-sqlite-2.2.31-19.29.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.29.1 dovecot22-debuginfo-2.2.31-19.29.1 dovecot22-debugsource-2.2.31-19.29.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dovecot22-2.2.31-19.29.1 dovecot22-backend-mysql-2.2.31-19.29.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.29.1 dovecot22-backend-pgsql-2.2.31-19.29.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.29.1 dovecot22-backend-sqlite-2.2.31-19.29.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.29.1 dovecot22-debuginfo-2.2.31-19.29.1 dovecot22-debugsource-2.2.31-19.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dovecot22-2.2.31-19.29.1 dovecot22-backend-mysql-2.2.31-19.29.1 dovecot22-backend-mysql-debuginfo-2.2.31-19.29.1 dovecot22-backend-pgsql-2.2.31-19.29.1 dovecot22-backend-pgsql-debuginfo-2.2.31-19.29.1 dovecot22-backend-sqlite-2.2.31-19.29.1 dovecot22-backend-sqlite-debuginfo-2.2.31-19.29.1 dovecot22-debuginfo-2.2.31-19.29.1 dovecot22-debugsource-2.2.31-19.29.1 References: https://www.suse.com/security/cve/CVE-2022-30550.html https://bugzilla.suse.com/1201267 From sle-updates at lists.suse.com Mon Aug 1 13:47:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:47:17 +0200 (CEST) Subject: SUSE-SU-2022:2610-1: important: Security update for java-11-openjdk Message-ID: <20220801134717.4C4E3FCED@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2610-1 Rating: important References: #1201684 #1201692 #1201694 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-34169 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2610=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.16.0-3.46.1 java-11-openjdk-debugsource-11.0.16.0-3.46.1 java-11-openjdk-demo-11.0.16.0-3.46.1 java-11-openjdk-devel-11.0.16.0-3.46.1 java-11-openjdk-headless-11.0.16.0-3.46.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-34169.html https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 From sle-updates at lists.suse.com Mon Aug 1 13:48:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:48:02 +0200 (CEST) Subject: SUSE-SU-2022:2607-1: important: Security update for booth Message-ID: <20220801134802.CB968FCED@maintenance.suse.de> SUSE Security Update: Security update for booth ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2607-1 Rating: important References: #1201946 Cross-References: CVE-2022-2553 CVSS scores: CVE-2022-2553 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for booth fixes the following issues: - CVE-2022-2553: authfile directive in booth config file is completely ignored (bsc#1201946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2607=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): booth-1.0-150000.6.3.1 booth-debuginfo-1.0-150000.6.3.1 booth-debugsource-1.0-150000.6.3.1 References: https://www.suse.com/security/cve/CVE-2022-2553.html https://bugzilla.suse.com/1201946 From sle-updates at lists.suse.com Mon Aug 1 13:48:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 15:48:43 +0200 (CEST) Subject: SUSE-RU-2022:2613-1: moderate: Recommended update for python-parallax Message-ID: <20220801134843.E7FBAFCED@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-parallax ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2613-1 Rating: moderate References: #1200833 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-parallax fixes the following issues: - Don't use ssh if a command is running on local (bsc#1200833) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2613=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2613=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2613=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2613=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2613=1 Package List: - openSUSE Leap 15.4 (noarch): python3-parallax-1.0.6-150200.4.6.1 - openSUSE Leap 15.3 (noarch): python2-parallax-1.0.6-150200.4.6.1 python3-parallax-1.0.6-150200.4.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): python3-parallax-1.0.6-150200.4.6.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): python3-parallax-1.0.6-150200.4.6.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): python3-parallax-1.0.6-150200.4.6.1 References: https://bugzilla.suse.com/1200833 From sle-updates at lists.suse.com Mon Aug 1 19:15:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 21:15:12 +0200 (CEST) Subject: SUSE-SU-2022:2620-1: moderate: Security update for gimp Message-ID: <20220801191512.D107DFDCF@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2620-1 Rating: moderate References: #1199653 Cross-References: CVE-2022-30067 CVSS scores: CVE-2022-30067 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-30067 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gimp fixes the following issues: - CVE-2022-30067: Fixed uncontrolled memory consumption via crafted XCF file (bsc#1199653). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2620=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2620=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2620=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gimp-plugins-python-2.10.12-150200.3.9.1 gimp-plugins-python-debuginfo-2.10.12-150200.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gimp-plugins-python-2.10.12-150200.3.9.1 gimp-plugins-python-debuginfo-2.10.12-150200.3.9.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gimp-plugins-python-2.10.12-150200.3.9.1 gimp-plugins-python-debuginfo-2.10.12-150200.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-30067.html https://bugzilla.suse.com/1199653 From sle-updates at lists.suse.com Mon Aug 1 19:15:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 1 Aug 2022 21:15:44 +0200 (CEST) Subject: SUSE-SU-2022:2619-1: moderate: Security update for gimp Message-ID: <20220801191544.C8ADBFDCF@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2619-1 Rating: moderate References: #1199653 Cross-References: CVE-2022-30067 CVSS scores: CVE-2022-30067 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-30067 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gimp fixes the following issues: - CVE_2022-30067: Fixed an out of memory when reading. (bsc#1199653) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2619=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2619=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2619=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gimp-2.10.30-150400.3.3.1 gimp-debuginfo-2.10.30-150400.3.3.1 gimp-debugsource-2.10.30-150400.3.3.1 gimp-devel-2.10.30-150400.3.3.1 gimp-devel-debuginfo-2.10.30-150400.3.3.1 gimp-plugin-aa-2.10.30-150400.3.3.1 gimp-plugin-aa-debuginfo-2.10.30-150400.3.3.1 libgimp-2_0-0-2.10.30-150400.3.3.1 libgimp-2_0-0-debuginfo-2.10.30-150400.3.3.1 libgimpui-2_0-0-2.10.30-150400.3.3.1 libgimpui-2_0-0-debuginfo-2.10.30-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libgimp-2_0-0-32bit-2.10.30-150400.3.3.1 libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.3.1 libgimpui-2_0-0-32bit-2.10.30-150400.3.3.1 libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.3.1 - openSUSE Leap 15.4 (noarch): gimp-lang-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): gimp-2.10.30-150400.3.3.1 gimp-debuginfo-2.10.30-150400.3.3.1 gimp-debugsource-2.10.30-150400.3.3.1 gimp-devel-2.10.30-150400.3.3.1 gimp-devel-debuginfo-2.10.30-150400.3.3.1 libgimp-2_0-0-2.10.30-150400.3.3.1 libgimp-2_0-0-debuginfo-2.10.30-150400.3.3.1 libgimpui-2_0-0-2.10.30-150400.3.3.1 libgimpui-2_0-0-debuginfo-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): gimp-lang-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): gimp-debuginfo-2.10.30-150400.3.3.1 gimp-debugsource-2.10.30-150400.3.3.1 libgimp-2_0-0-2.10.30-150400.3.3.1 libgimp-2_0-0-debuginfo-2.10.30-150400.3.3.1 libgimpui-2_0-0-2.10.30-150400.3.3.1 libgimpui-2_0-0-debuginfo-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64): gimp-2.10.30-150400.3.3.1 gimp-devel-2.10.30-150400.3.3.1 gimp-devel-debuginfo-2.10.30-150400.3.3.1 gimp-plugin-aa-2.10.30-150400.3.3.1 gimp-plugin-aa-debuginfo-2.10.30-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): gimp-lang-2.10.30-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-30067.html https://bugzilla.suse.com/1199653 From sle-updates at lists.suse.com Tue Aug 2 07:31:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 09:31:58 +0200 (CEST) Subject: SUSE-CU-2022:1712-1: Recommended update of suse/sle15 Message-ID: <20220802073158.428BCFCED@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1712-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.648 Container Release : 6.2.648 Severity : moderate Type : recommended References : 1194550 1197684 1199042 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2571-1 Released: Thu Jul 28 04:20:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well The following package changes have been done: - libzypp-17.30.2-150100.3.81.1 updated - zypper-1.14.53-150100.3.58.1 updated From sle-updates at lists.suse.com Tue Aug 2 07:47:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 09:47:36 +0200 (CEST) Subject: SUSE-CU-2022:1713-1: Recommended update of suse/sle15 Message-ID: <20220802074736.C05A6FCED@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1713-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.168 Container Release : 9.5.168 Severity : moderate Type : recommended References : 1194550 1197684 1199042 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well The following package changes have been done: - libzypp-17.30.2-150200.39.1 updated - zypper-1.14.53-150200.33.1 updated From sle-updates at lists.suse.com Tue Aug 2 07:50:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 09:50:06 +0200 (CEST) Subject: SUSE-CU-2022:1714-1: Security update of bci/bci-minimal Message-ID: <20220802075006.696AEFCED@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1714-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.29.28 Container Release : 29.28 Severity : moderate Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. The following package changes have been done: - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - container:micro-image-15.3.0-19.11 updated From sle-updates at lists.suse.com Tue Aug 2 07:55:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 09:55:03 +0200 (CEST) Subject: SUSE-CU-2022:1715-1: Security update of bci/nodejs Message-ID: <20220802075503.C2610FCED@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1715-1 Container Tags : bci/node:12 , bci/node:12-16.122 , bci/nodejs:12 , bci/nodejs:12-16.122 Container Release : 16.122 Severity : moderate Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. The following package changes have been done: - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - container:sles15-image-15.0.0-17.20.8 updated From sle-updates at lists.suse.com Tue Aug 2 07:59:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 09:59:20 +0200 (CEST) Subject: SUSE-CU-2022:1716-1: Security update of bci/python Message-ID: <20220802075920.8C43CFCED@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1716-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.43 Container Release : 18.43 Severity : moderate Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. The following package changes have been done: - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - container:sles15-image-15.0.0-17.20.8 updated From sle-updates at lists.suse.com Tue Aug 2 08:08:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 10:08:47 +0200 (CEST) Subject: SUSE-CU-2022:1717-1: Security update of suse/sle15 Message-ID: <20220802080847.79D2BFCED@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1717-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.8 , suse/sle15:15.3 , suse/sle15:15.3.17.20.8 Container Release : 17.20.8 Severity : moderate Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 1194550 1197684 1199042 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. The following package changes have been done: - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libzypp-17.30.2-150200.39.1 updated - zypper-1.14.53-150200.33.1 updated From sle-updates at lists.suse.com Tue Aug 2 08:18:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 10:18:07 +0200 (CEST) Subject: SUSE-CU-2022:1730-1: Security update of bci/openjdk Message-ID: <20220802081807.46E20FCED@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1730-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.27 , bci/openjdk:latest Container Release : 12.27 Severity : important Type : security References : 1192079 1192080 1192086 1192087 1192228 1198486 1200027 CVE-2022-31741 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2595-1 Released: Fri Jul 29 16:00:42 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) The following package changes have been done: - libfreebl3-3.79-150400.3.7.1 updated - libfreebl3-hmac-3.79-150400.3.7.1 updated - mozilla-nss-certs-3.79-150400.3.7.1 updated - libsoftokn3-3.79-150400.3.7.1 updated - mozilla-nss-3.79-150400.3.7.1 updated - libsoftokn3-hmac-3.79-150400.3.7.1 updated - container:sles15-image-15.0.0-27.11.7 updated From sle-updates at lists.suse.com Tue Aug 2 13:15:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 15:15:33 +0200 (CEST) Subject: SUSE-SU-2022:2621-1: moderate: Security update for samba Message-ID: <20220802131533.04B0AFCED@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2621-1 Rating: moderate References: #1201496 Cross-References: CVE-2022-32742 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bso#15085) (bsc#1201496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2621=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2621=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2621=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2621=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2621=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2621=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2621=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2621=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsamba-policy-python-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - openSUSE Leap 15.4 (x86_64): libsamba-policy0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-python3-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-core-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debugsource-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-python3-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-core-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debugsource-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libdcerpc-binding0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-python3-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-core-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debugsource-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-python3-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-core-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debugsource-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-python3-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-core-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debugsource-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.490.e80cf669f50-150100.3.70.1 ctdb-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debugsource-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-python3-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ceph-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ceph-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-core-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debugsource-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE Enterprise Storage 6 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 - SUSE CaaS Platform 4.0 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-binding0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc-samr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libdcerpc0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-krb5pac0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-nbt0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr-standard0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libndr0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libnetapi0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-credentials0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-errors0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-hostconfig0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-passdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy-python3-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-policy0-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamba-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsamdb0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbconf0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-4.9.5+git.490.e80cf669f50-150100.3.70.1 libsmbldap2-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libtevent-util0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-4.9.5+git.490.e80cf669f50-150100.3.70.1 libwbclient0-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-ad-dc-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-client-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-core-devel-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-debugsource-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-dsdb-modules-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-libs-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-python3-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-32bit-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-4.9.5+git.490.e80cf669f50-150100.3.70.1 samba-winbind-debuginfo-4.9.5+git.490.e80cf669f50-150100.3.70.1 References: https://www.suse.com/security/cve/CVE-2022-32742.html https://bugzilla.suse.com/1201496 From sle-updates at lists.suse.com Tue Aug 2 13:16:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 15:16:10 +0200 (CEST) Subject: SUSE-RU-2022:2625-1: important: Recommended update for dracut Message-ID: <20220802131610.C32B2FCED@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2625-1 Rating: important References: #1177461 #1184970 #1187654 #1195047 #1195508 #1195604 #1196267 #1197635 #1197967 #1200236 #1200251 #1200360 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 12 recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236) - fix(bluetooth): make hostonly configuration files optional (bsc#1195047) - fix(convertfs): ignore commented lines in fstab (bsc#1200251) - fix(crypt): remove quotes from cryptsetupopts (bsc#1197635) - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) - fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267) - fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604) - fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360) - fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2625=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2625=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dracut-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-debuginfo-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-debugsource-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-extra-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-fips-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-ima-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-mkinitrd-deprecated-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-tools-055+suse.279.g3b3c36b2-150400.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dracut-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-debuginfo-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-debugsource-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-fips-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-ima-055+suse.279.g3b3c36b2-150400.3.5.1 dracut-mkinitrd-deprecated-055+suse.279.g3b3c36b2-150400.3.5.1 References: https://bugzilla.suse.com/1177461 https://bugzilla.suse.com/1184970 https://bugzilla.suse.com/1187654 https://bugzilla.suse.com/1195047 https://bugzilla.suse.com/1195508 https://bugzilla.suse.com/1195604 https://bugzilla.suse.com/1196267 https://bugzilla.suse.com/1197635 https://bugzilla.suse.com/1197967 https://bugzilla.suse.com/1200236 https://bugzilla.suse.com/1200251 https://bugzilla.suse.com/1200360 From sle-updates at lists.suse.com Tue Aug 2 13:18:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 15:18:01 +0200 (CEST) Subject: SUSE-SU-2022:2622-1: important: Security update for drbd Message-ID: <20220802131801.94104FCED@maintenance.suse.de> SUSE Security Update: Security update for drbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2622-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-2622=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): drbd-kmp-rt-9.0.14+git.62f906cf_k4.12.14_10.89-4.8.5 drbd-kmp-rt-debuginfo-9.0.14+git.62f906cf_k4.12.14_10.89-4.8.5 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Tue Aug 2 16:16:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 18:16:05 +0200 (CEST) Subject: SUSE-RU-2022:2628-1: important: Recommended update for apparmor Message-ID: <20220802161605.45C78FCED@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2628-1 Rating: important References: #1195463 #1196850 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for apparmor fixes the following issues: - Add new rule to fix reported "DENIED" audit records with Apparmor profile "usr.sbin.smbd" (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2628=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2628=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2628=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2628=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2628=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.13.6-150300.3.15.1 apache2-mod_apparmor-debuginfo-2.13.6-150300.3.15.1 apparmor-debugsource-2.13.6-150300.3.15.1 apparmor-parser-2.13.6-150300.3.15.1 apparmor-parser-debuginfo-2.13.6-150300.3.15.1 libapparmor-debugsource-2.13.6-150300.3.15.1 libapparmor-devel-2.13.6-150300.3.15.1 libapparmor1-2.13.6-150300.3.15.1 libapparmor1-debuginfo-2.13.6-150300.3.15.1 pam_apparmor-2.13.6-150300.3.15.1 pam_apparmor-debuginfo-2.13.6-150300.3.15.1 perl-apparmor-2.13.6-150300.3.15.1 perl-apparmor-debuginfo-2.13.6-150300.3.15.1 python3-apparmor-2.13.6-150300.3.15.1 python3-apparmor-debuginfo-2.13.6-150300.3.15.1 ruby-apparmor-2.13.6-150300.3.15.1 ruby-apparmor-debuginfo-2.13.6-150300.3.15.1 - openSUSE Leap 15.3 (x86_64): libapparmor1-32bit-2.13.6-150300.3.15.1 libapparmor1-32bit-debuginfo-2.13.6-150300.3.15.1 pam_apparmor-32bit-2.13.6-150300.3.15.1 pam_apparmor-32bit-debuginfo-2.13.6-150300.3.15.1 - openSUSE Leap 15.3 (noarch): apparmor-abstractions-2.13.6-150300.3.15.1 apparmor-docs-2.13.6-150300.3.15.1 apparmor-parser-lang-2.13.6-150300.3.15.1 apparmor-profiles-2.13.6-150300.3.15.1 apparmor-utils-2.13.6-150300.3.15.1 apparmor-utils-lang-2.13.6-150300.3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.13.6-150300.3.15.1 apache2-mod_apparmor-debuginfo-2.13.6-150300.3.15.1 apparmor-debugsource-2.13.6-150300.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.13.6-150300.3.15.1 apparmor-parser-2.13.6-150300.3.15.1 apparmor-parser-debuginfo-2.13.6-150300.3.15.1 libapparmor-debugsource-2.13.6-150300.3.15.1 libapparmor-devel-2.13.6-150300.3.15.1 libapparmor1-2.13.6-150300.3.15.1 libapparmor1-debuginfo-2.13.6-150300.3.15.1 pam_apparmor-2.13.6-150300.3.15.1 pam_apparmor-debuginfo-2.13.6-150300.3.15.1 perl-apparmor-2.13.6-150300.3.15.1 perl-apparmor-debuginfo-2.13.6-150300.3.15.1 python3-apparmor-2.13.6-150300.3.15.1 python3-apparmor-debuginfo-2.13.6-150300.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): apparmor-abstractions-2.13.6-150300.3.15.1 apparmor-docs-2.13.6-150300.3.15.1 apparmor-parser-lang-2.13.6-150300.3.15.1 apparmor-profiles-2.13.6-150300.3.15.1 apparmor-utils-2.13.6-150300.3.15.1 apparmor-utils-lang-2.13.6-150300.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libapparmor1-32bit-2.13.6-150300.3.15.1 libapparmor1-32bit-debuginfo-2.13.6-150300.3.15.1 pam_apparmor-32bit-2.13.6-150300.3.15.1 pam_apparmor-32bit-debuginfo-2.13.6-150300.3.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): apparmor-debugsource-2.13.6-150300.3.15.1 apparmor-parser-2.13.6-150300.3.15.1 apparmor-parser-debuginfo-2.13.6-150300.3.15.1 libapparmor-debugsource-2.13.6-150300.3.15.1 libapparmor1-2.13.6-150300.3.15.1 libapparmor1-debuginfo-2.13.6-150300.3.15.1 pam_apparmor-2.13.6-150300.3.15.1 pam_apparmor-debuginfo-2.13.6-150300.3.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): apparmor-debugsource-2.13.6-150300.3.15.1 apparmor-parser-2.13.6-150300.3.15.1 apparmor-parser-debuginfo-2.13.6-150300.3.15.1 libapparmor-debugsource-2.13.6-150300.3.15.1 libapparmor1-2.13.6-150300.3.15.1 libapparmor1-debuginfo-2.13.6-150300.3.15.1 pam_apparmor-2.13.6-150300.3.15.1 pam_apparmor-debuginfo-2.13.6-150300.3.15.1 - SUSE Linux Enterprise Micro 5.1 (noarch): apparmor-abstractions-2.13.6-150300.3.15.1 References: https://bugzilla.suse.com/1195463 https://bugzilla.suse.com/1196850 From sle-updates at lists.suse.com Tue Aug 2 16:16:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 18:16:47 +0200 (CEST) Subject: SUSE-RU-2022:2626-1: important: Recommended update for openCryptoki Message-ID: <20220802161647.9A4C9FCED@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2626-1 Rating: important References: #1199862 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openCryptoki fixes the following issues: - Add the installation of the configuration file p11sak_defined_attrs.conf (bsc#1199862) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2626=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2626=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): openCryptoki-3.17.0-150400.4.3.1 openCryptoki-64bit-3.17.0-150400.4.3.1 openCryptoki-64bit-debuginfo-3.17.0-150400.4.3.1 openCryptoki-debuginfo-3.17.0-150400.4.3.1 openCryptoki-debugsource-3.17.0-150400.4.3.1 openCryptoki-devel-3.17.0-150400.4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): openCryptoki-3.17.0-150400.4.3.1 openCryptoki-debuginfo-3.17.0-150400.4.3.1 openCryptoki-debugsource-3.17.0-150400.4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (ppc64le s390x x86_64): openCryptoki-devel-3.17.0-150400.4.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (ppc64le s390x): openCryptoki-64bit-3.17.0-150400.4.3.1 openCryptoki-64bit-debuginfo-3.17.0-150400.4.3.1 References: https://bugzilla.suse.com/1199862 From sle-updates at lists.suse.com Tue Aug 2 16:17:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 18:17:21 +0200 (CEST) Subject: SUSE-RU-2022:2627-1: important: Recommended update for apparmor Message-ID: <20220802161721.CD59CFCED@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2627-1 Rating: important References: #1195463 #1196850 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for apparmor fixes the following issues: - Add new rule to fix reported "DENIED" audit records with Apparmor profile "usr.sbin.smbd" (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2627=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2627=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apparmor-debugsource-2.8.2-56.9.1 libapparmor-devel-2.8.2-56.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.8.2-56.9.1 apache2-mod_apparmor-debuginfo-2.8.2-56.9.1 apparmor-debugsource-2.8.2-56.9.1 apparmor-parser-2.8.2-56.9.1 apparmor-parser-debuginfo-2.8.2-56.9.1 libapparmor1-2.8.2-56.9.1 libapparmor1-debuginfo-2.8.2-56.9.1 pam_apparmor-2.8.2-56.9.1 perl-apparmor-2.8.2-56.9.1 perl-apparmor-debuginfo-2.8.2-56.9.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): pam_apparmor-debuginfo-2.8.2-56.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libapparmor1-32bit-2.8.2-56.9.1 libapparmor1-debuginfo-32bit-2.8.2-56.9.1 pam_apparmor-32bit-2.8.2-56.9.1 pam_apparmor-debuginfo-32bit-2.8.2-56.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apparmor-docs-2.8.2-56.9.1 apparmor-profiles-2.8.2-56.9.1 apparmor-utils-2.8.2-56.9.1 References: https://bugzilla.suse.com/1195463 https://bugzilla.suse.com/1196850 From sle-updates at lists.suse.com Tue Aug 2 19:15:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 2 Aug 2022 21:15:29 +0200 (CEST) Subject: SUSE-SU-2022:2629-1: important: Security update for the Linux Kernel Message-ID: <20220802191529.8D1ACFCED@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2629-1 Rating: important References: #1024718 #1055117 #1061840 #1065729 #1129770 #1158266 #1177282 #1188885 #1194013 #1194124 #1196426 #1196570 #1196901 #1196964 #1197170 #1197219 #1197601 #1198438 #1198577 #1198866 #1198899 #1199035 #1199063 #1199237 #1199239 #1199314 #1199399 #1199426 #1199482 #1199487 #1199505 #1199507 #1199526 #1199605 #1199631 #1199650 #1199657 #1199671 #1199839 #1200015 #1200045 #1200143 #1200144 #1200173 #1200249 #1200343 #1200549 #1200571 #1200599 #1200600 #1200604 #1200605 #1200608 #1200619 #1200762 #1200806 #1200807 #1200809 #1200810 #1200813 #1200820 #1200821 #1200822 #1200829 #1200868 #1200869 #1200870 #1200871 #1200872 #1200873 #1200925 #1201050 #1201080 #1201251 Cross-References: CVE-2019-19377 CVE-2020-26541 CVE-2021-26341 CVE-2021-33061 CVE-2021-39711 CVE-2021-4157 CVE-2022-1012 CVE-2022-1184 CVE-2022-1652 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1836 CVE-2022-1966 CVE-2022-1974 CVE-2022-1975 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVSS scores: CVE-2019-19377 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-19377 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-33061 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33061 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-39711 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVE-2021-39711 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1729 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1836 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1966 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1966 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1974 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-1975 (SUSE): 4.5 CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-21127 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21127 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21180 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-21180 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21499 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-21499 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-30594 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-30594 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 33 vulnerabilities and has 41 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bsc#1177282) - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via Spectre like attacks (bsc#1199650). - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via Spectre like attacks (bsc#1199650). - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via Spectre like attacks (bsc#1199650). - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via Spectre like attacks (bsc#1199650). - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via Spectre like attacks (bsc#1199650). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143) - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1836: Fixed a bug in the floppy submodule disabling FDRAWCMD by default. (bsc#1198866) - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-39711: In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1197219). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). The following non-security bugs were fixed: - ACPI: property: Release subnode properties with data nodes (git-fixes). - arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes) - arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes) - arm64: avoid fixmap race condition when create pud mapping (git-fixes) - arm64: avoid -Woverride-init warning (git-fixes) - arm64: berlin: Select DW_APB_TIMER_OF (git-fixes) Update arm64 default config too. - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes). - arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes) - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes) - arm64: csum: Fix handling of bad packets (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes) - arm64: futex: Restore oldval initialization to work around buggy (git-fixes) - arm64: hibernate: check pgd table allocation (git-fixes) - arm64: hugetlb: avoid potential NULL dereference (git-fixes) - arm64: hw_breakpoint: Do not invoke overflow handler on uaccess (git-fixes) - arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes) - arm64: kdump: update ppos when reading elfcorehdr (git-fixes) - arm64: kgdb: Fix single-step exception handling oops (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes) - arm64: smp: fix smp_send_stop() behaviour (git-fixes) - arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - audit: fix a race condition with the auditd tracking code (bsc#1197170). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - bnxt_en: Remove the setting of dev_port (git-fixes). - bonding: fix bond_neigh_init() (git-fixes). - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bsc#1199399). - btrfs: tree-checker: fix incorrect printk format (bsc#1200249). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: ixp4xx - dma_unmap the correct address (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (bsc#1197601). - crypto: virtio - deal with unsupported input sizes (git-fixes). - crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable "count" signed (bsc#1200820). - fs-writeback: writeback_sb_inodes Recalculate 'wrote' according skipped pages (bsc#1200873). - i40e: always propagate error value in i40e_set_vsi_promisc() (git-fixes). - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes). - i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc (git-fixes). - i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (git-fixes). - i40e: Fix virtchnl_queue_select bitmap validation (git-fixes). - i40e: Refactoring VF MAC filters counting to make more reliable (git-fixes). - i40e: Remove scheduling while atomic possibility (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - iavf: Fix incorrect adapter get in iavf_resume (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: aiptek - properly check endpoint type (git-fixes). - Input: appletouch - initialize work before device registration (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - Input: spaceball - fix parsing of movement data packets (git-fixes). - Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes). - Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - iomap: iomap_write_failed fix (bsc#1200829). - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - kvm: fix wrong exception emulation in check_rdtsc (git-fixes). - kvm: i8254: remove redundant assignment to pointer s (git-fixes). - KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: PPC: Propagate errors to the guest when failed instead of ignoring (bsc#1061840 git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: x86: Allocate new rmap and large page tracking when moving memslot (git-fixes). - KVM: x86: always stop emulation on page fault (git-fixes). - KVM: x86: clear stale x86_emulate_ctxt->intercept value (git-fixes). - KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: do not modify masked bits of shared MSRs (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes). - KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform (git-fixes). - KVM: x86: Fix x86_decode_insn() return when fetching insn bytes fails (git-fixes). - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails (git-fixes). - kvm: x86: Improve emulation of CPUID leaves 0BH and 1FH (git-fixes). - KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes). - KVM: x86: Manually calculate reserved bits when loading PDPTRS (git-fixes). - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Treat invalid shadow pages as obsolete (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Remove spurious clearing of async #PF MSR (git-fixes). - KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path (git-fixes). - KVM: x86: remove stale comment from struct x86_emulate_ctxt (git-fixes). - KVM: x86: set ctxt->have_exception in x86_decode_insn() (git-fixes). - KVM: x86: skip populating logical dest map if apic is not sw enabled (git-fixes). - KVM: x86: Trace the original requested CPUID function in kvm_cpuid() (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - lpfc: drop driver update 14.2.0.x The amount of backport changes necessary for due to the refactoring is introducing to much code churn and is likely to introduce regressions. This ends the backport effort to keep the lpfc in sync with mainline. - lpfc: Set default protocol support to FCP only (bsc#1194124 bsc#1198899). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - media: cpia2: fix control-message timeouts (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: dib0700: fix undefined behavior in tuner shutdown (git-fixes). - media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes). - media: em28xx: fix control-message timeouts. - media: flexcop-usb: fix control-message timeouts (git-fixes). - media: mceusb: fix control-message timeouts (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes). - media: pvrusb2: fix control-message timeouts (git-fixes). - media: redrat3: fix control-message timeouts (git-fixes). - media: s2255: fix control-message timeouts (git-fixes). - media: stk1160: fix control-message timeouts (git-fixes). - media: vim2m: Remove surplus name initialization (git-fixes). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - netfilter: conntrack: connection timeout after re-register (bsc#1199035). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - netfilter: nf_tables: disallow non-stateful expression in sets earlier (bsc#1200015). - net/mlx5: Avoid double free of root ns in the error flow path (git-fixes). - net/mlx5e: Replace reciprocal_scale in TX select queue function (git-fixes). - net/mlx5e: Switch to Toeplitz RSS hash by default (git-fixes). - net/mlx5: Fix auto group size calculation (git-fixes). - net: qed: Disable aRFS for NPAR and 100G (git-fixes). - net: qede: Disable aRFS for NPAR and 100G (git-fixes). - net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (git-fixes). - net: stmmac: update rx tail pointer register to fix rx dma hang issue (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI / ACPI: Mark expected switch fall-through (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: Tidy comments (git-fixes). - platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/numa: Prefer node id queried from vphn (bsc#1199237 bsc#1200173 ltc#198329). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc: Remove Power8 DD1 from cputable (bsc#1055117 ltc#159753). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - qed: Enable automatic recovery on error condition (bsc#1196964). - raid5: introduce MD_BROKEN (git-fixes). - s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes). - s390: fix strrchr() implementation (git-fixes). - s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - sched/core: Add __sched tag for io_schedule() (git-fixes) - sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200045). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200045). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - target: remove an incorrect unmap zeroes data deduction (git-fixes). - timekeeping: Really make sure wall_to_monotonic isn't (git-fixes) - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tracing: Fix return value of trace_pid_write() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - USB: storage: karma: fix rio_karma_init return (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (bsc#1129770) - vxlan: fix memleak of fdb (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: stop polling roothubs after shutdown (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-2629=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.94.1 kernel-source-rt-4.12.14-10.94.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.94.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.94.1 dlm-kmp-rt-4.12.14-10.94.1 dlm-kmp-rt-debuginfo-4.12.14-10.94.1 gfs2-kmp-rt-4.12.14-10.94.1 gfs2-kmp-rt-debuginfo-4.12.14-10.94.1 kernel-rt-4.12.14-10.94.1 kernel-rt-base-4.12.14-10.94.1 kernel-rt-base-debuginfo-4.12.14-10.94.1 kernel-rt-debuginfo-4.12.14-10.94.1 kernel-rt-debugsource-4.12.14-10.94.1 kernel-rt-devel-4.12.14-10.94.1 kernel-rt-devel-debuginfo-4.12.14-10.94.1 kernel-rt_debug-4.12.14-10.94.1 kernel-rt_debug-debuginfo-4.12.14-10.94.1 kernel-rt_debug-debugsource-4.12.14-10.94.1 kernel-rt_debug-devel-4.12.14-10.94.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.94.1 kernel-syms-rt-4.12.14-10.94.1 ocfs2-kmp-rt-4.12.14-10.94.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.94.1 References: https://www.suse.com/security/cve/CVE-2019-19377.html https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-33061.html https://www.suse.com/security/cve/CVE-2021-39711.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1012.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1652.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-1729.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-1836.html https://www.suse.com/security/cve/CVE-2022-1966.html https://www.suse.com/security/cve/CVE-2022-1974.html https://www.suse.com/security/cve/CVE-2022-1975.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21123.html https://www.suse.com/security/cve/CVE-2022-21125.html https://www.suse.com/security/cve/CVE-2022-21127.html https://www.suse.com/security/cve/CVE-2022-21166.html https://www.suse.com/security/cve/CVE-2022-21180.html https://www.suse.com/security/cve/CVE-2022-21499.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-30594.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://bugzilla.suse.com/1024718 https://bugzilla.suse.com/1055117 https://bugzilla.suse.com/1061840 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1129770 https://bugzilla.suse.com/1158266 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1194124 https://bugzilla.suse.com/1196426 https://bugzilla.suse.com/1196570 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1196964 https://bugzilla.suse.com/1197170 https://bugzilla.suse.com/1197219 https://bugzilla.suse.com/1197601 https://bugzilla.suse.com/1198438 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198866 https://bugzilla.suse.com/1198899 https://bugzilla.suse.com/1199035 https://bugzilla.suse.com/1199063 https://bugzilla.suse.com/1199237 https://bugzilla.suse.com/1199239 https://bugzilla.suse.com/1199314 https://bugzilla.suse.com/1199399 https://bugzilla.suse.com/1199426 https://bugzilla.suse.com/1199482 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199505 https://bugzilla.suse.com/1199507 https://bugzilla.suse.com/1199526 https://bugzilla.suse.com/1199605 https://bugzilla.suse.com/1199631 https://bugzilla.suse.com/1199650 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1199671 https://bugzilla.suse.com/1199839 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200045 https://bugzilla.suse.com/1200143 https://bugzilla.suse.com/1200144 https://bugzilla.suse.com/1200173 https://bugzilla.suse.com/1200249 https://bugzilla.suse.com/1200343 https://bugzilla.suse.com/1200549 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200600 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200806 https://bugzilla.suse.com/1200807 https://bugzilla.suse.com/1200809 https://bugzilla.suse.com/1200810 https://bugzilla.suse.com/1200813 https://bugzilla.suse.com/1200820 https://bugzilla.suse.com/1200821 https://bugzilla.suse.com/1200822 https://bugzilla.suse.com/1200829 https://bugzilla.suse.com/1200868 https://bugzilla.suse.com/1200869 https://bugzilla.suse.com/1200870 https://bugzilla.suse.com/1200871 https://bugzilla.suse.com/1200872 https://bugzilla.suse.com/1200873 https://bugzilla.suse.com/1200925 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201251 From sle-updates at lists.suse.com Wed Aug 3 07:13:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 09:13:43 +0200 (CEST) Subject: SUSE-CU-2022:1736-1: Security update of ses/7.1/rook/ceph Message-ID: <20220803071343.E9686FDB8@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1736-1 Container Tags : ses/7.1/rook/ceph:1.8.10 , ses/7.1/rook/ceph:1.8.10.0 , ses/7.1/rook/ceph:1.8.10.0.4.5.106 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific Container Release : 4.5.106 Severity : critical Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 1137373 1180065 1181658 1185637 1191908 1192449 1192951 1193659 1194550 1194708 1195157 1195283 1196125 1196490 1196861 1197065 1197443 1197570 1197684 1197718 1197742 1197743 1197771 1197790 1197794 1197846 1198062 1198090 1198114 1198176 1198422 1198435 1198446 1198458 1198507 1198511 1198614 1198723 1198732 1198751 1198766 1198820 1198922 1199042 1199090 1199132 1199140 1199166 1199223 1199224 1199232 1199232 1199240 1199756 1200170 1200278 1200334 1200550 1200735 1200737 1200802 1200855 1200855 1201099 1201225 1201560 1201640 CVE-2015-20107 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-29362 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29217 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 ----------------------------------------------------------------- The container ses/7.1/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1625-1 Released: Tue May 10 15:54:43 2022 Summary: Recommended update for python-python3-saml Type: recommended Severity: moderate References: 1197846 This update for python-python3-saml fixes the following issues: - Update expiry dates for responses. (bsc#1197846) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1720-1 Released: Tue May 17 17:46:03 2022 Summary: Recommended update for python-rtslib-fb Type: recommended Severity: important References: 1199090 This update for python-rtslib-fb fixes the following issues: - Update parameters description. - Enable the 'disable_emulate_legacy_capacity' parameter. (bsc#1199090) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1828-1 Released: Tue May 24 10:47:38 2022 Summary: Recommended update for oath-toolkit Type: recommended Severity: important References: 1197790 This update for oath-toolkit fixes the following issues: - Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197790) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1864-1 Released: Fri May 27 09:07:30 2022 Summary: Recommended update for leveldb Type: recommended Severity: low References: 1197742 This update for leveldb fixes the following issue: - fix tests (bsc#1197742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2149-1 Released: Wed Jun 22 08:17:38 2022 Summary: Recommended update for ceph-iscsi Type: recommended Severity: moderate References: 1198435 This update for ceph-iscsi fixes the following issues: - Update to 3.5+1655410541.gf482c7a. + Improve werkzeug version checking (bsc#1198435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:25 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2453-1 Released: Wed Jul 20 15:26:03 2022 Summary: Recommended update for rook, rook-helm Type: recommended Severity: moderate References: 1198820 This update for rook, rook-helm fixes the following issues: - Fixed an issue for deploying OSDs in SES 7.1 (bsc#1198820) - Update to v1.8.10 Rook v1.8.10 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: Improve detection of filesystem properties for disk in use (#10230, @leseb) * osd: Remove broken argument for upgraded OSDs on PVCs in legacy lvm mode (#10298, @leseb) * osd: Allow the osd to take two hours to start in case of ceph maintenance (#10250, @travisn) * operator: Report telemetry 'rook/version' in mon store (#10161, @BlaineEXE) - Update to v1.8.9 Rook v1.8.9 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * helm: Add ingressClassName field (#10093, @log1cb0mb) * monitoring: Only set prometheus rules ownerref in same namespace (#10028, @travisn) * osd: only set kek to env var on encryption scenario (#10035, @leseb) * docs: Update the s3 client example for accessing RGW (#9968, @thotz) * osd: Add NixOS specific PATHs to check for lvm2 (#9967, @nazarewk) - Update to v1.8.8 Rook v1.8.8 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: Cluster CR status was not being refreshed after updating the cluster CR (#9962, @leseb) * core: GetLogCollectorResources to get the right resources (#9898, @yuvalman) * object: Remove unnecessary region option from the OBC StorageClass (#9906, @thotz) * core: Add Phase in additionalPrinterColumns for all CRs (#9910, @subhamkrai) * test: Avoid potential data inconsistency on zapping disk (#9930, @satoru-takeuchi) * ci: Add pylint in ci (#9879, @subhamkrai) * core: Incorrect join command in external cluster script (#9862, @vavuthu) * core: Rework usage of ReportReconcileResult (#9873, @BlaineEXE) * csi: Populate mon endpoints even if csi driver not enabled (#9878, @travisn) - Update to v1.8.7 Rook v1.8.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * build: Update ceph base image to v16.2.7-20220216 (#9814, @travisn) * csi: default to ReadWriteOnceWithFSType for cephfs (#9729, @humblec) * mon: Disable startup probe on canary pods (#9888, @travisn) * core: Add Ceph FSID on the cephcluster CR status (#9847, @parth-gr) * csi: Properly apply CSI resource requests and limits (#9868, @TomHellier) * helm: Add resource requests and limits to the toolbox pod (#9856, @TomHellier) * helm: Remove obsolete .Values.image.prefix (#9863, @kahirokunn) * osd: Clarify vault auth error message (#9884, @leseb) * nfs: Remove secret and configmap when downscaling NFS daemons (#9859, @BlaineEXE) * helm: Handle empty StorageClass parameters for object, rbd, and cephfs in the helm chart (#9854, @Zempashi) * helm: Remove obsolete setting for enabling multiple filesystems (#9841, @travisn) * osd: Use lvm mode to create multiple OSDs per device (#9842, @BlaineEXE) * helm: Add filesystem pool name to the storage class (#9838, @mtt0) * docs: Document that the rook-ceph-operator-config ConfigMap is required (#9821, @matthiasr) * core: Suppress verbose disruption controller log messages (#9834, @travisn) * osd: Purge job will remove all pvcs for the osd, not just the data pvc (#9804, @travisn) * osd: Remove osd with purge instead of destroy (#9807, @travisn) - Update to rook 1.8.10 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2547-1 Released: Mon Jul 25 19:57:38 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1200278,1200802 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. The following package changes have been done: - binutils-2.37-150100.7.37.1 updated - ceph-iscsi-3.5+1655410541.gf482c7a-150300.3.3.1 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - grep-3.1-150000.4.6.1 updated - gzip-1.10-150200.10.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libcbor0-0.5.0-150100.4.6.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libctf-nobfd0-2.37-150100.7.37.1 updated - libctf0-2.37-150100.7.37.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libleveldb1-1.18-150000.3.3.1 updated - liboath0-2.6.2-150000.3.3.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.7.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-246.16-150300.7.48.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libudev1-246.16-150300.7.48.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libzypp-17.30.2-150200.39.1 updated - logrotate-3.13.0-150000.4.7.1 updated - oath-toolkit-xml-2.6.2-150000.3.3.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - pam-1.3.0-150000.6.58.3 updated - python-rtslib-fb-common-2.1.74-150300.3.3.1 updated - python3-PyJWT-1.7.1-150200.3.3.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-cssselect-1.0.3-150000.3.3.1 updated - python3-curses-3.6.15-150300.10.27.1 updated - python3-python3-saml-1.7.0-150200.3.3.2 updated - python3-rtslib-fb-2.1.74-150300.3.3.1 updated - python3-3.6.15-150300.10.27.1 updated - rook-k8s-yaml-1.8.10+git0.1899eda8a-150300.3.3.2 updated - rook-1.8.10+git0.1899eda8a-150300.3.3.2 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-246.16-150300.7.48.1 updated - udev-246.16-150300.7.48.1 updated - zypper-1.14.53-150200.33.1 updated - container:sles15-image-15.0.0-17.20.7 updated From sle-updates at lists.suse.com Wed Aug 3 07:19:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 09:19:14 +0200 (CEST) Subject: SUSE-CU-2022:1737-1: Security update of bci/bci-init Message-ID: <20220803071914.58A38FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1737-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.17.33 Container Release : 17.33 Severity : moderate Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. The following package changes have been done: - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - container:sles15-image-15.0.0-17.20.8 updated From sle-updates at lists.suse.com Wed Aug 3 07:19:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 09:19:20 +0200 (CEST) Subject: SUSE-CU-2022:1738-1: Recommended update of bci/bci-init Message-ID: <20220803071920.5D754FDB8@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1738-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.17.34 Container Release : 17.34 Severity : important Type : recommended References : 1195463 1196850 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1195463,1196850 This update for apparmor fixes the following issues: - Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) The following package changes have been done: - libapparmor1-2.13.6-150300.3.15.1 updated From sle-updates at lists.suse.com Wed Aug 3 10:16:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 12:16:47 +0200 (CEST) Subject: SUSE-RU-2022:2630-1: moderate: Recommended update for crmsh Message-ID: <20220803101648.00CE5FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2630-1 Rating: moderate References: #1198180 #1199325 #1199412 #1199634 #1201312 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix 'unexpected output' error when using `crmadmin -S` (bsc#1199412) - Stop and disable csync2.socket on removed node (bsc#1199325) - cibconfig: enable "related:" prefix to show the objects by given ra type - crm report: Read data in a safe way, to avoid UnicodeDecodeError(bsc#1198180) - crm report: use sudo when under non root and hacluster user (bsc#1199634) - ui_cluster: Add examples for 'cluster init' and 'cluster join' - utils: use options `-o` and `-n` to compare files instead of strings for crm_diff (bsc#1201312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2630=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2630=1 Package List: - openSUSE Leap 15.4 (noarch): crmsh-4.4.0+20220708.6ed6b56f-150400.3.3.1 crmsh-scripts-4.4.0+20220708.6ed6b56f-150400.3.3.1 crmsh-test-4.4.0+20220708.6ed6b56f-150400.3.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): crmsh-4.4.0+20220708.6ed6b56f-150400.3.3.1 crmsh-scripts-4.4.0+20220708.6ed6b56f-150400.3.3.1 References: https://bugzilla.suse.com/1198180 https://bugzilla.suse.com/1199325 https://bugzilla.suse.com/1199412 https://bugzilla.suse.com/1199634 https://bugzilla.suse.com/1201312 From sle-updates at lists.suse.com Wed Aug 3 13:16:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 15:16:58 +0200 (CEST) Subject: SUSE-RU-2022:2640-1: moderate: Recommended update for yaml-cpp Message-ID: <20220803131658.278C3FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for yaml-cpp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2640-1 Rating: moderate References: #1160171 #1178331 #1178332 #1200624 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for yaml-cpp fixes the following issue: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2640=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2640=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2640=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libyaml-cpp0_6-0.6.3-150400.4.3.1 libyaml-cpp0_6-debuginfo-0.6.3-150400.4.3.1 yaml-cpp-debugsource-0.6.3-150400.4.3.1 yaml-cpp-devel-0.6.3-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): yaml-cpp-debugsource-0.6.3-150400.4.3.1 yaml-cpp-devel-0.6.3-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libyaml-cpp0_6-0.6.3-150400.4.3.1 libyaml-cpp0_6-debuginfo-0.6.3-150400.4.3.1 yaml-cpp-debugsource-0.6.3-150400.4.3.1 References: https://bugzilla.suse.com/1160171 https://bugzilla.suse.com/1178331 https://bugzilla.suse.com/1178332 https://bugzilla.suse.com/1200624 From sle-updates at lists.suse.com Wed Aug 3 13:17:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 15:17:43 +0200 (CEST) Subject: SUSE-SU-2022:2637-1: moderate: Security update for mokutil Message-ID: <20220803131743.CAC0CFDB8@maintenance.suse.de> SUSE Security Update: Security update for mokutil ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2637-1 Rating: moderate References: #1198458 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2637=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): mokutil-0.2.0-23.6.1 mokutil-debuginfo-0.2.0-23.6.1 mokutil-debugsource-0.2.0-23.6.1 References: https://bugzilla.suse.com/1198458 From sle-updates at lists.suse.com Wed Aug 3 13:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 15:18:16 +0200 (CEST) Subject: SUSE-SU-2022:2632-1: important: Security update for permissions Message-ID: <20220803131816.59B13FDB8@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2632-1 Rating: important References: #1198720 #1200747 #1201385 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2632=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2632=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2632=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): permissions-20201225-150400.5.8.1 permissions-debuginfo-20201225-150400.5.8.1 permissions-debugsource-20201225-150400.5.8.1 rpmlint-mini-1.10-150400.23.2.1 - openSUSE Leap 15.4 (noarch): permissions-zypp-plugin-20201225-150400.5.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-150400.23.2.1 rpmlint-mini-debuginfo-1.10-150400.23.2.1 rpmlint-mini-debugsource-1.10-150400.23.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): permissions-20201225-150400.5.8.1 permissions-debuginfo-20201225-150400.5.8.1 permissions-debugsource-20201225-150400.5.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): permissions-zypp-plugin-20201225-150400.5.8.1 References: https://bugzilla.suse.com/1198720 https://bugzilla.suse.com/1200747 https://bugzilla.suse.com/1201385 From sle-updates at lists.suse.com Wed Aug 3 13:18:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 15:18:57 +0200 (CEST) Subject: SUSE-SU-2022:2635-1: moderate: Security update for mokutil Message-ID: <20220803131857.B175DFDB8@maintenance.suse.de> SUSE Security Update: Security update for mokutil ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2635-1 Rating: moderate References: #1198458 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2635=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2635=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2635=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): mokutil-0.3.0-150000.4.3.1 mokutil-debuginfo-0.3.0-150000.4.3.1 mokutil-debugsource-0.3.0-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): mokutil-0.3.0-150000.4.3.1 mokutil-debuginfo-0.3.0-150000.4.3.1 mokutil-debugsource-0.3.0-150000.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): mokutil-0.3.0-150000.4.3.1 mokutil-debuginfo-0.3.0-150000.4.3.1 mokutil-debugsource-0.3.0-150000.4.3.1 References: https://bugzilla.suse.com/1198458 From sle-updates at lists.suse.com Wed Aug 3 13:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 15:19:32 +0200 (CEST) Subject: SUSE-SU-2022:2636-1: moderate: Security update for mokutil Message-ID: <20220803131932.21960FDB8@maintenance.suse.de> SUSE Security Update: Security update for mokutil ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2636-1 Rating: moderate References: #1198458 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2636=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2636=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2636=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2636=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2636=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2636=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): mokutil-0.3.0-150100.8.9.1 mokutil-debuginfo-0.3.0-150100.8.9.1 mokutil-debugsource-0.3.0-150100.8.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): mokutil-0.3.0-150100.8.9.1 mokutil-debuginfo-0.3.0-150100.8.9.1 mokutil-debugsource-0.3.0-150100.8.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): mokutil-0.3.0-150100.8.9.1 mokutil-debuginfo-0.3.0-150100.8.9.1 mokutil-debugsource-0.3.0-150100.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): mokutil-0.3.0-150100.8.9.1 mokutil-debuginfo-0.3.0-150100.8.9.1 mokutil-debugsource-0.3.0-150100.8.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): mokutil-0.3.0-150100.8.9.1 mokutil-debuginfo-0.3.0-150100.8.9.1 mokutil-debugsource-0.3.0-150100.8.9.1 - SUSE Enterprise Storage 6 (x86_64): mokutil-0.3.0-150100.8.9.1 mokutil-debuginfo-0.3.0-150100.8.9.1 mokutil-debugsource-0.3.0-150100.8.9.1 - SUSE CaaS Platform 4.0 (x86_64): mokutil-0.3.0-150100.8.9.1 mokutil-debuginfo-0.3.0-150100.8.9.1 mokutil-debugsource-0.3.0-150100.8.9.1 References: https://bugzilla.suse.com/1198458 From sle-updates at lists.suse.com Wed Aug 3 13:20:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 15:20:07 +0200 (CEST) Subject: SUSE-SU-2022:2633-1: moderate: Security update for mokutil Message-ID: <20220803132007.7DD60FDB8@maintenance.suse.de> SUSE Security Update: Security update for mokutil ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2633-1 Rating: moderate References: #1198458 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --set-sbat-policy (latest | previous | delete) to set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2633=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2633=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): mokutil-0.5.0-150400.3.3.1 mokutil-debuginfo-0.5.0-150400.3.3.1 mokutil-debugsource-0.5.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): mokutil-0.5.0-150400.3.3.1 mokutil-debuginfo-0.5.0-150400.3.3.1 mokutil-debugsource-0.5.0-150400.3.3.1 References: https://bugzilla.suse.com/1198458 From sle-updates at lists.suse.com Wed Aug 3 13:20:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 15:20:45 +0200 (CEST) Subject: SUSE-SU-2022:2638-1: moderate: Security update for mokutil Message-ID: <20220803132045.1EF69FDB8@maintenance.suse.de> SUSE Security Update: Security update for mokutil ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2638-1 Rating: moderate References: #1198458 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2638=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2638=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2638=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2638=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2638=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2638=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2638=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2638=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2638=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2638=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2638=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2638=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2638=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Manager Server 4.1 (x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Manager Proxy 4.1 (x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 - SUSE Enterprise Storage 7 (x86_64): mokutil-0.4.0-150200.4.6.1 mokutil-debuginfo-0.4.0-150200.4.6.1 mokutil-debugsource-0.4.0-150200.4.6.1 References: https://bugzilla.suse.com/1198458 From sle-updates at lists.suse.com Wed Aug 3 13:21:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 15:21:24 +0200 (CEST) Subject: SUSE-SU-2022:2641-1: moderate: Security update for xscreensaver Message-ID: <20220803132124.CBB9AFDB8@maintenance.suse.de> SUSE Security Update: Security update for xscreensaver ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2641-1 Rating: moderate References: #1186918 Cross-References: CVE-2021-34557 CVSS scores: CVE-2021-34557 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-34557 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xscreensaver fixes the following issues: - CVE-2021-34557: Fixed potential crash and unlock while disconnecting video output with more than 10 monitors (bsc#1186918) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2641=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2641=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): xscreensaver-5.44-150000.5.6.1 xscreensaver-data-5.44-150000.5.6.1 xscreensaver-data-debuginfo-5.44-150000.5.6.1 xscreensaver-data-extra-5.44-150000.5.6.1 xscreensaver-data-extra-debuginfo-5.44-150000.5.6.1 xscreensaver-debuginfo-5.44-150000.5.6.1 xscreensaver-debugsource-5.44-150000.5.6.1 - openSUSE Leap 15.3 (noarch): xscreensaver-lang-5.44-150000.5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xscreensaver-5.44-150000.5.6.1 xscreensaver-data-5.44-150000.5.6.1 xscreensaver-data-debuginfo-5.44-150000.5.6.1 xscreensaver-debuginfo-5.44-150000.5.6.1 xscreensaver-debugsource-5.44-150000.5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xscreensaver-lang-5.44-150000.5.6.1 References: https://www.suse.com/security/cve/CVE-2021-34557.html https://bugzilla.suse.com/1186918 From sle-updates at lists.suse.com Wed Aug 3 13:22:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 15:22:00 +0200 (CEST) Subject: SUSE-SU-2022:2642-1: moderate: Security update for xscreensaver Message-ID: <20220803132200.1B69EFDB8@maintenance.suse.de> SUSE Security Update: Security update for xscreensaver ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2642-1 Rating: moderate References: #1186918 Cross-References: CVE-2021-34557 CVSS scores: CVE-2021-34557 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-34557 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xscreensaver fixes the following issues: - CVE-2021-34557: Fixed potential crash and unlock while disconnecting video output with more than 10 monitors (bsc#1186918) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2642=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xscreensaver-5.22-8.3.1 xscreensaver-data-5.22-8.3.1 xscreensaver-data-debuginfo-5.22-8.3.1 xscreensaver-debuginfo-5.22-8.3.1 xscreensaver-debugsource-5.22-8.3.1 References: https://www.suse.com/security/cve/CVE-2021-34557.html https://bugzilla.suse.com/1186918 From sle-updates at lists.suse.com Wed Aug 3 16:17:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 18:17:39 +0200 (CEST) Subject: SUSE-SU-2022:2649-1: important: Security update for pcre2 Message-ID: <20220803161739.E7997FDB8@maintenance.suse.de> SUSE Security Update: Security update for pcre2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2649-1 Rating: important References: #1164384 #1199235 Cross-References: CVE-2019-20454 CVE-2022-1587 CVSS scores: CVE-2019-20454 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-20454 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-1587 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-1587 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2649=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2649=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2649=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2649=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2649=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2649=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2649=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2649=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2649=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2649=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2649=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2649=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2649=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2649=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2649=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2649=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2649=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2649=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2649=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2649=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2649=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2649=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2649=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 pcre2-devel-static-10.31-150000.3.12.1 pcre2-tools-10.31-150000.3.12.1 pcre2-tools-debuginfo-10.31-150000.3.12.1 - openSUSE Leap 15.3 (x86_64): libpcre2-16-0-32bit-10.31-150000.3.12.1 libpcre2-16-0-32bit-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-32bit-10.31-150000.3.12.1 libpcre2-32-0-32bit-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-32bit-10.31-150000.3.12.1 libpcre2-8-0-32bit-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-32bit-10.31-150000.3.12.1 libpcre2-posix2-32bit-debuginfo-10.31-150000.3.12.1 - openSUSE Leap 15.3 (noarch): pcre2-doc-10.31-150000.3.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Manager Proxy 4.1 (x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 - SUSE CaaS Platform 4.0 (x86_64): libpcre2-16-0-10.31-150000.3.12.1 libpcre2-16-0-debuginfo-10.31-150000.3.12.1 libpcre2-32-0-10.31-150000.3.12.1 libpcre2-32-0-debuginfo-10.31-150000.3.12.1 libpcre2-8-0-10.31-150000.3.12.1 libpcre2-8-0-debuginfo-10.31-150000.3.12.1 libpcre2-posix2-10.31-150000.3.12.1 libpcre2-posix2-debuginfo-10.31-150000.3.12.1 pcre2-debugsource-10.31-150000.3.12.1 pcre2-devel-10.31-150000.3.12.1 References: https://www.suse.com/security/cve/CVE-2019-20454.html https://www.suse.com/security/cve/CVE-2022-1587.html https://bugzilla.suse.com/1164384 https://bugzilla.suse.com/1199235 From sle-updates at lists.suse.com Wed Aug 3 16:18:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 18:18:48 +0200 (CEST) Subject: SUSE-SU-2022:2651-1: moderate: Security update for samba Message-ID: <20220803161848.530A6FDB8@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2651-1 Rating: moderate References: #1201496 Cross-References: CVE-2022-32742 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bso#15085) (bsc#1201496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2651=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2651=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2651=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2651=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2651=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2651=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2651=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2651=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2651=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2651=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2651=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - openSUSE Leap 15.4 (x86_64): libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-python3-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-core-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Manager Server 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-python3-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-core-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Manager Proxy 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-python3-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-core-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libdcerpc-binding0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-python3-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-core-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-python3-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-core-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): samba-ceph-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-python3-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-core-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-python3-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-core-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-python3-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-core-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.14+git.325.2e31b7efa01-150200.4.41.1 ctdb-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-samr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy-python3-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-policy0-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ad-dc-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-ceph-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-client-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-core-devel-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-debugsource-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-dsdb-modules-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-python3-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 - SUSE Enterprise Storage 7 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libdcerpc0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr-standard0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libndr0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libnetapi0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamba-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsamdb0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbconf0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libsmbldap2-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libtevent-util0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 libwbclient0-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-libs-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-4.11.14+git.325.2e31b7efa01-150200.4.41.1 samba-winbind-32bit-debuginfo-4.11.14+git.325.2e31b7efa01-150200.4.41.1 References: https://www.suse.com/security/cve/CVE-2022-32742.html https://bugzilla.suse.com/1201496 From sle-updates at lists.suse.com Wed Aug 3 16:19:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 18:19:43 +0200 (CEST) Subject: SUSE-SU-2022:2647-1: Security update for tiff Message-ID: <20220803161943.AD1F6FDB8@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2647-1 Rating: low References: #1201174 #1201175 #1201176 Cross-References: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVSS scores: CVE-2022-2056 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2056 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2057 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2057 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2058 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2058 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176). - CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175). - CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2647=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2647=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2647=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2647=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2647=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2647=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2647=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2647=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.11.1 libtiff5-4.0.9-150000.45.11.1 libtiff5-debuginfo-4.0.9-150000.45.11.1 tiff-4.0.9-150000.45.11.1 tiff-debuginfo-4.0.9-150000.45.11.1 tiff-debugsource-4.0.9-150000.45.11.1 - openSUSE Leap 15.4 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.11.1 libtiff5-32bit-4.0.9-150000.45.11.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.11.1 libtiff5-4.0.9-150000.45.11.1 libtiff5-debuginfo-4.0.9-150000.45.11.1 tiff-4.0.9-150000.45.11.1 tiff-debuginfo-4.0.9-150000.45.11.1 tiff-debugsource-4.0.9-150000.45.11.1 - openSUSE Leap 15.3 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.11.1 libtiff5-32bit-4.0.9-150000.45.11.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.11.1 tiff-debuginfo-4.0.9-150000.45.11.1 tiff-debugsource-4.0.9-150000.45.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.11.1 tiff-debuginfo-4.0.9-150000.45.11.1 tiff-debugsource-4.0.9-150000.45.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.11.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.11.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.11.1 tiff-debugsource-4.0.9-150000.45.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.11.1 libtiff5-4.0.9-150000.45.11.1 libtiff5-debuginfo-4.0.9-150000.45.11.1 tiff-debuginfo-4.0.9-150000.45.11.1 tiff-debugsource-4.0.9-150000.45.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtiff5-32bit-4.0.9-150000.45.11.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.11.1 libtiff5-4.0.9-150000.45.11.1 libtiff5-debuginfo-4.0.9-150000.45.11.1 tiff-debuginfo-4.0.9-150000.45.11.1 tiff-debugsource-4.0.9-150000.45.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.11.1 libtiff5-debuginfo-4.0.9-150000.45.11.1 tiff-debuginfo-4.0.9-150000.45.11.1 tiff-debugsource-4.0.9-150000.45.11.1 References: https://www.suse.com/security/cve/CVE-2022-2056.html https://www.suse.com/security/cve/CVE-2022-2057.html https://www.suse.com/security/cve/CVE-2022-2058.html https://bugzilla.suse.com/1201174 https://bugzilla.suse.com/1201175 https://bugzilla.suse.com/1201176 From sle-updates at lists.suse.com Wed Aug 3 16:20:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 18:20:34 +0200 (CEST) Subject: SUSE-SU-2022:2648-1: Security update for tiff Message-ID: <20220803162034.E4602FDB8@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2648-1 Rating: low References: #1201174 #1201175 #1201176 Cross-References: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVSS scores: CVE-2022-2056 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2056 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2057 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2057 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2058 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2058 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176). - CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175). - CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2648=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2648=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.51.1 tiff-debuginfo-4.0.9-44.51.1 tiff-debugsource-4.0.9-44.51.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.51.1 libtiff5-debuginfo-4.0.9-44.51.1 tiff-4.0.9-44.51.1 tiff-debuginfo-4.0.9-44.51.1 tiff-debugsource-4.0.9-44.51.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtiff5-32bit-4.0.9-44.51.1 libtiff5-debuginfo-32bit-4.0.9-44.51.1 References: https://www.suse.com/security/cve/CVE-2022-2056.html https://www.suse.com/security/cve/CVE-2022-2057.html https://www.suse.com/security/cve/CVE-2022-2058.html https://bugzilla.suse.com/1201174 https://bugzilla.suse.com/1201175 https://bugzilla.suse.com/1201176 From sle-updates at lists.suse.com Wed Aug 3 16:21:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 18:21:23 +0200 (CEST) Subject: SUSE-SU-2022:2645-1: moderate: Security update for python-numpy Message-ID: <20220803162123.750C1FDB8@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2645-1 Rating: moderate References: #1193911 Cross-References: CVE-2021-41495 CVSS scores: CVE-2021-41495 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-41495 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort (bsc#1193911). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2645=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2645=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.8.0-5.14.1 python-numpy-debugsource-1.8.0-5.14.1 python-numpy-devel-1.8.0-5.14.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python-numpy-1.8.0-5.14.1 python-numpy-debuginfo-1.8.0-5.14.1 python-numpy-debugsource-1.8.0-5.14.1 References: https://www.suse.com/security/cve/CVE-2021-41495.html https://bugzilla.suse.com/1193911 From sle-updates at lists.suse.com Wed Aug 3 16:22:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 18:22:10 +0200 (CEST) Subject: SUSE-RU-2022:2644-1: moderate: Recommended update for dracut Message-ID: <20220803162210.EEEF4FDB8@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2644-1 Rating: moderate References: #1177461 #1184970 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - Fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2644=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2644=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2644=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2644=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2644=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2644=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2644=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2644=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2644=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2644=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2644=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2644=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2644=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-extra-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-tools-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Manager Proxy 4.1 (x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debuginfo-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-debugsource-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-fips-049.1+suse.238.gd8dbb075-150200.3.60.1 dracut-ima-049.1+suse.238.gd8dbb075-150200.3.60.1 References: https://bugzilla.suse.com/1177461 https://bugzilla.suse.com/1184970 From sle-updates at lists.suse.com Wed Aug 3 16:23:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 18:23:21 +0200 (CEST) Subject: SUSE-SU-2022:2650-1: important: Security update for java-1_8_0-ibm Message-ID: <20220803162321.DEE97FDB8@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2650-1 Rating: important References: #1191912 #1194931 #1198670 #1198671 #1198672 #1198673 #1198674 #1198675 #1201643 Cross-References: CVE-2021-35561 CVE-2022-21299 CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21449 CVE-2022-21476 CVE-2022-21496 CVSS scores: CVE-2021-35561 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35561 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21299 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21449 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21449 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 7 Fix Pack 10 [bsc#1201643] - CVE-2022-21476 (bsc#1198671), CVE-2022-21449 (bsc#1198670), CVE-2022-21496 (bsc#1198673), CVE-2022-21434 (bsc#1198674), CVE-2022-21426 (bsc#1198672), CVE-2022-21443 (bsc#1198675), CVE-2021-35561 (bsc#1191912), CVE-2022-21299 (bsc#1194931). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2650=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2650=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2650=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2650=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2650=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2650=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2650=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2650=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2650=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2650=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2650=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2650=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2650=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2650=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2650=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2650=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-demo-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-src-1.8.0_sr7.10-150000.3.59.1 - openSUSE Leap 15.4 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-demo-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-src-1.8.0_sr7.10-150000.3.59.1 - openSUSE Leap 15.3 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 - SUSE Manager Server 4.1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Enterprise Storage 7 (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE Enterprise Storage 6 (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-ibm-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-alsa-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-devel-1.8.0_sr7.10-150000.3.59.1 java-1_8_0-ibm-plugin-1.8.0_sr7.10-150000.3.59.1 References: https://www.suse.com/security/cve/CVE-2021-35561.html https://www.suse.com/security/cve/CVE-2022-21299.html https://www.suse.com/security/cve/CVE-2022-21426.html https://www.suse.com/security/cve/CVE-2022-21434.html https://www.suse.com/security/cve/CVE-2022-21443.html https://www.suse.com/security/cve/CVE-2022-21449.html https://www.suse.com/security/cve/CVE-2022-21476.html https://www.suse.com/security/cve/CVE-2022-21496.html https://bugzilla.suse.com/1191912 https://bugzilla.suse.com/1194931 https://bugzilla.suse.com/1198670 https://bugzilla.suse.com/1198671 https://bugzilla.suse.com/1198672 https://bugzilla.suse.com/1198673 https://bugzilla.suse.com/1198674 https://bugzilla.suse.com/1198675 https://bugzilla.suse.com/1201643 From sle-updates at lists.suse.com Wed Aug 3 16:24:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 18:24:58 +0200 (CEST) Subject: SUSE-SU-2022:2646-1: moderate: Security update for python-numpy Message-ID: <20220803162458.131A9FE10@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2646-1 Rating: moderate References: #1193911 Cross-References: CVE-2021-41495 CVSS scores: CVE-2021-41495 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-41495 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for HPC 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort (bsc#1193911). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2646=1 - SUSE Linux Enterprise Module for HPC 15-SP4: zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2022-2646=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2646=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-numpy-debugsource-1.17.3-150400.23.3.1 python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-150400.23.3.1 python3-numpy-1.17.3-150400.23.3.1 python3-numpy-debuginfo-1.17.3-150400.23.3.1 python3-numpy-devel-1.17.3-150400.23.3.1 python3-numpy-gnu-hpc-1.17.3-150400.23.3.1 python3-numpy-gnu-hpc-devel-1.17.3-150400.23.3.1 python3-numpy_1_17_3-gnu-hpc-1.17.3-150400.23.3.1 python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-150400.23.3.1 python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-150400.23.3.1 - SUSE Linux Enterprise Module for HPC 15-SP4 (aarch64 x86_64): python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-150400.23.3.1 python3-numpy-gnu-hpc-1.17.3-150400.23.3.1 python3-numpy-gnu-hpc-devel-1.17.3-150400.23.3.1 python3-numpy_1_17_3-gnu-hpc-1.17.3-150400.23.3.1 python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-150400.23.3.1 python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-150400.23.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-numpy-debugsource-1.17.3-150400.23.3.1 python3-numpy-1.17.3-150400.23.3.1 python3-numpy-debuginfo-1.17.3-150400.23.3.1 python3-numpy-devel-1.17.3-150400.23.3.1 References: https://www.suse.com/security/cve/CVE-2021-41495.html https://bugzilla.suse.com/1193911 From sle-updates at lists.suse.com Wed Aug 3 19:16:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 21:16:11 +0200 (CEST) Subject: SUSE-SU-2022:2655-1: moderate: Security update for postgresql-jdbc Message-ID: <20220803191611.B3E0CFDB8@maintenance.suse.de> SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2655-1 Rating: moderate References: #1197356 Cross-References: CVE-2022-26520 CVSS scores: CVE-2022-26520 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26520 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2022-26520: Fixed arbitrary File Write Vulnerability (bsc#1197356) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2655=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2655=1 Package List: - openSUSE Leap 15.4 (noarch): postgresql-jdbc-42.2.25-150400.3.3.2 postgresql-jdbc-javadoc-42.2.25-150400.3.3.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): postgresql-jdbc-42.2.25-150400.3.3.2 References: https://www.suse.com/security/cve/CVE-2022-26520.html https://bugzilla.suse.com/1197356 From sle-updates at lists.suse.com Wed Aug 3 19:16:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 21:16:52 +0200 (CEST) Subject: SUSE-SU-2022:2654-1: important: Security update for u-boot Message-ID: <20220803191652.219B1FDB8@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2654-1 Rating: important References: #1201214 Cross-References: CVE-2022-34835 CVSS scores: CVE-2022-34835 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34835 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2654=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2654=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2654=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2654=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2654=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2654=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2654=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2654=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2654=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2654=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2654=1 Package List: - openSUSE Leap 15.4 (aarch64): u-boot-xilinxzynqmpgeneric-2020.01-150200.10.15.1 u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.15.1 - openSUSE Leap 15.3 (aarch64): u-boot-xilinxzynqmpgeneric-2020.01-150200.10.15.1 u-boot-xilinxzynqmpgeneric-doc-2020.01-150200.10.15.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): u-boot-tools-2020.01-150200.10.15.1 u-boot-tools-debuginfo-2020.01-150200.10.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): u-boot-tools-2020.01-150200.10.15.1 u-boot-tools-debuginfo-2020.01-150200.10.15.1 - SUSE Manager Proxy 4.1 (x86_64): u-boot-tools-2020.01-150200.10.15.1 u-boot-tools-debuginfo-2020.01-150200.10.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): u-boot-tools-2020.01-150200.10.15.1 u-boot-tools-debuginfo-2020.01-150200.10.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): u-boot-tools-2020.01-150200.10.15.1 u-boot-tools-debuginfo-2020.01-150200.10.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64): u-boot-rpiarm64-2020.01-150200.10.15.1 u-boot-rpiarm64-doc-2020.01-150200.10.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): u-boot-tools-2020.01-150200.10.15.1 u-boot-tools-debuginfo-2020.01-150200.10.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): u-boot-tools-2020.01-150200.10.15.1 u-boot-tools-debuginfo-2020.01-150200.10.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64): u-boot-rpiarm64-2020.01-150200.10.15.1 u-boot-rpiarm64-doc-2020.01-150200.10.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): u-boot-tools-2020.01-150200.10.15.1 u-boot-tools-debuginfo-2020.01-150200.10.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64): u-boot-rpiarm64-2020.01-150200.10.15.1 u-boot-rpiarm64-doc-2020.01-150200.10.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): u-boot-tools-2020.01-150200.10.15.1 u-boot-tools-debuginfo-2020.01-150200.10.15.1 - SUSE Enterprise Storage 7 (aarch64): u-boot-rpiarm64-2020.01-150200.10.15.1 u-boot-rpiarm64-doc-2020.01-150200.10.15.1 References: https://www.suse.com/security/cve/CVE-2022-34835.html https://bugzilla.suse.com/1201214 From sle-updates at lists.suse.com Wed Aug 3 19:17:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 3 Aug 2022 21:17:39 +0200 (CEST) Subject: SUSE-SU-2022:2653-1: important: Security update for u-boot Message-ID: <20220803191739.9E56DFDB8@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2653-1 Rating: important References: #1201214 #1201745 Cross-References: CVE-2022-33967 CVE-2022-34835 CVSS scores: CVE-2022-33967 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-33967 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L CVE-2022-34835 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34835 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-33967: Fixed heap overflow in squashfs filesystem implementation (bsc#1201745). - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2653=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2653=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.15.1 u-boot-tools-debuginfo-2021.01-150300.7.15.1 - openSUSE Leap 15.3 (aarch64): u-boot-avnetultra96rev1-2021.01-150300.7.15.1 u-boot-avnetultra96rev1-doc-2021.01-150300.7.15.1 u-boot-bananapim64-2021.01-150300.7.15.1 u-boot-bananapim64-doc-2021.01-150300.7.15.1 u-boot-dragonboard410c-2021.01-150300.7.15.1 u-boot-dragonboard410c-doc-2021.01-150300.7.15.1 u-boot-dragonboard820c-2021.01-150300.7.15.1 u-boot-dragonboard820c-doc-2021.01-150300.7.15.1 u-boot-evb-rk3399-2021.01-150300.7.15.1 u-boot-evb-rk3399-doc-2021.01-150300.7.15.1 u-boot-firefly-rk3399-2021.01-150300.7.15.1 u-boot-firefly-rk3399-doc-2021.01-150300.7.15.1 u-boot-geekbox-2021.01-150300.7.15.1 u-boot-geekbox-doc-2021.01-150300.7.15.1 u-boot-hikey-2021.01-150300.7.15.1 u-boot-hikey-doc-2021.01-150300.7.15.1 u-boot-khadas-vim-2021.01-150300.7.15.1 u-boot-khadas-vim-doc-2021.01-150300.7.15.1 u-boot-khadas-vim2-2021.01-150300.7.15.1 u-boot-khadas-vim2-doc-2021.01-150300.7.15.1 u-boot-libretech-ac-2021.01-150300.7.15.1 u-boot-libretech-ac-doc-2021.01-150300.7.15.1 u-boot-libretech-cc-2021.01-150300.7.15.1 u-boot-libretech-cc-doc-2021.01-150300.7.15.1 u-boot-ls1012afrdmqspi-2021.01-150300.7.15.1 u-boot-ls1012afrdmqspi-doc-2021.01-150300.7.15.1 u-boot-mvebudb-88f3720-2021.01-150300.7.15.1 u-boot-mvebudb-88f3720-doc-2021.01-150300.7.15.1 u-boot-mvebudbarmada8k-2021.01-150300.7.15.1 u-boot-mvebudbarmada8k-doc-2021.01-150300.7.15.1 u-boot-mvebuespressobin-88f3720-2021.01-150300.7.15.1 u-boot-mvebuespressobin-88f3720-doc-2021.01-150300.7.15.1 u-boot-mvebumcbin-88f8040-2021.01-150300.7.15.1 u-boot-mvebumcbin-88f8040-doc-2021.01-150300.7.15.1 u-boot-nanopia64-2021.01-150300.7.15.1 u-boot-nanopia64-doc-2021.01-150300.7.15.1 u-boot-odroid-c2-2021.01-150300.7.15.1 u-boot-odroid-c2-doc-2021.01-150300.7.15.1 u-boot-odroid-c4-2021.01-150300.7.15.1 u-boot-odroid-c4-doc-2021.01-150300.7.15.1 u-boot-odroid-n2-2021.01-150300.7.15.1 u-boot-odroid-n2-doc-2021.01-150300.7.15.1 u-boot-orangepipc2-2021.01-150300.7.15.1 u-boot-orangepipc2-doc-2021.01-150300.7.15.1 u-boot-p2371-2180-2021.01-150300.7.15.1 u-boot-p2371-2180-doc-2021.01-150300.7.15.1 u-boot-p2771-0000-500-2021.01-150300.7.15.1 u-boot-p2771-0000-500-doc-2021.01-150300.7.15.1 u-boot-p3450-0000-2021.01-150300.7.15.1 u-boot-p3450-0000-doc-2021.01-150300.7.15.1 u-boot-pine64plus-2021.01-150300.7.15.1 u-boot-pine64plus-doc-2021.01-150300.7.15.1 u-boot-pinebook-2021.01-150300.7.15.1 u-boot-pinebook-doc-2021.01-150300.7.15.1 u-boot-pinebook-pro-rk3399-2021.01-150300.7.15.1 u-boot-pinebook-pro-rk3399-doc-2021.01-150300.7.15.1 u-boot-pineh64-2021.01-150300.7.15.1 u-boot-pineh64-doc-2021.01-150300.7.15.1 u-boot-pinephone-2021.01-150300.7.15.1 u-boot-pinephone-doc-2021.01-150300.7.15.1 u-boot-poplar-2021.01-150300.7.15.1 u-boot-poplar-doc-2021.01-150300.7.15.1 u-boot-rock-pi-4-rk3399-2021.01-150300.7.15.1 u-boot-rock-pi-4-rk3399-doc-2021.01-150300.7.15.1 u-boot-rock64-rk3328-2021.01-150300.7.15.1 u-boot-rock64-rk3328-doc-2021.01-150300.7.15.1 u-boot-rock960-rk3399-2021.01-150300.7.15.1 u-boot-rock960-rk3399-doc-2021.01-150300.7.15.1 u-boot-rockpro64-rk3399-2021.01-150300.7.15.1 u-boot-rockpro64-rk3399-doc-2021.01-150300.7.15.1 u-boot-rpi3-2021.01-150300.7.15.1 u-boot-rpi3-doc-2021.01-150300.7.15.1 u-boot-rpi4-2021.01-150300.7.15.1 u-boot-rpi4-doc-2021.01-150300.7.15.1 u-boot-rpiarm64-2021.01-150300.7.15.1 u-boot-rpiarm64-doc-2021.01-150300.7.15.1 u-boot-xilinxzynqmpvirt-2021.01-150300.7.15.1 u-boot-xilinxzynqmpvirt-doc-2021.01-150300.7.15.1 u-boot-xilinxzynqmpzcu102rev10-2021.01-150300.7.15.1 u-boot-xilinxzynqmpzcu102rev10-doc-2021.01-150300.7.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.15.1 u-boot-tools-debuginfo-2021.01-150300.7.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): u-boot-rpiarm64-2021.01-150300.7.15.1 u-boot-rpiarm64-doc-2021.01-150300.7.15.1 References: https://www.suse.com/security/cve/CVE-2022-33967.html https://www.suse.com/security/cve/CVE-2022-34835.html https://bugzilla.suse.com/1201214 https://bugzilla.suse.com/1201745 From sle-updates at lists.suse.com Wed Aug 3 22:16:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 00:16:46 +0200 (CEST) Subject: SUSE-SU-2022:2661-1: important: Security update for u-boot Message-ID: <20220803221646.EB26BFC32@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2661-1 Rating: important References: #1201214 #1201745 Cross-References: CVE-2022-33967 CVE-2022-34835 CVSS scores: CVE-2022-33967 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-33967 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L CVE-2022-34835 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34835 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-33967: Fixed heap overflow in squashfs filesystem implementation (bsc#1201745). - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2661=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2661=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.10-150400.4.8.1 u-boot-tools-debuginfo-2021.10-150400.4.8.1 - openSUSE Leap 15.4 (aarch64): u-boot-avnetultra96rev1-2021.10-150400.4.8.1 u-boot-avnetultra96rev1-doc-2021.10-150400.4.8.1 u-boot-bananapim64-2021.10-150400.4.8.1 u-boot-bananapim64-doc-2021.10-150400.4.8.1 u-boot-dragonboard410c-2021.10-150400.4.8.1 u-boot-dragonboard410c-doc-2021.10-150400.4.8.1 u-boot-dragonboard820c-2021.10-150400.4.8.1 u-boot-dragonboard820c-doc-2021.10-150400.4.8.1 u-boot-evb-rk3399-2021.10-150400.4.8.1 u-boot-evb-rk3399-doc-2021.10-150400.4.8.1 u-boot-firefly-rk3399-2021.10-150400.4.8.1 u-boot-firefly-rk3399-doc-2021.10-150400.4.8.1 u-boot-geekbox-2021.10-150400.4.8.1 u-boot-geekbox-doc-2021.10-150400.4.8.1 u-boot-hikey-2021.10-150400.4.8.1 u-boot-hikey-doc-2021.10-150400.4.8.1 u-boot-khadas-vim-2021.10-150400.4.8.1 u-boot-khadas-vim-doc-2021.10-150400.4.8.1 u-boot-khadas-vim2-2021.10-150400.4.8.1 u-boot-khadas-vim2-doc-2021.10-150400.4.8.1 u-boot-libretech-ac-2021.10-150400.4.8.1 u-boot-libretech-ac-doc-2021.10-150400.4.8.1 u-boot-libretech-cc-2021.10-150400.4.8.1 u-boot-libretech-cc-doc-2021.10-150400.4.8.1 u-boot-ls1012afrdmqspi-2021.10-150400.4.8.1 u-boot-ls1012afrdmqspi-doc-2021.10-150400.4.8.1 u-boot-mvebudb-88f3720-2021.10-150400.4.8.1 u-boot-mvebudb-88f3720-doc-2021.10-150400.4.8.1 u-boot-mvebudbarmada8k-2021.10-150400.4.8.1 u-boot-mvebudbarmada8k-doc-2021.10-150400.4.8.1 u-boot-mvebuespressobin-88f3720-2021.10-150400.4.8.1 u-boot-mvebuespressobin-88f3720-doc-2021.10-150400.4.8.1 u-boot-mvebumcbin-88f8040-2021.10-150400.4.8.1 u-boot-mvebumcbin-88f8040-doc-2021.10-150400.4.8.1 u-boot-nanopia64-2021.10-150400.4.8.1 u-boot-nanopia64-doc-2021.10-150400.4.8.1 u-boot-odroid-c2-2021.10-150400.4.8.1 u-boot-odroid-c2-doc-2021.10-150400.4.8.1 u-boot-odroid-c4-2021.10-150400.4.8.1 u-boot-odroid-c4-doc-2021.10-150400.4.8.1 u-boot-odroid-n2-2021.10-150400.4.8.1 u-boot-odroid-n2-doc-2021.10-150400.4.8.1 u-boot-orangepipc2-2021.10-150400.4.8.1 u-boot-orangepipc2-doc-2021.10-150400.4.8.1 u-boot-p2371-2180-2021.10-150400.4.8.1 u-boot-p2371-2180-doc-2021.10-150400.4.8.1 u-boot-p2771-0000-500-2021.10-150400.4.8.1 u-boot-p2771-0000-500-doc-2021.10-150400.4.8.1 u-boot-p3450-0000-2021.10-150400.4.8.1 u-boot-p3450-0000-doc-2021.10-150400.4.8.1 u-boot-pine64plus-2021.10-150400.4.8.1 u-boot-pine64plus-doc-2021.10-150400.4.8.1 u-boot-pinebook-2021.10-150400.4.8.1 u-boot-pinebook-doc-2021.10-150400.4.8.1 u-boot-pinebook-pro-rk3399-2021.10-150400.4.8.1 u-boot-pinebook-pro-rk3399-doc-2021.10-150400.4.8.1 u-boot-pineh64-2021.10-150400.4.8.1 u-boot-pineh64-doc-2021.10-150400.4.8.1 u-boot-pinephone-2021.10-150400.4.8.1 u-boot-pinephone-doc-2021.10-150400.4.8.1 u-boot-poplar-2021.10-150400.4.8.1 u-boot-poplar-doc-2021.10-150400.4.8.1 u-boot-rock-pi-4-rk3399-2021.10-150400.4.8.1 u-boot-rock-pi-4-rk3399-doc-2021.10-150400.4.8.1 u-boot-rock-pi-n10-rk3399pro-2021.10-150400.4.8.1 u-boot-rock-pi-n10-rk3399pro-doc-2021.10-150400.4.8.1 u-boot-rock64-rk3328-2021.10-150400.4.8.1 u-boot-rock64-rk3328-doc-2021.10-150400.4.8.1 u-boot-rock960-rk3399-2021.10-150400.4.8.1 u-boot-rock960-rk3399-doc-2021.10-150400.4.8.1 u-boot-rockpro64-rk3399-2021.10-150400.4.8.1 u-boot-rockpro64-rk3399-doc-2021.10-150400.4.8.1 u-boot-rpi3-2021.10-150400.4.8.1 u-boot-rpi3-doc-2021.10-150400.4.8.1 u-boot-rpi4-2021.10-150400.4.8.1 u-boot-rpi4-doc-2021.10-150400.4.8.1 u-boot-rpiarm64-2021.10-150400.4.8.1 u-boot-rpiarm64-doc-2021.10-150400.4.8.1 u-boot-xilinxzynqmpvirt-2021.10-150400.4.8.1 u-boot-xilinxzynqmpvirt-doc-2021.10-150400.4.8.1 u-boot-xilinxzynqmpzcu102rev10-2021.10-150400.4.8.1 u-boot-xilinxzynqmpzcu102rev10-doc-2021.10-150400.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.10-150400.4.8.1 u-boot-tools-debuginfo-2021.10-150400.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): u-boot-rpiarm64-2021.10-150400.4.8.1 u-boot-rpiarm64-doc-2021.10-150400.4.8.1 References: https://www.suse.com/security/cve/CVE-2022-33967.html https://www.suse.com/security/cve/CVE-2022-34835.html https://bugzilla.suse.com/1201214 https://bugzilla.suse.com/1201745 From sle-updates at lists.suse.com Wed Aug 3 22:17:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 00:17:33 +0200 (CEST) Subject: SUSE-SU-2022:2659-1: important: Security update for ldb, samba Message-ID: <20220803221733.71F40FC32@maintenance.suse.de> SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2659-1 Rating: important References: #1196224 #1198255 #1199247 #1199734 #1200556 #1200964 #1201490 #1201492 #1201493 #1201495 #1201496 Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVSS scores: CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following non-security bug were fixed: ldb was updated to version 2.4.3: + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2659=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2659=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2659=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.500.d5910280cc7-150400.3.11.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 ctdb-pcp-pmda-4.15.8+git.500.d5910280cc7-150400.3.11.1 ctdb-pcp-pmda-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 ldb-debugsource-2.4.3-150400.4.8.1 ldb-tools-2.4.3-150400.4.8.1 ldb-tools-debuginfo-2.4.3-150400.4.8.1 libldb-devel-2.4.3-150400.4.8.1 libldb2-2.4.3-150400.4.8.1 libldb2-debuginfo-2.4.3-150400.4.8.1 libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150400.3.11.1 libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150400.3.11.1 libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150400.3.11.1 libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 python3-ldb-2.4.3-150400.4.8.1 python3-ldb-debuginfo-2.4.3-150400.4.8.1 python3-ldb-devel-2.4.3-150400.4.8.1 samba-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ad-dc-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ad-dc-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-devel-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-gpupdate-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-python3-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-test-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-test-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-tool-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 - openSUSE Leap 15.4 (aarch64 x86_64): samba-ceph-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 - openSUSE Leap 15.4 (noarch): samba-doc-4.15.8+git.500.d5910280cc7-150400.3.11.1 - openSUSE Leap 15.4 (x86_64): libldb2-32bit-2.4.3-150400.4.8.1 libldb2-32bit-debuginfo-2.4.3-150400.4.8.1 libsamba-policy0-python3-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 libsamba-policy0-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 python3-ldb-32bit-2.4.3-150400.4.8.1 python3-ldb-32bit-debuginfo-2.4.3-150400.4.8.1 samba-ad-dc-libs-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-devel-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-python3-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-python3-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-libs-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): ldb-debugsource-2.4.3-150400.4.8.1 ldb-tools-2.4.3-150400.4.8.1 ldb-tools-debuginfo-2.4.3-150400.4.8.1 libldb-devel-2.4.3-150400.4.8.1 libldb2-2.4.3-150400.4.8.1 libldb2-debuginfo-2.4.3-150400.4.8.1 libsamba-policy-devel-4.15.8+git.500.d5910280cc7-150400.3.11.1 libsamba-policy-python3-devel-4.15.8+git.500.d5910280cc7-150400.3.11.1 libsamba-policy0-python3-4.15.8+git.500.d5910280cc7-150400.3.11.1 libsamba-policy0-python3-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 python3-ldb-2.4.3-150400.4.8.1 python3-ldb-debuginfo-2.4.3-150400.4.8.1 python3-ldb-devel-2.4.3-150400.4.8.1 samba-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ad-dc-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ad-dc-libs-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-devel-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-dsdb-modules-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-dsdb-modules-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-gpupdate-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ldb-ldap-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ldb-ldap-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-python3-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-python3-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-python3-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-python3-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-winbind-libs-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): samba-ceph-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-ceph-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libldb2-32bit-2.4.3-150400.4.8.1 libldb2-32bit-debuginfo-2.4.3-150400.4.8.1 samba-client-libs-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-client-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-32bit-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-libs-32bit-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.8+git.500.d5910280cc7-150400.3.11.1 ctdb-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150400.3.11.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150400.3.11.1 References: https://www.suse.com/security/cve/CVE-2022-2031.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-32744.html https://www.suse.com/security/cve/CVE-2022-32745.html https://www.suse.com/security/cve/CVE-2022-32746.html https://bugzilla.suse.com/1196224 https://bugzilla.suse.com/1198255 https://bugzilla.suse.com/1199247 https://bugzilla.suse.com/1199734 https://bugzilla.suse.com/1200556 https://bugzilla.suse.com/1200964 https://bugzilla.suse.com/1201490 https://bugzilla.suse.com/1201492 https://bugzilla.suse.com/1201493 https://bugzilla.suse.com/1201495 https://bugzilla.suse.com/1201496 From sle-updates at lists.suse.com Wed Aug 3 22:19:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 00:19:02 +0200 (CEST) Subject: SUSE-SU-2022:2660-1: important: Security update for java-17-openjdk Message-ID: <20220803221902.DE160FC32@maintenance.suse.de> SUSE Security Update: Security update for java-17-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2660-1 Rating: important References: #1201684 #1201685 #1201692 #1201694 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21549 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21549 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-34169 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.4+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) - CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions (bsc#1201685) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2660=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2660=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.4.0-150400.3.3.1 java-17-openjdk-accessibility-17.0.4.0-150400.3.3.1 java-17-openjdk-accessibility-debuginfo-17.0.4.0-150400.3.3.1 java-17-openjdk-debuginfo-17.0.4.0-150400.3.3.1 java-17-openjdk-debugsource-17.0.4.0-150400.3.3.1 java-17-openjdk-demo-17.0.4.0-150400.3.3.1 java-17-openjdk-devel-17.0.4.0-150400.3.3.1 java-17-openjdk-devel-debuginfo-17.0.4.0-150400.3.3.1 java-17-openjdk-headless-17.0.4.0-150400.3.3.1 java-17-openjdk-headless-debuginfo-17.0.4.0-150400.3.3.1 java-17-openjdk-jmods-17.0.4.0-150400.3.3.1 java-17-openjdk-src-17.0.4.0-150400.3.3.1 - openSUSE Leap 15.4 (noarch): java-17-openjdk-javadoc-17.0.4.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): java-17-openjdk-17.0.4.0-150400.3.3.1 java-17-openjdk-debuginfo-17.0.4.0-150400.3.3.1 java-17-openjdk-debugsource-17.0.4.0-150400.3.3.1 java-17-openjdk-demo-17.0.4.0-150400.3.3.1 java-17-openjdk-devel-17.0.4.0-150400.3.3.1 java-17-openjdk-devel-debuginfo-17.0.4.0-150400.3.3.1 java-17-openjdk-headless-17.0.4.0-150400.3.3.1 java-17-openjdk-headless-debuginfo-17.0.4.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-21549.html https://www.suse.com/security/cve/CVE-2022-34169.html https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201685 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 From sle-updates at lists.suse.com Wed Aug 3 22:19:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 00:19:56 +0200 (CEST) Subject: SUSE-SU-2022:2657-1: important: Security update for oracleasm Message-ID: <20220803221956.19CC9FC32@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2657-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2657=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2657=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): oracleasm-debugsource-2.0.8-150400.25.2.8 oracleasm-kmp-default-2.0.8_k5.14.21_150400.24.11-150400.25.2.8 oracleasm-kmp-default-debuginfo-2.0.8_k5.14.21_150400.24.11-150400.25.2.8 - openSUSE Leap 15.4 (aarch64): oracleasm-kmp-64kb-2.0.8_k5.14.21_150400.24.11-150400.25.2.8 oracleasm-kmp-64kb-debuginfo-2.0.8_k5.14.21_150400.24.11-150400.25.2.8 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): oracleasm-kmp-default-2.0.8_k5.14.21_150400.24.11-150400.25.2.8 oracleasm-kmp-default-debuginfo-2.0.8_k5.14.21_150400.24.11-150400.25.2.8 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Wed Aug 3 22:20:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 00:20:35 +0200 (CEST) Subject: SUSE-SU-2022:2658-1: important: Security update for keylime Message-ID: <20220803222035.DFBB6FC32@maintenance.suse.de> SUSE Security Update: Security update for keylime ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2658-1 Rating: important References: #1199253 #1200885 #1201466 #1201866 Cross-References: CVE-2022-1053 CVE-2022-31250 CVSS scores: CVE-2022-1053 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-1053 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-31250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for keylime fixes the following issues: Update to version 6.3.2, including fixes for: - CVE-2022-1053: Fixed Tenant and Verifier might not use the same registrar data (bsc#1199253). - CVE-2022-31250: Fixed %post scriplet allows for privilege escalation from keylime user to root (bsc#1200885). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2658=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2658=1 Package List: - openSUSE Leap 15.4 (noarch): keylime-agent-6.3.2-150400.4.11.1 keylime-config-6.3.2-150400.4.11.1 keylime-firewalld-6.3.2-150400.4.11.1 keylime-registrar-6.3.2-150400.4.11.1 keylime-tpm_cert_store-6.3.2-150400.4.11.1 keylime-verifier-6.3.2-150400.4.11.1 python3-keylime-6.3.2-150400.4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): keylime-agent-6.3.2-150400.4.11.1 keylime-config-6.3.2-150400.4.11.1 keylime-firewalld-6.3.2-150400.4.11.1 keylime-logrotate-6.3.2-150400.4.11.1 keylime-registrar-6.3.2-150400.4.11.1 keylime-tpm_cert_store-6.3.2-150400.4.11.1 keylime-verifier-6.3.2-150400.4.11.1 python3-keylime-6.3.2-150400.4.11.1 References: https://www.suse.com/security/cve/CVE-2022-1053.html https://www.suse.com/security/cve/CVE-2022-31250.html https://bugzilla.suse.com/1199253 https://bugzilla.suse.com/1200885 https://bugzilla.suse.com/1201466 https://bugzilla.suse.com/1201866 From sle-updates at lists.suse.com Wed Aug 3 22:21:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 00:21:25 +0200 (CEST) Subject: SUSE-SU-2022:2656-1: important: Security update for drbd Message-ID: <20220803222125.343E0FC32@maintenance.suse.de> SUSE Security Update: Security update for drbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2656-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of drbd fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2656=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2656=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): drbd-9.0.30~1+git.10bee2d5-150400.3.2.9 drbd-debugsource-9.0.30~1+git.10bee2d5-150400.3.2.9 drbd-kmp-default-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.11-150400.3.2.9 drbd-kmp-default-debuginfo-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.11-150400.3.2.9 - openSUSE Leap 15.4 (aarch64): drbd-kmp-64kb-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.11-150400.3.2.9 drbd-kmp-64kb-debuginfo-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.11-150400.3.2.9 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): drbd-9.0.30~1+git.10bee2d5-150400.3.2.9 drbd-debugsource-9.0.30~1+git.10bee2d5-150400.3.2.9 drbd-kmp-default-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.11-150400.3.2.9 drbd-kmp-default-debuginfo-9.0.30~1+git.10bee2d5_k5.14.21_150400.24.11-150400.3.2.9 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Thu Aug 4 07:17:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:17:44 +0200 (CEST) Subject: SUSE-CU-2022:1741-1: Security update of bci/bci-init Message-ID: <20220804071744.D92DFFC32@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1741-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.17.37 Container Release : 17.37 Severity : important Type : security References : 1164384 1199235 CVE-2019-20454 CVE-2022-1587 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libpcre2-8-0-10.31-150000.3.12.1 updated - container:sles15-image-15.0.0-17.20.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:24:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:24:20 +0200 (CEST) Subject: SUSE-CU-2022:1743-1: Security update of bci/nodejs Message-ID: <20220804072420.38EDAFC32@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1743-1 Container Tags : bci/node:12 , bci/node:12-16.126 , bci/nodejs:12 , bci/nodejs:12-16.126 Container Release : 16.126 Severity : important Type : security References : 1164384 1199235 CVE-2019-20454 CVE-2022-1587 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libpcre2-8-0-10.31-150000.3.12.1 updated - container:sles15-image-15.0.0-17.20.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:25:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:25:11 +0200 (CEST) Subject: SUSE-CU-2022:1744-1: Security update of suse/389-ds Message-ID: <20220804072511.58B28FC32@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1744-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-14.35 , suse/389-ds:latest Container Release : 14.35 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:26:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:26:02 +0200 (CEST) Subject: SUSE-CU-2022:1745-1: Security update of bci/dotnet-aspnet Message-ID: <20220804072602.8036DFC32@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1745-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-18.19 , bci/dotnet-aspnet:3.1.27 , bci/dotnet-aspnet:3.1.27-18.19 Container Release : 18.19 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:26:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:26:40 +0200 (CEST) Subject: SUSE-CU-2022:1746-1: Security update of bci/dotnet-aspnet Message-ID: <20220804072640.82B64FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1746-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-10.29 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-10.29 Container Release : 10.29 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:27:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:27:22 +0200 (CEST) Subject: SUSE-CU-2022:1747-1: Security update of bci/dotnet-aspnet Message-ID: <20220804072722.7D823FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1747-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-19.19 , bci/dotnet-aspnet:6.0.7 , bci/dotnet-aspnet:6.0.7-19.19 , bci/dotnet-aspnet:latest Container Release : 19.19 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:28:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:28:15 +0200 (CEST) Subject: SUSE-CU-2022:1748-1: Security update of bci/dotnet-sdk Message-ID: <20220804072815.52ABEFC32@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1748-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-18.17 , bci/dotnet-sdk:3.1.27 , bci/dotnet-sdk:3.1.27-18.17 Container Release : 18.17 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:28:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:28:51 +0200 (CEST) Subject: SUSE-CU-2022:1749-1: Security update of bci/dotnet-sdk Message-ID: <20220804072851.20B60FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1749-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-10.28 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-10.28 Container Release : 10.28 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:29:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:29:31 +0200 (CEST) Subject: SUSE-CU-2022:1750-1: Security update of bci/dotnet-sdk Message-ID: <20220804072931.B9BC9FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1750-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-21.17 , bci/dotnet-sdk:6.0.7 , bci/dotnet-sdk:6.0.7-21.17 , bci/dotnet-sdk:latest Container Release : 21.17 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:30:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:30:17 +0200 (CEST) Subject: SUSE-CU-2022:1751-1: Security update of bci/dotnet-runtime Message-ID: <20220804073017.E4E64FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1751-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-17.17 , bci/dotnet-runtime:3.1.27 , bci/dotnet-runtime:3.1.27-17.17 Container Release : 17.17 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:31:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:31:04 +0200 (CEST) Subject: SUSE-CU-2022:1752-1: Security update of bci/dotnet-runtime Message-ID: <20220804073104.6F9A2FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1752-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-10.28 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-10.28 Container Release : 10.28 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:31:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:31:50 +0200 (CEST) Subject: SUSE-CU-2022:1753-1: Security update of bci/dotnet-runtime Message-ID: <20220804073150.55DA5FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1753-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-18.17 , bci/dotnet-runtime:6.0.7 , bci/dotnet-runtime:6.0.7-18.17 , bci/dotnet-runtime:latest Container Release : 18.17 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:32:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:32:50 +0200 (CEST) Subject: SUSE-CU-2022:1754-1: Security update of bci/golang Message-ID: <20220804073250.BC656FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1754-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.31 Container Release : 13.31 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:33:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:33:47 +0200 (CEST) Subject: SUSE-CU-2022:1755-1: Security update of bci/golang Message-ID: <20220804073347.CD299FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1755-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-12.31 Container Release : 12.31 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:34:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:34:23 +0200 (CEST) Subject: SUSE-CU-2022:1756-1: Security update of bci/bci-init Message-ID: <20220804073423.E52F2FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1756-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.19.20 , bci/bci-init:latest Container Release : 19.20 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:34:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:34:58 +0200 (CEST) Subject: SUSE-CU-2022:1757-1: Security update of bci/nodejs Message-ID: <20220804073458.7C022FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1757-1 Container Tags : bci/node:14 , bci/node:14-13.32 , bci/nodejs:14 , bci/nodejs:14-13.32 Container Release : 13.32 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:35:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:35:28 +0200 (CEST) Subject: SUSE-CU-2022:1758-1: Security update of bci/nodejs Message-ID: <20220804073528.E9D53FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1758-1 Container Tags : bci/node:16 , bci/node:16-8.29 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-8.29 , bci/nodejs:latest Container Release : 8.29 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:36:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:36:42 +0200 (CEST) Subject: SUSE-CU-2022:1759-1: Security update of bci/openjdk-devel Message-ID: <20220804073642.38D5DFC32@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1759-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.56 , bci/openjdk-devel:latest Container Release : 14.56 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:bci-openjdk-11-11-12.30 updated From sle-updates at lists.suse.com Thu Aug 4 07:37:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:37:35 +0200 (CEST) Subject: SUSE-CU-2022:1760-1: Security update of bci/openjdk Message-ID: <20220804073735.2A1F9FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1760-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.30 , bci/openjdk:latest Container Release : 12.30 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:38:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:38:04 +0200 (CEST) Subject: SUSE-CU-2022:1761-1: Security update of bci/python Message-ID: <20220804073804.E8EE7FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1761-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-4.30 , bci/python:latest Container Release : 4.30 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:38:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:38:34 +0200 (CEST) Subject: SUSE-CU-2022:1762-1: Security update of bci/python Message-ID: <20220804073834.491F8FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1762-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.30 Container Release : 12.30 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:51:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:51:35 +0200 (CEST) Subject: SUSE-CU-2022:1762-1: Security update of bci/python Message-ID: <20220804075135.0544EFC32@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1762-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-12.30 Container Release : 12.30 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:52:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:52:39 +0200 (CEST) Subject: SUSE-CU-2022:1763-1: Security update of bci/ruby Message-ID: <20220804075239.06CE7FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1763-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-10.26 , bci/ruby:latest Container Release : 10.26 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Thu Aug 4 07:53:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:53:01 +0200 (CEST) Subject: SUSE-CU-2022:1764-1: Security update of suse/sle15 Message-ID: <20220804075301.CD30CFC32@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1764-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.9 , suse/sle15:15.4 , suse/sle15:15.4.27.11.9 Container Release : 27.11.9 Severity : important Type : security References : 1160171 1178331 1178332 1198720 1200624 1200747 1201385 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2640-1 Released: Wed Aug 3 10:43:44 2022 Summary: Recommended update for yaml-cpp Type: recommended Severity: moderate References: 1160171,1178331,1178332,1200624 This update for yaml-cpp fixes the following issue: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171). The following package changes have been done: - libyaml-cpp0_6-0.6.3-150400.4.3.1 updated - permissions-20201225-150400.5.8.1 updated From sle-updates at lists.suse.com Thu Aug 4 07:53:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 09:53:19 +0200 (CEST) Subject: SUSE-CU-2022:1765-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20220804075319.9FFECFC32@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1765-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.254 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.254 Severity : critical Type : security References : 1029961 1029961 1040589 1070955 1073299 1093392 1099272 1104700 1112310 1113013 1113554 1115529 1120402 1120610 1121227 1121230 1122004 1122021 1128846 1130496 1130557 1134353 1137373 1139519 1140016 1150451 1160242 1161276 1162581 1162964 1164384 1169582 1169614 1171479 1172055 1172113 1172427 1172973 1172974 1173277 1174075 1174504 1174504 1174911 1176804 1177127 1177460 1177460 1177460 1177460 1177460 1177460 1177598 1178236 1178346 1178350 1178353 1178561 1180125 1180125 1180689 1180786 1181131 1181640 1181658 1181703 1181826 1182959 1182998 1183374 1183533 1183572 1183574 1183659 1183858 1183905 1184214 1184501 1184994 1185016 1185299 1185524 1185588 1185637 1185638 1186040 1186071 1186489 1186503 1186602 1186819 1186910 1187044 1187153 1187196 1187224 1187270 1187273 1187425 1187466 1187512 1187512 1187654 1187668 1187670 1187738 1187760 1187906 1187911 1188127 1188156 1188291 1188344 1188348 1188435 1188507 1188520 1188548 1188571 1188588 1188623 1188713 1188914 1188921 1189028 1189031 1189152 1189241 1189287 1189441 1189446 1189454 1189480 1189520 1189521 1189521 1189683 1189841 1190052 1190059 1190199 1190315 1190356 1190373 1190374 1190401 1190440 1190447 1190465 1190515 1190533 1190552 1190566 1190570 1190598 1190645 1190712 1190739 1190793 1190815 1190824 1190850 1190915 1190926 1190933 1190943 1190984 1191019 1191096 1191157 1191200 1191227 1191260 1191286 1191324 1191370 1191480 1191502 1191532 1191532 1191563 1191592 1191609 1191690 1191690 1191736 1191770 1191794 1191804 1191804 1191826 1191893 1191922 1191987 1192104 1192160 1192161 1192167 1192248 1192249 1192337 1192423 1192436 1192478 1192481 1192489 1192637 1192684 1192688 1192717 1192858 1192902 1192903 1192904 1192951 1192954 1193007 1193086 1193086 1193166 1193179 1193181 1193204 1193273 1193294 1193298 1193430 1193446 1193466 1193480 1193488 1193489 1193632 1193659 1193690 1193711 1193732 1193759 1193868 1193905 1194093 1194178 1194178 1194216 1194216 1194217 1194229 1194251 1194265 1194265 1194362 1194388 1194469 1194474 1194476 1194477 1194478 1194479 1194480 1194522 1194556 1194597 1194640 1194642 1194642 1194708 1194768 1194770 1194785 1194848 1194859 1194872 1194883 1194885 1194898 1194968 1194976 1195004 1195004 1195048 1195054 1195066 1195126 1195149 1195157 1195202 1195203 1195217 1195231 1195247 1195251 1195258 1195283 1195326 1195332 1195354 1195356 1195463 1195468 1195529 1195628 1195654 1195792 1195797 1195825 1195856 1195899 1195999 1196025 1196025 1196026 1196036 1196061 1196093 1196107 1196168 1196169 1196171 1196275 1196317 1196361 1196368 1196406 1196490 1196514 1196567 1196647 1196784 1196825 1196850 1196861 1196925 1196939 1197004 1197024 1197065 1197134 1197443 1197459 1197570 1197718 1197771 1197794 1198062 1198062 1198090 1198114 1198176 1198446 1198507 1198511 1198596 1198614 1198723 1198732 1198748 1198751 1198766 1198922 1199132 1199140 1199166 1199223 1199224 1199232 1199232 1199235 1199240 1199331 1199333 1199334 1199651 1199655 1199693 1199745 1199747 1199936 1200010 1200011 1200012 1200170 1200334 1200550 1200735 1200737 1200855 1200855 1201099 1201560 1201640 954813 CVE-2015-20107 CVE-2017-17087 CVE-2018-16301 CVE-2018-20482 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-20454 CVE-2019-20838 CVE-2019-6285 CVE-2019-6292 CVE-2019-9923 CVE-2020-12762 CVE-2020-14155 CVE-2020-14367 CVE-2020-14370 CVE-2020-15157 CVE-2020-27840 CVE-2021-20193 CVE-2021-20199 CVE-2021-20277 CVE-2021-20291 CVE-2021-20316 CVE-2021-22570 CVE-2021-22946 CVE-2021-22947 CVE-2021-28153 CVE-2021-33574 CVE-2021-3426 CVE-2021-3572 CVE-2021-35942 CVE-2021-3602 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-3733 CVE-2021-3737 CVE-2021-37600 CVE-2021-3778 CVE-2021-3778 CVE-2021-3796 CVE-2021-3796 CVE-2021-3872 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3927 CVE-2021-3928 CVE-2021-3928 CVE-2021-39537 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-3984 CVE-2021-3995 CVE-2021-3996 CVE-2021-3997 CVE-2021-3997 CVE-2021-3999 CVE-2021-4019 CVE-2021-4019 CVE-2021-4024 CVE-2021-4069 CVE-2021-41190 CVE-2021-4122 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-4193 CVE-2021-43566 CVE-2021-43618 CVE-2021-44141 CVE-2021-44142 CVE-2021-45960 CVE-2021-46059 CVE-2021-46059 CVE-2021-46143 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0318 CVE-2022-0319 CVE-2022-0319 CVE-2022-0336 CVE-2022-0351 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0413 CVE-2022-0696 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1381 CVE-2022-1420 CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S??o Tom?? and Pr??ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:51 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3291-1 Released: Wed Oct 6 16:45:36 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489). - CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1134353,1184994,1188291,1188588,1188713,1189446,1189480 This update for systemd fixes the following issues: - Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353). - Multipath: Rules weren't applied to dm devices (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994). - Remove kernel unsupported single-queue block I/O. - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when updating active udev on sockets restart (bsc#1188291). - Merge of v246.16, for a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d - Drop 1007-tmpfiles-follow-SUSE-policies.patch: Since most of the tmpfiles config files shipped by upstream are ignored (see previous commit 'Drop most of the tmpfiles that deal with generic paths'), this patch is no more relevant. Additional fixes: - core: make sure cgroup_oom_queue is flushed on manager exit. - cgroup: do 'catchup' for unit cgroup inotify watch files. - journalctl: never fail at flushing when the flushed flag is set (bsc#1188588). - manager: reexecute on SIGRTMIN+25, user instances only. - manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446). - pid1: watchdog modernizations. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:3327-1 Released: Mon Oct 11 11:44:50 2021 Summary: Optional update for coreutils Type: optional Severity: low References: 1189454 This optional update for coreutils fixes the following issue: - Provide coreutils documentation, 'coreutils-doc', with 'L2' support level. (bsc#1189454) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1191019 This update for lvm2 fixes the following issues: - Do not crash vgextend when extending VG with missing PV. (bsc#1191019) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3413-1 Released: Wed Oct 13 10:50:45 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1189441,1189841,1190598 This update for suse-module-tools fixes the following issues: - Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598) - Fixed an issue where initrd was not always rebuilding after installing any kernel-*-extra package (bsc#1189441) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3509-1 Released: Tue Oct 26 09:47:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.3.13: - Fix bad exit status in openQA. (bsc#1191922) - Ignore kernel keyring for kernel certificates. (bsc#1191480) - Deal with existing certificates that should be de-enrolled. (bsc#1191804) - Don't pass existing files to weak-modules2. (bsc#1191200) - Skip certificate scriptlet on non-UEFI systems. (bsc#1191260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3538-1 Released: Wed Oct 27 10:40:32 2021 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1160242 This update for iproute2 fixes the following issues: - Follow-up fixes backported from upstream. (bsc#1160242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3545-1 Released: Wed Oct 27 14:46:39 2021 Summary: Recommended update for less Type: recommended Severity: low References: 1190552 This update for less fixes the following issues: - Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3564-1 Released: Wed Oct 27 16:12:08 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1190850 This update for rpm-config-SUSE fixes the following issues: - Support ZSTD compressed kernel modules. (bsc#1190850) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3589-1 Released: Mon Nov 1 19:27:52 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3890-1 Released: Fri Dec 3 10:19:50 2021 Summary: Recommended update for gdb Type: recommended Severity: moderate References: 1180786,1184214,1185638,1186040,1187044 This update for gdb fixes the following issues: Rebase to 11.1 release (as in fedora 35 @ 9cd9368): * GDB now supports general memory tagging functionality if the underlying architecture supports the proper primitives and hooks. Currently this is enabled only for AArch64 MTE. * GDB will now look for the .gdbinit file in a config directory before looking for ~/.gdbinit. The file is searched for in the following locations: $XDG_CONFIG_HOME/gdb/gdbinit, $HOME/.config/gdb/gdbinit, $HOME/.gdbinit. * GDB will now load and process commands from ~/.config/gdb/gdbearlyinit or ~/.gdbearlyinit if these files are present. These files are processed earlier than any of the other initialization files and can affect parts of GDB's startup that previously had already been completed before the initialization files were read, for example styling of the initial GDB greeting. * GDB now has two new options '--early-init-command' and '--early-init-eval-command' with corresponding short options '-eix' and '-eiex' that allow options (that would normally appear in a gdbearlyinit file) to be passed on the command line. * set startup-quietly on|off show startup-quietly When 'on', this causes GDB to act as if '-silent' were passed on the command line. This command needs to be added to an early initialization file (e.g. ~/.config/gdb/gdbearlyinit) in order to affect GDB. * For RISC-V targets, the target feature 'org.gnu.gdb.riscv.vector' is now understood by GDB, and can be used to describe the vector registers of a target. * TUI windows now support mouse actions. The mouse wheel scrolls the appropriate window. * Key combinations that do not have a specific action on the focused window are passed to GDB. For example, you now can use Ctrl-Left/Ctrl-Right to move between words in the command window regardless of which window is in focus. Previously you would need to focus on the command window for such key combinations to work. * set python ignore-environment on|off show python ignore-environment When 'on', this causes GDB's builtin Python to ignore any environment variables that would otherwise affect how Python behaves. This command needs to be added to an early initialization file (e.g. ~/.config/gdb/gdbearlyinit) in order to affect GDB. * set python dont-write-bytecode auto|on|off show python dont-write-bytecode When 'on', this causes GDB's builtin Python to not write any byte-code (.pyc files) to disk. This command needs to be added to an early initialization file (e.g. ~/.config/gdb/gdbearlyinit) in order to affect GDB. When 'off' byte-code will always be written. When set to 'auto' (the default) Python will check the PYTHONDONTWRITEBYTECODE environment variable. * break [PROBE_MODIFIER] [LOCATION] [thread THREADNUM] [-force-condition] [if CONDITION] This command would previously refuse setting a breakpoint if the CONDITION expression is invalid at a location. It now accepts and defines the breakpoint if there is at least one location at which the CONDITION is valid. The locations for which the CONDITION is invalid, are automatically disabled. If CONDITION is invalid at all of the locations, setting the breakpoint is still rejected. However, the '-force-condition' flag can be used in this case for forcing GDB to define the breakpoint, making all the current locations automatically disabled. This may be useful if the user knows the condition will become meaningful at a future location, e.g. due to a shared library load. - Update libipt to v2.0.4. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191532,1191690 This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:48-1 Released: Tue Jan 11 09:17:57 2022 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1190566,1192249,1193179 This update for python3 fixes the following issues: - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249). - Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566) - Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:144-1 Released: Thu Jan 20 16:38:23 2022 Summary: Security update for cryptsetup Type: security Severity: moderate References: 1194469,CVE-2021-4122 This update for cryptsetup fixes the following issues: - CVE-2021-4122: Fixed possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery (bsc#1194469). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:207-1 Released: Thu Jan 27 09:24:49 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: This update for glibc fixes the following issues: - Add support for livepatches on x86_64 for SUSE Linux Enterprise 15 SP4 (jsc#SLE-20049). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:330-1 Released: Fri Feb 4 09:29:08 2022 Summary: Security update for glibc Type: security Severity: important References: 1194640,1194768,1194770,1194785,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 This update for glibc fixes the following issues: - CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640) - CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770) Features added: - IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:335-1 Released: Fri Feb 4 10:24:02 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:343-1 Released: Mon Feb 7 15:16:58 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193086 This update for systemd fixes the following issues: - disable DNSSEC until the following issue is solved: https://github.com/systemd/systemd/issues/10579 - disable fallback DNS servers and fail when no DNS server info could be obtained from the links. - DNSSEC support requires openssl therefore document this build dependency in systemd-network sub-package. - Improve warning messages (bsc#1193086). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:283-1 Released: Tue Feb 8 16:10:39 2022 Summary: Security update for samba Type: security Severity: critical References: 1139519,1183572,1183574,1188571,1191227,1191532,1192684,1193690,1194859,1195048,CVE-2020-27840,CVE-2021-20277,CVE-2021-20316,CVE-2021-36222,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336 - CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048); samba was updated to 4.15.4 (jsc#SLE-23329); * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set 'client max protocol' to NT1 before calling the 'Reconnecting with SMB1 for workgroup listing' path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * 'smbd --build-options' no longer works without an smb.conf file; (bso#14945); Samba was updated to version 4.15.3 + CVE-2021-43566: Symlink race error can allow directory creation outside of the exported share; (bsc#1139519); + CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share; (bsc#1191227); - Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba krb5 was updated to 1.16.3 to 1.19.2 * Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222); * Fix a memory leak when gss_inquire_cred() is called without a credential handle. Changes from 1.19.1: * Fix a linking issue with Samba. * Better support multiple pkinit_identities values by checking whether certificates can be loaded for each value. Changes from 1.19 Administrator experience * When a client keytab is present, the GSSAPI krb5 mech will refresh credentials even if the current credentials were acquired manually. * It is now harder to accidentally delete the K/M entry from a KDB. Developer experience * gss_acquire_cred_from() now supports the 'password' and 'verify' options, allowing credentials to be acquired via password and verified using a keytab key. * When an application accepts a GSS security context, the new GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor both provided matching channel bindings. * Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests to identify the desired client principal by certificate. * PKINIT certauth modules can now cause the hw-authent flag to be set in issued tickets. * The krb5_init_creds_step() API will now issue the same password expiration warnings as krb5_get_init_creds_password(). Protocol evolution * Added client and KDC support for Microsoft's Resource-Based Constrained Delegation, which allows cross-realm S4U2Proxy requests. A third-party database module is required for KDC support. * kadmin/admin is now the preferred server principal name for kadmin connections, and the host-based form is no longer created by default. The client will still try the host-based form as a fallback. * Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be required for the initiator if the acceptor provided them. The client will send this option if the client_aware_gss_bindings profile option is set. User experience * kinit will now issue a warning if the des3-cbc-sha1 encryption type is used in the reply. This encryption type will be deprecated and removed in future releases. * Added kvno flags --out-cache, --no-store, and --cached-only (inspired by Heimdal's kgetcred). Changes from 1.18.3 * Fix a denial of service vulnerability when decoding Kerberos protocol messages. * Fix a locking issue with the LMDB KDB module which could cause KDC and kadmind processes to lose access to the database. * Fix an assertion failure when libgssapi_krb5 is repeatedly loaded and unloaded while libkrb5support remains loaded. Changes from 1.18.2 * Fix a SPNEGO regression where an acceptor using the default credential would improperly filter mechanisms, causing a negotiation failure. * Fix a bug where the KDC would fail to issue tickets if the local krbtgt principal's first key has a single-DES enctype. * Add stub functions to allow old versions of OpenSSL libcrypto to link against libkrb5. * Fix a NegoEx bug where the client name and delegated credential might not be reported. Changes from 1.18.1 * Fix a crash when qualifying short hostnames when the system has no primary DNS domain. * Fix a regression when an application imports 'service@' as a GSS host-based name for its acceptor credential handle. * Fix KDC enforcement of auth indicators when they are modified by the KDB module. * Fix removal of require_auth string attributes when the LDAP KDB module is used. * Fix a compile error when building with musl libc on Linux. * Fix a compile error when building with gcc 4.x. * Change the KDC constrained delegation precedence order for consistency with Windows KDCs. Changes from 1.18 Administrator experience: * Remove support for single-DES encryption types. * Change the replay cache format to be more efficient and robust. Replay cache filenames using the new format end with '.rcache2' by default. * setuid programs will automatically ignore environment variables that normally affect krb5 API functions, even if the caller does not use krb5_init_secure_context(). * Add an 'enforce_ok_as_delegate' krb5.conf relation to disable credential forwarding during GSSAPI authentication unless the KDC sets the ok-as-delegate bit in the service ticket. * Use the permitted_enctypes krb5.conf setting as the default value for default_tkt_enctypes and default_tgs_enctypes. Developer experience: * Implement krb5_cc_remove_cred() for all credential cache types. * Add the krb5_pac_get_client_info() API to get the client account name from a PAC. Protocol evolution: * Add KDC support for S4U2Self requests where the user is identified by X.509 certificate. (Requires support for certificate lookup from a third-party KDB module.) * Remove support for an old ('draft 9') variant of PKINIT. * Add support for Microsoft NegoEx. (Requires one or more third-party GSS modules implementing NegoEx mechanisms.) User experience: * Add support for 'dns_canonicalize_hostname=fallback', causing host-based principal names to be tried first without DNS canonicalization, and again with DNS canonicalization if the un-canonicalized server is not found. * Expand single-component hostnames in host-based principal names when DNS canonicalization is not used, adding the system's first DNS search path as a suffix. Add a 'qualify_shortname' krb5.conf relation to override this suffix or disable expansion. * Honor the transited-policy-checked ticket flag on application servers, eliminating the requirement to configure capaths on servers in some scenarios. Code quality: * The libkrb5 serialization code (used to export and import krb5 GSS security contexts) has been simplified and made type-safe. * The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED messages has been revised to conform to current coding practices. * The test suite has been modified to work with macOS System Integrity Protection enabled. * The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support can always be tested. Changes from 1.17.1 * Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin. * Fix a bug preventing time skew correction from working when a KCM credential cache is used. Changes from 1.17: Administrator experience: * A new Kerberos database module using the Lightning Memory-Mapped Database library (LMDB) has been added. The LMDB KDB module should be more performant and more robust than the DB2 module, and may become the default module for new databases in a future release. * 'kdb5_util dump' will no longer dump policy entries when specific principal names are requested. Developer experience: * The new krb5_get_etype_info() API can be used to retrieve enctype, salt, and string-to-key parameters from the KDC for a client principal. * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise principal names to be used with GSS-API functions. * KDC and kadmind modules which call com_err() will now write to the log file in a format more consistent with other log messages. * Programs which use large numbers of memory credential caches should perform better. Protocol evolution: * The SPAKE pre-authentication mechanism is now supported. This mechanism protects against password dictionary attacks without requiring any additional infrastructure such as certificates. SPAKE is enabled by default on clients, but must be manually enabled on the KDC for this release. * PKINIT freshness tokens are now supported. Freshness tokens can protect against scenarios where an attacker uses temporary access to a smart card to generate authentication requests for the future. * Password change operations now prefer TCP over UDP, to avoid spurious error messages about replays when a response packet is dropped. * The KDC now supports cross-realm S4U2Self requests when used with a third-party KDB module such as Samba's. The client code for cross-realm S4U2Self requests is also now more robust. User experience: * The new ktutil addent -f flag can be used to fetch salt information from the KDC for password-based keys. * The new kdestroy -p option can be used to destroy a credential cache within a collection by client principal name. * The Kerberos man page has been restored, and documents the environment variables that affect programs using the Kerberos library. Code quality: * Python test scripts now use Python 3. * Python test scripts now display markers in verbose output, making it easier to find where a failure occurred within the scripts. * The Windows build system has been simplified and updated to work with more recent versions of Visual Studio. A large volume of unused Windows-specific code has been removed. Visual Studio 2013 or later is now required. - Build with full Cyrus SASL support. Negotiating SASL credentials with an EXTERNAL bind mechanism requires interaction. Kerberos provides its own interaction function that skips all interaction, thus preventing the mechanism from working. ldb was updated to version 2.4.1 (jsc#SLE-23329); - Release 2.4.1 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message; (bso#14845); + Fix memory handling in ldb.msg_diff; (bso#14836); - Release 2.4.0 + pyldb: Fix Message.items() for a message containing elements + pyldb: Add test for Message.items() + tests: Use ldbsearch '--scope instead of '-s' + Change page size of guidindexpackv1.ldb + Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream + attrib_handler casefold: simplify space dropping + fix ldb_comparison_fold off-by-one overrun + CVE-2020-27840: pytests: move Dn.validate test to ldb + CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode + CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds + CVE-2021-20277 ldb tests: ldb_match tests with extra spaces + improve comments for ldb_module_connect_backend() + test/ldb_tdb: correct introductory comments + ldb.h: remove undefined async_ctx function signatures + correct comments in attrib_handers val_to_int64 + dn tests use cmocka print functions + ldb_match: remove redundant check + add tests for ldb_wildcard_compare + ldb_match: trailing chunk must match end of string + pyldb: catch potential overflow error in py_timestring + ldb: remove some 'if PY3's in tests talloc was updated to 2.3.3: + various bugfixes + python: Ensure reference counts are properly incremented + Change pytalloc source to LGPL + Upgrade waf to 2.0.18 to fix a cross-compilation issue; (bso#13846). tdb was updated to version 1.4.4: + various bugfixes tevent was updated to version 0.11.0: + Add custom tag to events + Add event trace api sssd was updated to: - Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5 - Update the private ldb modules installation following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba apparmor was updated to: - Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684). - add profile for samba-bgqd (bsc#1191532). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:383-1 Released: Tue Feb 15 17:47:36 2022 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1194265 This update for cyrus-sasl fixes the following issues: - Fixed an issue when in postfix 'sasl' authentication with password fails. (bsc#1194265) - Add config parameter '--with-dblib=gdbm' - Avoid converting of '/etc/sasldb2 by every update. Convert '/etc/sasldb2' only if it is a Berkeley DB. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:539-1 Released: Mon Feb 21 13:47:51 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1191826,1192637,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178). The following non-security bugs were fixed: - udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637) - localectl: don't omit keymaps files that are symlinks (bsc#1191826) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: 23018 Released: Fri Mar 4 08:31:54 2022 Summary: Security update for conmon, libcontainers-common, libseccomp, podman Type: security Severity: moderate References: 1176804,1177598,1181640,1182998,1188520,1188914,1193166,1193273,CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602,CVE-2021-4024,CVE-2021-41190 This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues: podman was updated to 3.4.4. Security issues fixed: - fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion - fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs - fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost - Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade path from podman < 3.1.2 Update to version 3.4.4: * Bugfixes - Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535). - Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523). - Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521). - Update to version 3.4.3: * Security - This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. * Features - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287). * Bugfixes - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065). - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933). - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438). - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189). - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263). - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642). - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248). - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329). - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532). - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086). - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400). - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402). - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452). - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457). - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416). * API - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services. - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842). - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419). - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420). - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378). - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392). - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409). - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453). - Update to version 3.4.2: * Fixed a bug where podman tag could not tag manifest lists (#12046). * Fixed a bug where built-in volumes specified by images would not be created correctly under some circumstances. * Fixed a bug where, when using Podman Machine on OS X, containers in pods did not have working port forwarding from the host (#12207). * Fixed a bug where the podman network reload command command on containers using the slirp4netns network mode and the rootlessport port forwarding driver would make an unnecessary attempt to restart rootlessport on containers that did not forward ports. * Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. empty SELinux and DNS configuration blocks, and the privileged flag when set to false) (#11995). * Fixed a bug where the podman pod rm command could, if interrupted at the right moment, leave a reference to an already-removed infra container behind (#12034). * Fixed a bug where the podman pod rm command would not remove pods with more than one container if all containers save for the infra container were stopped unless --force was specified (#11713). * Fixed a bug where the --memory flag to podman run and podman create did not accept a limit of 0 (which should specify unlimited memory) (#12002). * Fixed a bug where the remote Podman client's podman build command could attempt to build a Dockerfile in the working directory of the podman system service instance instead of the Dockerfile specified by the user (#12054). * Fixed a bug where the podman logs --tail command could function improperly (printing more output than requested) when the journald log driver was used. * Fixed a bug where containers run using the slirp4netns network mode with IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062). * Fixed a bug where some Podman commands could cause an extra dbus-daemon process to be created (#9727). * Fixed a bug where rootless Podman would sometimes print warnings about a failure to move the pause process into a given CGroup (#12065). * Fixed a bug where the checkpointed field in podman inspect on a container was not set to false after a container was restored. * Fixed a bug where the podman system service command would print overly-verbose logs about request IDs (#12181). * Fixed a bug where Podman could, when creating a new container without a name explicitly specified by the user, sometimes use an auto-generated name already in use by another container if multiple containers were being created in parallel (#11735). Update to version 3.4.1: * Bugfixes - Fixed a bug where podman machine init could, under some circumstances, create invalid machine configurations which could not be started (#11824). - Fixed a bug where the podman machine list command would not properly populate some output fields. - Fixed a bug where podman machine rm could leave dangling sockets from the removed machine (#11393). - Fixed a bug where podman run --pids-limit=-1 was not supported (it now sets the PID limit in the container to unlimited) (#11782). - Fixed a bug where podman run and podman attach could throw errors about a closed network connection when STDIN was closed by the client (#11856). - Fixed a bug where the podman stop command could fail when run on a container that had another podman stop command run on it previously. - Fixed a bug where the --sync flag to podman ps was nonfunctional. - Fixed a bug where the Windows and OS X remote clients' podman stats command would fail (#11909). - Fixed a bug where the podman play kube command did not properly handle environment variables whose values contained an = (#11891). - Fixed a bug where the podman generate kube command could generate invalid annotations when run on containers with volumes that use SELinux relabelling (:z or :Z) (#11929). - Fixed a bug where the podman generate kube command would generate YAML including some unnecessary (set to default) fields (e.g. user and group, entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965). - Fixed a bug where the podman generate kube command could, under some circumstances, generate YAML including an invalid targetPort field for forwarded ports (#11930). - Fixed a bug where rootless Podman's podman info command could, under some circumstances, not read available CGroup controllers (#11931). - Fixed a bug where podman container checkpoint --export would fail to checkpoint any container created with --log-driver=none (#11974). * API - Fixed a bug where the Compat Create endpoint for Containers could panic when no options were passed to a bind mount of tmpfs (#11961). Update to version 3.4.0: * Features - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option. - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created. - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container. - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML. - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command. - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time. - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file). - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again. - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option. - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp. - The podman image scp command has been added. This command allows images to be transferred between different hosts. - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed. - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified). - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation. - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited. - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265). - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use. - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf. - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine. - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527). * Changes - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so. - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages. - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file. - Podman no longer depends on ip for removing networks (#11403). - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release. - The podman machine start command now prints a message when the VM is successfully started. - The podman stats command can now be used on containers that are paused. - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run). - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam. - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry. * Bugfixes - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly. - Fixed a bug where the Windows remote client improperly validated volume paths (#10900). - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped. - Fixed a bug where images created by podman commit did not include ports exposed by the container. - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171). - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352). - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443). - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container. - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path. - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387). - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344). - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418). - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411). - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421). - Fixed a bug where the podman info command could segfault when accessing cgroup information. - Fixed a bug where the podman logs -f command could hang when a container exited (#11461). - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474). - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732). - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified. - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392). - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf. - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785). - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496). - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469). - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444). - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540). - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically. - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod. - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag. - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596). - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557). - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output. - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687). - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633). - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML. - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672). - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207). - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731). - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740). - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750). * API - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612). - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients. - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623). - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225). - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831). - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered. - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails. - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227). - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235). - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages. - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053). Update to version 3.3.1: * Bugfixes - Fixed a bug where unit files created by podman generate systemd could not cleanup shut down containers when stopped by systemctl stop (#11304). - Fixed a bug where podman machine commands would not properly locate the gvproxy binary in some circumstances. - Fixed a bug where containers created as part of a pod using the --pod-id-file option would not join the pod's network namespace (#11303). - Fixed a bug where Podman, when using the systemd cgroups driver, could sometimes leak dbus sessions. - Fixed a bug where the until filter to podman logs and podman events was improperly handled, requiring input to be negated (#11158). - Fixed a bug where rootless containers using CNI networking run on systems using systemd-resolved for DNS would fail to start if resolved symlinked /etc/resolv.conf to an absolute path (#11358). * API - A large number of potential file descriptor leaks from improperly closing client connections have been fixed. Update to version 3.3.0: * Fix network aliases with network id * machine: compute sha256 as we read the image file * machine: check for file exists instead of listing directory * pkg/bindings/images.nTar(): slashify hdr.Name values * Volumes: Only remove from DB if plugin removal succeeds * For compatibility, ignore Content-Type * [v3.3] Bump c/image 5.15.2, buildah v1.22.3 * Implement SD-NOTIFY proxy in conmon * Fix rootless cni dns without systemd stub resolver * fix rootlessport flake * Skip stats test in CGv1 container environments * Fix AVC denials in tests of volume mounts * Restore buildah-bud test requiring new images * Revert '.cirrus.yml: use fresh images for all VMs' * Fix device tests using ls test files * Enhance priv. dev. check * Workaround host availability of /dev/kvm * Skip cgroup-parent test due to frequent flakes * Cirrus: Fix not uploading logformatter html Switch to crun (bsc#1188914) Update to version 3.2.3: * Bump to v3.2.3 * Update release notes for v3.2.3 * vendor containers/common at v0.38.16 * vendor containers/buildah at v1.21.3 * Fix race conditions in rootless cni setup * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf * Make rootless-cni setup more robust * Support uid,gid,mode options for secrets * vendor containers/common at v0.38.15 * [CI:DOCS] podman search: clarify that results depend on implementation * vendor containers/common at v0.38.14 * vendor containers/common at v0.38.13 * [3.2] vendor containers/common at v0.38.12 * Bump README to v3.2.2 * Bump to v3.2.3-dev - Update to version 3.2.2: * Bump to v3.2.2 * fix systemcontext to use correct TMPDIR * Scrub podman commands to use report package * Fix volumes with uid and gid options * Vendor in c/common v0.38.11 * Initial release notes for v3.2.2 * Fix restoring of privileged containers * Fix handling of podman-remote build --device * Add support for podman remote build -f - . * Fix panic condition in cgroups.getAvailableControllers * Fix permissions on initially created named volumes * Fix building static podman-remote * add correct slirp ip to /etc/hosts * disable tty-size exec checks in system tests * Fix resize race with podman exec -it * Fix documentation of the --format option of podman push * Fix systemd-resolved detection. * Health Check is not handled in the compat LibpodToContainerJSON * Do not use inotify for OCICNI * getContainerNetworkInfo: lock netNsCtr before sync * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership * Create the /etc/mtab file if does not exists * [v3.2] cp: do not allow dir->file copying * create: support images with invalid platform * vendor containers/common at v0.38.10 * logs: k8s-file: restore poll sleep * logs: k8s-file: fix spurious error logs * utils: move message from warning to debug * Bump to v3.2.2-dev - Update to version 3.2.1: * Bump to v3.2.1 * Updated release notes for v3.2.1 * Fix network connect race with docker-compose * Revert 'Ensure minimum API version is set correctly in tests' * Fall back to string for dockerfile parameter * remote events: fix --stream=false * [CI:DOCS] fix incorrect network remove api doc * remote: always send resize before the container starts * remote events: support labels * remote pull: cancel pull when connection is closed * Fix network prune api docs * Improve systemd-resolved detection * logs: k8s-file: fix race * Fix image prune --filter cmd behavior * Several shell completion fixes * podman-remote build should handle -f option properly * System tests: deal with crun 0.20.1 * Fix build tags for pkg/machine... * Fix pre-checkpointing * container: ignore named hierarchies * [v3.2] vendor containers/common at v0.38.9 * rootless: fix fast join userns path * [v3.2] vendor containers/common at v0.38.7 * [v3.2] vendor containers/common at v0.38.6 * Correct qemu options for Intel macs * Ensure minimum API version is set correctly in tests * Bump to v3.2.1-dev - Update to version 3.2.0: * Bump to v3.2.0 * Fix network create macvlan with subnet option * Final release notes updates for v3.2.0 * add ipv6 nameservers only when the container has ipv6 enabled * Use request context instead of background * [v.3.2] events: support disjunctive filters * System tests: add :Z to volume mounts * generate systemd: make mounts portable * vendor containers/storage at v1.31.3 * vendor containers/common at v0.38.5 * Bump to v3.2.0-dev * Bump to v3.2.0-RC3 * Update release notes for v3.2.0-RC3 * Fix race on podman start --all * Fix race condition in running ls container in a pod * docs: --cert-dir: point to containers-certs.d(5) * Handle hard links in different directories * Improve OCI Runtime error * Handle hard links in remote builds * Podman info add support for status of cgroup controllers * Drop container does not exist on removal to debugf * Downgrade API service routing table logging * add libimage events * docs: generate systemd: XDG_RUNTIME_DIR * Fix problem copying files when container is in host pid namespace * Bump to v3.2.0-dev * Bump to v3.2.0-RC2 * update c/common * Update Cirrus DEST_BRANCH to v3.2 * Updated vendors of c/image, c/storage, Buildah * Initial release notes for v3.2.0-RC2 * Add script for identifying commits in release branches * Add host.containers.internal entry into container's etc/hosts * image prune: remove unused images only with `--all` * podman network reload add rootless support * Use more recent `stale` release... * network tutorial: update with rootless cni changes * [CI:DOCS] Update first line in intro page * Use updated VM images + updated automation tooling * auto-update service: prune images * make vendor * fix system upgrade tests * Print 'extracting' only on compressed file * podman image tree: restore previous behavior * fix network restart always test * fix incorrect log driver in podman container image * Add support for cli network prune --filter flag * Move filter parsing to common utils * Bump github.com/containers/storage from 1.30.2 to 1.30.3 * Update nix pin with `make nixpkgs` * [CI:DOCS] hack/bats - new helper for running system tests * fix restart always with slirp4netns * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94 * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2 * Add host.serviceIsRemote to podman info results * Add client disconnect to build handler loop * Remove obsolete skips * Fix podman-remote build --rm=false ... * fix: improved 'containers/{name}/wait' endpoint * Bump github.com/containers/storage from 1.30.1 to 1.30.2 * Add envars to the generated systemd unit * fix: use UTC Time Stamps in response JSON * fix container startup for empty pidfile * Kube like pods should share ipc,net,uts by default * fix: compat API 'images/get' for multiple images * Revert escaped double dash man page flag syntax * Report Download complete in Compatibility mode * Add documentation on short-names * Bump github.com/docker/docker * Adds support to preserve auto update labels in generate and play kube * [CI:DOCS] Stop conversion of `--` into en dash * Revert Patch to relabel if selinux not enabled * fix per review request * Add support for environment variable secrets * fix pre review request * Fix infinite loop in isPathOnVolume * Add containers.conf information for changing defaults * CI: run rootless tests under ubuntu * Fix wrong macvlan PNG in networking doc. * Add restart-policy to container filters & --filter to podman start * Fixes docker-compose cannot set static ip when use ipam * channel: simplify implementation * build: improve regex for iidfile * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0 * cgroup: fix rootless --cgroup-parent with pods * fix: docker APIv2 `images/get` * codespell cleanup * Minor podmanimage docs updates. * Fix handling of runlabel IMAGE and NAME * Bump to v3.2.0-dev * Bump to v3.2.0-rc1 * rootless: improve automatic range split * podman: set volatile storage flag for --rm containers * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2 * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0 * migrate Podman to containers/common/libimage * Add filepath glob support to --security-opt unmask * Force log_driver to k8s-file for containers in containers * add --mac-address to podman play kube * compat api: Networks must be empty instead of null * System tests: honor $OCI_RUNTIME (for CI) * is this a bug? * system test image: add arm64v8 image * Fix troubleshooting documentation on handling sublemental groups. * Add --all to podman start * Fix variable reference typo. in multi-arch image action * cgroup: always honor --cgroup-parent with cgroupfs * Bump github.com/uber/jaeger-client-go * Don't require tests for github-actions & metadata * Detect if in podman machine virtual vm * Fix multi-arch image workflow typo * [CI:DOCS] Add titles to remote docs (windows) * Remove unused VolumeList* structs * Cirrus: Update F34beta -> F34 * Update container image docs + fix unstable execution * Bump github.com/containers/storage from 1.30.0 to 1.30.1 * TODO complete * Docker returns 'die' status rather then 'died' status * Check if another VM is running on machine start * [CI:DOCS] Improve titles of command HTML pages * system tests: networking: fix another race condition * Use seccomp_profile as default profile if defined in containers.conf * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 * Vendored * Autoupdate local label functional * System tests: fix two race conditions * Add more documentation on conmon * Allow docker volume create API to pass without name * Cirrus: Update Ubuntu images to 21.04 * Skip blkio-weight test when no kernel BFQ support * rootless: Tell the user what was led to the error, not just what it is * Add troubleshooting advice about the --userns option. * Fix images prune filter until * Fix logic for pushing stable multi-arch images * Fixes generate kube incorrect when bind-mounting '/' and '/root' * libpod/image: unit tests: don't use system's registries.conf.d * runtime: create userns when CAP_SYS_ADMIN is not present * rootless: attempt to copy current mappings first * [CI:DOCS] Restore missing content to manpages * [CI:DOCS] Fix Markdown layout bugs * Fix podman ps --filter ancestor to match exact ImageName/ImageID * Add machine-enabled to containers.conf for machine * Several multi-arch image build/push fixes * Add podman run --timeout option * Parse slirp4netns net options with compat api * Fix rootlesskit port forwarder with custom slirp cidr * Fix removal race condition in ListContainers * Add github-action workflow to build/push multi-arch * rootless: if root is not sub?id raise a debug message * Bump github.com/containers/common from 0.36.0 to 0.37.0 * Add go template shell completion for --format * Add --group-add keep-groups: suplimentary groups into container * Fixes from make codespell * Typo fix to usage text of --compress option * corrupt-image test: fix an oops * Add --noheading flag to all list commands * Bump github.com/containers/storage from 1.29.0 to 1.30.0 * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 * [CI:DOCS] Fix Markdown table layout bugs * podman-remote should show podman.sock info * rmi: don't break when the image is missing a manifest * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * Add support for CDI device configuration * [CI:DOCS] Add missing dash to verbose option * Bump github.com/uber/jaeger-client-go * Remove an advanced layer diff function * Ensure mount destination is clean, no trailing slash * add it for inspect pidfile * [CI:DOCS] Fix introduction page typo * support pidfile on container restore * fix start it * skip pidfile test on remote * improve document * set pidfile default value int containerconfig * add pidfile in inspection * add pidfile it for container start * skip pidfile it on remote * Modify according to comments * WIP: drop test requirement * runtime: bump required conmon version * runtime: return findConmon to libpod * oci: drop ExecContainerCleanup * oci: use `--full-path` option for conmon * use AttachSocketPath when removing conmon files * hide conmon-pidfile flag on remote mode * Fix possible panic in libpod/image/prune.go * add --ip to podman play kube * add flag autocomplete * add ut * add flag '--pidfile' for podman create/run * Add network bindings tests: remove and list * Fix build with GO111MODULE=off * system tests: build --pull-never: deal with flakes * compose test: diagnose flakes v3 * podman play kube apply correct log driver * Fixes podman-remote save to directories does not work * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 * Update documentation of podman-run to reflect volume 'U' option * Fix flake on failed podman-remote build : try 2 * compose test: ongoing efforts to diagnose flakes * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix flake on failed podman-remote build * System tests: fix racy podman-inspect * Fixes invalid expression in save command * Bump github.com/containers/common from 0.35.4 to 0.36.0 * Update nix pin with `make nixpkgs` * compose test: try to get useful data from flakes * Remove in-memory state implementation * Fix message about runtime to show only the actual runtime * System tests: setup: better cleanup of stray images * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 * Reflect current state of prune implementation in docs * Do not delete container twice * [CI:DOCS] Correct status code for /pods/create * vendor in containers/storage v1.29.0 * cgroup: do not set cgroup parent when rootless and cgroupfs * Overhaul Makefile binary and release worflows * Reorganize Makefile with sections and guide * Simplify Makefile help target * Don't shell to obtain current directory * Remove unnecessary/not-needed release.txt target * Fix incorrect version number output * Exclude .gitignore from test req. * Fix handling of $NAME and $IMAGE in runlabel * Update podman image Dockerfile to support Podman in container * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Fix slashes in socket URLs * Add network prune filters support to bindings * Add support for play/generate kube volumes * Update manifest API endpoints * Fix panic when not giving a machine name for ssh * cgroups: force 64 bits to ParseUint * Bump k8s.io/api from 0.20.5 to 0.21.0 * [CI:DOCS] Fix formatting of podman-build man page * buildah-bud tests: simplify * Add missing return * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 * speed up CI handling of images * Volumes prune endpoint should use only prune filters * Cirrus: Use Fedora 34beta images * Bump go.sum + Makefile for golang 1.16 * Exempt Makefile changes from test requirements * Adjust libpod API Container Wait documentation to the code * [CI:DOCS] Update swagger definition of inspect manifest * use updated ubuntu images * podman unshare: add --rootless-cni to join the ns * Update swagger-check * swagger: remove name wildcards * Update buildah-bud diffs * Handle podman-remote --arch, --platform, --os * buildah-bud tests: handle go pseudoversions, plus... * Fix flaking rootless compose test * rootless cni add /usr/sbin to PATH if not present * System tests: special case for RHEL: require runc * Add --requires flag to podman run/create * [CI:DOCS] swagger-check: compare operations * [CI:DOCS] Polish swagger OpertionIDs * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Cirrus: Make use of shared get_ci_vm container * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add support for podman --context default * Verify existence of auth file if specified * fix machine naming conventions * Initial network bindings tests * Update release notes to indicate CVE fix * Move socket activation check into init() and set global condition. * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 * Http api tests for network prune with until filter * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add transport and destination info to manifest doc * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 * Add default template functions * Fix missing podman-remote build options * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * Add ssh connection to root user * Add rootless docker-compose test to the CI * Use the slrip4netns dns in the rootless cni ns * Cleanup the rootless cni namespace * Add new docker-compose test for two networks * Make the docker-compose test work rootless * Remove unused rootless-cni-infra container files * Only use rootless RLK when the container has ports * Fix dnsname test * Enable rootless network connect/disconnect * Move slirp4netns functions into an extra file * Fix pod infra container cni network setup * Add rootless support for cni and --uidmap * rootless cni without infra container * Recreate until container prune tests for bindings * Remove --execute from podman machine ssh * Fixed podman-remote --network flag * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Fix unmount doc reference in image.rst * Should send the OCI runtime path not just the name to buildah * podman machine shell completion * Fix handling of remove --log-rusage param * Fix bindings prune containers flaky test * [CI:DOCS] Add local html build info to docs/README.md * Add podman machine list * Trim white space from /top endpoint results * Remove semantic version suffices from API calls * podman machine init --ignition-path * Document --volume from podman-remote run/create client * Update main branch to reflect the release of v3.1.0 * Silence podman network reload errors with iptables-nft * Containers prune endpoint should use only prune filters * resolve proper aarch64 image names * APIv2 basic test: relax APIVersion check * Add machine support for qemu-system-aarch64 * podman machine init user input * manpage xref: helpful diagnostic for unescaped dash-dash * Bump to v3.2.0-dev * swagger: update system version response body * buildah-bud tests: reenable pull-never test * [NO TESTS NEEDED] Shrink the size of podman-remote * Add powershell completions * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted * Fix long option format on docs.podman.io * system tests: friendier messages for 2-arg is() * service: use LISTEN_FDS * man pages: correct seccomp-policy label * rootless: use is_fd_inherited * podman generate systemd --new do not duplicate params * play kube: add support for env vars defined from secrets * play kube: support optional/mandatory env var from config map * play kube: prepare supporting other env source than config maps * Add machine support for more Linux distros * [NO TESTS NEEDED] Use same function podman-remote rmi as podman * Podman machine enhancements * Add problematic volume name to kube play error messages * Fix podman build --pull-never * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix list pods filter handling in libpod api * Remove resize race condition * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 * Use TMPDIR when commiting images * Add RequiresMountsFor= to systemd generate * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 * Fix swapped dimensions from terminal.GetSize * Rename podman machine create to init and clean up * Correct json field name * system tests: new interactive tests * Improvements for machine * libpod/image: unit tests: use a `registries.conf` for aliases * libpod/image: unit tests: defer cleanup * libpod/image: unit tests: use `require.NoError` * Add --execute flag to podman machine ssh * introduce podman machine * Podman machine CLI and interface stub * Support multi doc yaml for generate/play kube * Fix filters in image http compat/libpod api endpoints * Bump github.com/containers/common from 0.35.3 to 0.35.4 * Bump github.com/containers/storage from 1.28.0 to 1.28.1 * Check if stdin is a term in --interactive --tty mode * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot * [NO TESTS NEEDED] Fix rootless volume plugins * Ensure manually-created volumes have correct ownership * Bump github.com/rootless-containers/rootlesskit * Unification of until filter across list/prune endpoints * Unification of label filter across list/prune endpoints * fixup * fix: build endpoint for compat API * [CI:DOCS] Add note to mappings for user/group userns in build * Bump k8s.io/api from 0.20.1 to 0.20.5 * Validate passed in timezone from tz option * WIP: run buildah bud tests using podman * Fix containers list/prune http api filter behaviour * Generate Kubernetes PersistentVolumeClaims from named volumes - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume 'U' option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. - Update to v3.0.1 * Changes - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output. Bugfixes - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315). - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output. - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems. - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393). - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415). - Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377). - Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378). - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374). - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365). - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed. - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387). - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373). - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191). - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247). * API - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351). - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port. - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred. - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232). - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library. * Misc - Updated Buildah to v1.19.4 - Updated the containers/storage library to v1.24.6 - Changes from v3.0.0 * Features - Podman now features initial support for Docker Compose. - Added the podman rename command, which allows containers to be renamed after they are created (#1925). - The Podman remote client now supports the podman copy command. - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload). - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically. - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them. - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454). - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes. - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times. - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails. - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them. - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132). - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077). - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443). - The podman pod create command now supports the --net=none option (#9165). - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option. - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver. - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container. - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths. - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945. - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512). - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter. The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option. - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned. - The podman volume prune commands now supports filtering what volumes will be pruned. - The podman system prune command now includes information on space reclaimed (#8658). - The podman info command will now properly print information about packages in use on Gentoo and Arch systems. - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384). - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list. - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d. - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf. - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000). * Security - A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. * Changes - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull. - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387). - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here. - The legacy Varlink API has been completely removed from Podman. - The default log level for Podman has been changed from Error to Warn. - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year. - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included. - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615). - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501). - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected. - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service. - Error messages for podman run when an invalid SELinux is specified have been improved. - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace. - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share. - SSH public key handling for remote Podman has been improved. * Bugfixes - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120). - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618). - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040). - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034). - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847). - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176 - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842). - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567). - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374). - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable. - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error. - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803). - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608). - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers. - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790). - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838). - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710). - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211). - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921). - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740). - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843). - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798). - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931). - Fixed a bug where locale environment variables were not properly passed on to Conmon. - Fixed a bug where Podman would not build on the MIPS architecture (#8782). - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0. - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879). - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733). - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886). - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod). - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176). - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506). - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849). - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged. - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846). - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile. - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700). - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680). - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748). - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751). - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored. - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694). - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683). - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547). - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined. - Fixed a bug where the --layers option to podman build was nonfunctional (#8643). - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990). - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650). - Fixed a bug where --format did not support JSON output for individual fields (#8444). - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883). - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498). - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588). - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option. - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error. - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234). - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230). - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773). - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510). - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303). - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003). API - Libpod API version has been bumped to v3.0.0. - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865). - The Compat API for Containers now supports the Rename and Copy APIs. - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses. - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281) - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649). - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly. - Fixed a bug where the Compat Create API for Containers did not set container name properly. - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used). - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker. - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864). - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870). - Fixed a bug where the Libpod Exists endpoint for Images could panic. - Fixed a bug where the Compat List API for Containers did not support all filters (#8860). - Fixed a bug where the Compat List API for Containers did not properly populate the Status field. - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102). - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758). - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files. - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified. - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope. - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did. * Misc - Updated Buildah to v1.19.2 - Updated the containers/storage library to v1.24.5 - Updated the containers/image library to v5.10.2 - Updated the containers/common library to v0.33.4 - Update to v2.2.1 * Changes - Due to a conflict with a previously-removed field, we were forced to modify the way image volumes (mounting images into containers using --mount type=image) were handled in the database. As a result, containers created in Podman 2.2.0 with image volume will not have them in v2.2.1, and these containers will need to be re-created. * Bugfixes - Fixed a bug where rootless Podman would, on systems without the XDG_RUNTIME_DIR environment variable defined, use an incorrect path for the PID file of the Podman pause process, causing Podman to fail to start (#8539). - Fixed a bug where containers created using Podman v1.7 and earlier were unusable in Podman due to JSON decode errors (#8613). - Fixed a bug where Podman could retrieve invalid cgroup paths, instead of erroring, for containers that were not running. - Fixed a bug where the podman system reset command would print a warning about a duplicate shutdown handler being registered. - Fixed a bug where rootless Podman would attempt to mount sysfs in circumstances where it was not allowed; some OCI runtimes (notably crun) would fall back to alternatives and not fail, but others (notably runc) would fail to run containers. - Fixed a bug where the podman run and podman create commands would fail to create containers from untagged images (#8558). - Fixed a bug where remote Podman would prompt for a password even when the server did not support password authentication (#8498). - Fixed a bug where the podman exec command did not move the Conmon process for the exec session into the correct cgroup. - Fixed a bug where shell completion for the ancestor option to podman ps --filter did not work correctly. - Fixed a bug where detached containers would not properly clean themselves up (or remove themselves if --rm was set) if the Podman command that created them was invoked with --log-level=debug. * API - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the Binds and Mounts parameters in HostConfig. - Fixed a bug where the Compat Create endpoint for Containers ignored the Name query parameter. - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the 'default' value for NetworkMode (this value is used extensively by docker-compose) (#8544). - Fixed a bug where the Compat Build endpoint for Images would sometimes incorrectly use the target query parameter as the image's tag. * Misc - Podman v2.2.0 vendored a non-released, custom version of the github.com/spf13/cobra package; this has been reverted to the latest upstream release to aid in packaging. - Updated the containers/image library to v5.9.0 - Update to v2.2.0 * Features - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here. - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created. - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks. - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855). - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742). - The podman play kube command now supports persistent volumes claims using Podman named volumes. - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567). - The podman play kube command now supports a --log-driver option to set the log driver for created containers. - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles. - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302). - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757). - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location. - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added. - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434). - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097). - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster. - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository. - The podman search command can now output JSON using the --format=json option. - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers. - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers. - The --tls-verify and --authfile options have been enabled for use with remote Podman. - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095). - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option. - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option. - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable. - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match. - The podman pod ps command now supports a new filter status, that matches pods in a certain state. * Changes - The podman network rm --force command will now also remove pods that are using the network (#7791). - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given. - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container. - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver). - Many errors have been changed to remove repetition and be more clear as to what has gone wrong. - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release. - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work. - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941). - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659). - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running. - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container. - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906). - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657). - The podman network rm command now has a new alias, podman network remove (#8402). * Bugfixes - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use. - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776). - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior. - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl. - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container. - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable. - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789). - Fixed a bug where the podman untag --all command was not supported with remote Podman. - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826). - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present. - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's. - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798). - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381). - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726). - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782). - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837). - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872). - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476). - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878). - Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up. - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886). - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903). - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified. - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490). - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807). - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947). - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830). - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running. - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751). - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004). - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026). - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted. - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038). - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979). - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040). - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations. - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054). - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073). - Fixed a bug where the podman ps command did not include information on all ports a container was publishing. - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions. - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088). - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context). - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089). - Fixed a bug where the --extract option to podman cp was nonfunctional. - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091). - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148). - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125). - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139). - Fixed a bug where the podman attach command would not exit when containers stopped (#8154). - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160). - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159). - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed. - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023). - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184). - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181). - Fixed a bug where filters passed to podman volume list were not inclusive (#6765). - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253). - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221). - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322). - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332). - Fixed a bug where the podman stats command did not show memory limits for containers (#8265). - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386). - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it). - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491). - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables. - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473). - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host. - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385). - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck. - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448). - Fixed a bug where the podman container ps alias for podman ps was missing (#8445). * API - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable. - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950). - The Compat Network Connect and Network Disconnect endpoints have been added. - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration. - The Compat Create endpoint for images now properly supports specifying images by digest. - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions. - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal. - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version). - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not. - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line. - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942). - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917). - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860). - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count. - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so). - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries. - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896). - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740). - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946). - Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility. - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client. - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response. - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time. - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter. - add dependency to timezone package or podman fails to build a - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib SELinux support [jsc#SMO-15] libseccomp was updated to release 2.5.3: * Update the syscall table for Linux v5.15 * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2 * Document that seccomp_rule_add() may return -EACCES Update to release 2.5.2 * Update the syscall table for Linux v5.14-rc7 * Add a function, get_notify_fd(), to the Python bindings to get the nofication file descriptor. * Consolidate multiplexed syscall handling for all architectures into one location. * Add multiplexed syscall support to PPC and MIPS * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within the kernel. libseccomp's fd notification logic was modified to support the kernel's previous and new usage of SECCOMP_IOCTL_NOTIF_ID_VALID. update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys Update to release 2.5.0 * Add support for the seccomp user notifications, see the seccomp_notify_alloc(3), seccomp_notify_receive(3), seccomp_notify_respond(3) manpages for more information * Add support for new filter optimization approaches, including a balanced tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for more information * Add support for the 64-bit RISC-V architecture * Performance improvements when adding new rules to a filter thanks to the use of internal shadow transactions and improved syscall lookup tables * Properly document the libseccomp API return values and include them in the stable API promise * Improvements to the s390 and s390x multiplexed syscall handling * Multiple fixes and improvements to the libseccomp manpages * Moved from manually maintained syscall tables to an automatically generated syscall table in CSV format * Update the syscall tables to Linux v5.8.0-rc5 * Python bindings and build now default to Python 3.x * Improvements to the tests have boosted code coverage to over 93% Update to release 2.4.3 * Add list of authorized release signatures to README.md * Fix multiplexing issue with s390/s390x shm* syscalls * Remove the static flag from libseccomp tools compilation * Add define for __SNR_ppoll * Fix potential memory leak identified by clang in the scmp_bpf_sim tool Update to release 2.4.2 * Add support for io-uring related system calls conmon was updated to version 2.0.30: * Remove unreachable code path * exit: report if the exit command was killed * exit: fix race zombie reaper * conn_sock: allow watchdog messages through the notify socket proxy * seccomp: add support for seccomp notify Update to version 2.0.29: * Reset OOM score back to 0 for container runtime * call functions registered with atexit on SIGTERM * conn_sock: fix potential segfault Update to version 2.0.27: * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary Update to version 2.0.26: * conn_sock: do not fail on EAGAIN * fix segfault from a double freed pointer * Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was. * improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it) * add full-attach option to allow callers to not truncate a very long path for the attach socket * close only opened FDs * set locale to inherit environment Update to version 2.0.22: * added man page * attach: always chdir * conn_sock: Explicitly free a heap-allocated string * refactor I/O and add SD_NOTIFY proxy support Update to version 2.0.21: * protect against kill(-1) * Makefile: enable debuginfo generation * Remove go.sum file and add go.mod * Fail if conmon config could not be written * nix: remove double definition for e2fsprogs * Speedup static build by utilizing CI cache on `/nix` folder * Fix nix build for failing e2fsprogs tests * test: fix CI * Use Podman for building libcontainers-common was updated to include: - common 0.44.0 - image 5.16.0 - podman 3.3.1 - storage 1.36.0 (changes too long to list) CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:711-1 Released: Fri Mar 4 09:15:11 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:736-1 Released: Fri Mar 4 14:51:57 2022 Summary: Security update for vim Type: security Severity: important References: 1190533,1190570,1191893,1192478,1192481,1193294,1193298,1194216,1194556,1195004,1195066,1195126,1195202,1195356,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3927,CVE-2021-3928,CVE-2021-3984,CVE-2021-4019,CVE-2021-4193,CVE-2021-46059,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0361,CVE-2022-0413 This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:743-1 Released: Mon Mar 7 22:08:12 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1194265,1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:771-1 Released: Wed Mar 9 09:27:07 2022 Summary: Recommended update for libseccomp Type: recommended Severity: moderate References: 1196825 This update for libseccomp fixes the following issues: - Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:774-1 Released: Wed Mar 9 10:52:10 2022 Summary: Security update for tcpdump Type: security Severity: moderate References: 1195825,CVE-2018-16301 This update for tcpdump fixes the following issues: - CVE-2018-16301: Fixed segfault when handling large files (bsc#1195825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:836-1 Released: Tue Mar 15 07:47:48 2022 Summary: Recommended update for gdb Type: recommended Severity: moderate References: This update for gdb fixes the following issues: - Support for new IBM Z Hardware - GDB Part (jsc#SLE-22287) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:942-1 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:948-1 Released: Fri Mar 25 12:46:42 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1193446 This update for sudo fixes the following issues: - Fix user set timeout not being honored (bsc#1193446) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1119-1 Released: Wed Apr 6 09:16:06 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect SUSE Linux Enterprise 15 Serivce Pack 3 and 4 (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1770-1 Released: Fri May 20 14:36:30 2022 Summary: Recommended update for skelcd, sles15-image Type: recommended Severity: moderate References: This update for skelcd, sles15-image fixes the following issues: Changes in skelcd: - Ship skelcd-EULA-bci for SLE BCI EULA (jsc#BCI-10) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1195463,1196850 This update for apparmor fixes the following issues: - Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.32-150300.3.5.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - file-magic-5.32-7.14.1 updated - filesystem-15.0-11.8.1 updated - gdb-11.1-8.30.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-2.31-150300.31.2 updated - grep-3.1-150000.4.6.1 updated - gzip-1.10-150200.10.1 updated - iproute2-5.3-5.5.1 updated - kmod-29-4.15.1 updated - krb5-1.19.2-150300.8.3.2 updated - less-530-3.3.2 updated - libapparmor1-2.13.6-150300.3.15.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcrack2-2.9.7-11.6.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libcryptsetup12-hmac-2.3.7-150300.3.5.1 updated - libcryptsetup12-2.3.7-150300.3.5.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.19.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libgmodule-2_0-0-2.62.6-150200.3.9.1 updated - libgmp10-6.1.2-4.9.1 updated - libjson-c3-0.13-3.3.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libkmod2-29-4.15.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmagic1-5.32-7.14.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.12.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 added - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - libsasl2-3-2.1.27-150300.4.6.1 updated - libseccomp2-2.5.3-150300.10.8.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-246.16-150300.7.45.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libudev1-246.16-150300.7.45.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150200.36.1 updated - login_defs-4.8.1-150300.4.3.8 updated - ncurses-utils-6.1-5.9.1 updated - netcfg-11.6-3.3.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 added - pam-1.3.0-150000.6.58.3 updated - perl-base-5.26.1-150300.17.3.1 updated - perl-5.26.1-150300.17.3.1 updated - permissions-20181225-23.12.1 updated - procps-3.3.15-7.22.1 updated - python3-base-3.6.15-150300.10.27.1 updated - rpm-config-SUSE-1-5.6.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - shadow-4.8.1-150300.4.3.8 updated - sudo-1.9.5p2-150300.3.6.1 updated - supportutils-3.1.20-150300.7.35.10.1 updated - suse-module-tools-15.3.15-3.17.1 updated - system-group-hardware-20170617-17.3.1 updated - system-group-kvm-20170617-17.3.1 updated - system-group-wheel-20170617-17.3.1 updated - system-user-man-20170617-17.3.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-246.16-150300.7.48.1 updated - tar-1.34-150000.3.12.1 updated - tcpdump-4.9.2-3.18.1 updated - terminfo-base-6.1-5.9.1 updated - timezone-2022a-150000.75.7.1 added - udev-246.16-150300.7.48.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - util-linux-systemd-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.18.1 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Thu Aug 4 13:16:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 15:16:35 +0200 (CEST) Subject: SUSE-SU-2022:2667-1: important: Security update for u-boot Message-ID: <20220804131635.49981FC32@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2667-1 Rating: important References: #1201214 Cross-References: CVE-2022-34835 CVSS scores: CVE-2022-34835 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34835 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2667=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2667=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2667=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2667=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2667=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2667=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): u-boot-tools-2019.01-150100.7.16.1 u-boot-tools-debuginfo-2019.01-150100.7.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): u-boot-tools-2019.01-150100.7.16.1 u-boot-tools-debuginfo-2019.01-150100.7.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64): u-boot-rpi3-2019.01-150100.7.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): u-boot-tools-2019.01-150100.7.16.1 u-boot-tools-debuginfo-2019.01-150100.7.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): u-boot-tools-2019.01-150100.7.16.1 u-boot-tools-debuginfo-2019.01-150100.7.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64): u-boot-rpi3-2019.01-150100.7.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): u-boot-tools-2019.01-150100.7.16.1 u-boot-tools-debuginfo-2019.01-150100.7.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64): u-boot-rpi3-2019.01-150100.7.16.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): u-boot-tools-2019.01-150100.7.16.1 u-boot-tools-debuginfo-2019.01-150100.7.16.1 - SUSE Enterprise Storage 6 (aarch64): u-boot-rpi3-2019.01-150100.7.16.1 - SUSE CaaS Platform 4.0 (x86_64): u-boot-tools-2019.01-150100.7.16.1 u-boot-tools-debuginfo-2019.01-150100.7.16.1 References: https://www.suse.com/security/cve/CVE-2022-34835.html https://bugzilla.suse.com/1201214 From sle-updates at lists.suse.com Thu Aug 4 13:17:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 15:17:18 +0200 (CEST) Subject: SUSE-SU-2022:2670-1: important: Security update for qpdf Message-ID: <20220804131718.4952EFC32@maintenance.suse.de> SUSE Security Update: Security update for qpdf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2670-1 Rating: important References: #1188514 #1201830 Cross-References: CVE-2021-36978 CVE-2022-34503 CVSS scores: CVE-2021-36978 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36978 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34503 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-34503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for qpdf fixes the following issues: - CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF:processXRefStream (bsc#1201830). - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2670=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2670=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2670=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2670=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2670=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2670=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2670=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2670=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2670=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2670=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2670=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2670=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 - SUSE CaaS Platform 4.0 (x86_64): libqpdf21-8.0.2-150000.3.5.1 libqpdf21-debuginfo-8.0.2-150000.3.5.1 qpdf-8.0.2-150000.3.5.1 qpdf-debuginfo-8.0.2-150000.3.5.1 qpdf-debugsource-8.0.2-150000.3.5.1 qpdf-devel-8.0.2-150000.3.5.1 References: https://www.suse.com/security/cve/CVE-2021-36978.html https://www.suse.com/security/cve/CVE-2022-34503.html https://bugzilla.suse.com/1188514 https://bugzilla.suse.com/1201830 From sle-updates at lists.suse.com Thu Aug 4 13:18:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 15:18:08 +0200 (CEST) Subject: SUSE-RU-2022:2668-1: moderate: Recommended update for ldns Message-ID: <20220804131808.6998CFC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for ldns ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2668-1 Rating: moderate References: #1200843 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of ldns fixes the following issue: - ldns is shipped to the unsupported packagehub module as dependency of unbound. (bsc#1200843) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2668=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2668=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2668=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2668=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2668=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2668=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2668=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2668=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ldns-1.7.0-150000.4.8.1 ldns-debuginfo-1.7.0-150000.4.8.1 ldns-debugsource-1.7.0-150000.4.8.1 ldns-devel-1.7.0-150000.4.8.1 libldns2-1.7.0-150000.4.8.1 libldns2-debuginfo-1.7.0-150000.4.8.1 libunbound2-1.6.8-150100.10.8.1 libunbound2-debuginfo-1.6.8-150100.10.8.1 perl-DNS-LDNS-1.7.0-150000.4.8.1 perl-DNS-LDNS-debuginfo-1.7.0-150000.4.8.1 python3-ldns-1.7.0-150000.4.8.1 python3-ldns-debuginfo-1.7.0-150000.4.8.1 unbound-1.6.8-150100.10.8.1 unbound-anchor-1.6.8-150100.10.8.1 unbound-anchor-debuginfo-1.6.8-150100.10.8.1 unbound-debuginfo-1.6.8-150100.10.8.1 unbound-debugsource-1.6.8-150100.10.8.1 unbound-devel-1.6.8-150100.10.8.1 unbound-python-1.6.8-150100.10.8.1 unbound-python-debuginfo-1.6.8-150100.10.8.1 - openSUSE Leap 15.4 (noarch): unbound-munin-1.6.8-150100.10.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ldns-1.7.0-150000.4.8.1 ldns-debuginfo-1.7.0-150000.4.8.1 ldns-debugsource-1.7.0-150000.4.8.1 ldns-devel-1.7.0-150000.4.8.1 libldns2-1.7.0-150000.4.8.1 libldns2-debuginfo-1.7.0-150000.4.8.1 libunbound2-1.6.8-150100.10.8.1 libunbound2-debuginfo-1.6.8-150100.10.8.1 perl-DNS-LDNS-1.7.0-150000.4.8.1 perl-DNS-LDNS-debuginfo-1.7.0-150000.4.8.1 python3-ldns-1.7.0-150000.4.8.1 python3-ldns-debuginfo-1.7.0-150000.4.8.1 unbound-1.6.8-150100.10.8.1 unbound-anchor-1.6.8-150100.10.8.1 unbound-anchor-debuginfo-1.6.8-150100.10.8.1 unbound-debuginfo-1.6.8-150100.10.8.1 unbound-debugsource-1.6.8-150100.10.8.1 unbound-devel-1.6.8-150100.10.8.1 unbound-python-1.6.8-150100.10.8.1 unbound-python-debuginfo-1.6.8-150100.10.8.1 - openSUSE Leap 15.3 (noarch): unbound-munin-1.6.8-150100.10.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): ldns-1.7.0-150000.4.8.1 ldns-debuginfo-1.7.0-150000.4.8.1 ldns-debugsource-1.7.0-150000.4.8.1 unbound-1.6.8-150100.10.8.1 unbound-debuginfo-1.6.8-150100.10.8.1 unbound-debugsource-1.6.8-150100.10.8.1 unbound-python-1.6.8-150100.10.8.1 unbound-python-debuginfo-1.6.8-150100.10.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): ldns-1.7.0-150000.4.8.1 ldns-debuginfo-1.7.0-150000.4.8.1 ldns-debugsource-1.7.0-150000.4.8.1 unbound-1.6.8-150100.10.8.1 unbound-debuginfo-1.6.8-150100.10.8.1 unbound-debugsource-1.6.8-150100.10.8.1 unbound-python-1.6.8-150100.10.8.1 unbound-python-debuginfo-1.6.8-150100.10.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): unbound-devel-1.6.8-150100.10.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): ldns-debuginfo-1.7.0-150000.4.8.1 ldns-debugsource-1.7.0-150000.4.8.1 perl-DNS-LDNS-1.7.0-150000.4.8.1 perl-DNS-LDNS-debuginfo-1.7.0-150000.4.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): ldns-debuginfo-1.7.0-150000.4.8.1 ldns-debugsource-1.7.0-150000.4.8.1 perl-DNS-LDNS-1.7.0-150000.4.8.1 perl-DNS-LDNS-debuginfo-1.7.0-150000.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): ldns-debuginfo-1.7.0-150000.4.8.1 ldns-debugsource-1.7.0-150000.4.8.1 ldns-devel-1.7.0-150000.4.8.1 libldns2-1.7.0-150000.4.8.1 libldns2-debuginfo-1.7.0-150000.4.8.1 libunbound2-1.6.8-150100.10.8.1 libunbound2-debuginfo-1.6.8-150100.10.8.1 unbound-anchor-1.6.8-150100.10.8.1 unbound-anchor-debuginfo-1.6.8-150100.10.8.1 unbound-debuginfo-1.6.8-150100.10.8.1 unbound-debugsource-1.6.8-150100.10.8.1 unbound-devel-1.6.8-150100.10.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ldns-debuginfo-1.7.0-150000.4.8.1 ldns-debugsource-1.7.0-150000.4.8.1 ldns-devel-1.7.0-150000.4.8.1 libldns2-1.7.0-150000.4.8.1 libldns2-debuginfo-1.7.0-150000.4.8.1 libunbound2-1.6.8-150100.10.8.1 libunbound2-debuginfo-1.6.8-150100.10.8.1 unbound-anchor-1.6.8-150100.10.8.1 unbound-anchor-debuginfo-1.6.8-150100.10.8.1 unbound-debuginfo-1.6.8-150100.10.8.1 unbound-debugsource-1.6.8-150100.10.8.1 unbound-devel-1.6.8-150100.10.8.1 References: https://bugzilla.suse.com/1200843 From sle-updates at lists.suse.com Thu Aug 4 13:18:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 15:18:50 +0200 (CEST) Subject: SUSE-SU-2022:2664-1: important: Security update for harfbuzz Message-ID: <20220804131850.7A0DEFC32@maintenance.suse.de> SUSE Security Update: Security update for harfbuzz ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2664-1 Rating: important References: #1200900 Cross-References: CVE-2022-33068 CVSS scores: CVE-2022-33068 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-33068 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2664=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2664=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): harfbuzz-debugsource-3.4.0-150400.3.3.1 harfbuzz-devel-3.4.0-150400.3.3.1 harfbuzz-tools-3.4.0-150400.3.3.1 harfbuzz-tools-debuginfo-3.4.0-150400.3.3.1 libharfbuzz-gobject0-3.4.0-150400.3.3.1 libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.3.1 libharfbuzz-icu0-3.4.0-150400.3.3.1 libharfbuzz-icu0-debuginfo-3.4.0-150400.3.3.1 libharfbuzz-subset0-3.4.0-150400.3.3.1 libharfbuzz-subset0-debuginfo-3.4.0-150400.3.3.1 libharfbuzz0-3.4.0-150400.3.3.1 libharfbuzz0-debuginfo-3.4.0-150400.3.3.1 typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libharfbuzz-gobject0-32bit-3.4.0-150400.3.3.1 libharfbuzz-gobject0-32bit-debuginfo-3.4.0-150400.3.3.1 libharfbuzz-icu0-32bit-3.4.0-150400.3.3.1 libharfbuzz-icu0-32bit-debuginfo-3.4.0-150400.3.3.1 libharfbuzz-subset0-32bit-3.4.0-150400.3.3.1 libharfbuzz-subset0-32bit-debuginfo-3.4.0-150400.3.3.1 libharfbuzz0-32bit-3.4.0-150400.3.3.1 libharfbuzz0-32bit-debuginfo-3.4.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): harfbuzz-debugsource-3.4.0-150400.3.3.1 harfbuzz-devel-3.4.0-150400.3.3.1 libharfbuzz-gobject0-3.4.0-150400.3.3.1 libharfbuzz-gobject0-debuginfo-3.4.0-150400.3.3.1 libharfbuzz-icu0-3.4.0-150400.3.3.1 libharfbuzz-icu0-debuginfo-3.4.0-150400.3.3.1 libharfbuzz-subset0-3.4.0-150400.3.3.1 libharfbuzz-subset0-debuginfo-3.4.0-150400.3.3.1 libharfbuzz0-3.4.0-150400.3.3.1 libharfbuzz0-debuginfo-3.4.0-150400.3.3.1 typelib-1_0-HarfBuzz-0_0-3.4.0-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libharfbuzz0-32bit-3.4.0-150400.3.3.1 libharfbuzz0-32bit-debuginfo-3.4.0-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-33068.html https://bugzilla.suse.com/1200900 From sle-updates at lists.suse.com Thu Aug 4 13:19:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 15:19:26 +0200 (CEST) Subject: SUSE-SU-2022:2666-1: important: Security update for u-boot Message-ID: <20220804131926.06928FC32@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2666-1 Rating: important References: #1201214 Cross-References: CVE-2022-34835 CVSS scores: CVE-2022-34835 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34835 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2666=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64): u-boot-rpi3-2019.01-5.11.1 u-boot-tools-2019.01-5.11.1 u-boot-tools-debuginfo-2019.01-5.11.1 References: https://www.suse.com/security/cve/CVE-2022-34835.html https://bugzilla.suse.com/1201214 From sle-updates at lists.suse.com Thu Aug 4 13:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 15:20:08 +0200 (CEST) Subject: SUSE-SU-2022:2663-1: important: Security update for harfbuzz Message-ID: <20220804132008.B4880FC32@maintenance.suse.de> SUSE Security Update: Security update for harfbuzz ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2663-1 Rating: important References: #1200900 Cross-References: CVE-2022-33068 CVSS scores: CVE-2022-33068 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-33068 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2663=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2663=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2663=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2663=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2663=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2663=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2663=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2663=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2663=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2663=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2663=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2663=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 harfbuzz-tools-2.6.4-150200.3.3.1 harfbuzz-tools-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - openSUSE Leap 15.3 (x86_64): libharfbuzz-gobject0-32bit-2.6.4-150200.3.3.1 libharfbuzz-gobject0-32bit-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-32bit-2.6.4-150200.3.3.1 libharfbuzz-icu0-32bit-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-32bit-2.6.4-150200.3.3.1 libharfbuzz-subset0-32bit-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Manager Server 4.1 (x86_64): libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Manager Proxy 4.1 (x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): harfbuzz-debugsource-2.6.4-150200.3.3.1 harfbuzz-devel-2.6.4-150200.3.3.1 libharfbuzz-gobject0-2.6.4-150200.3.3.1 libharfbuzz-gobject0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-icu0-2.6.4-150200.3.3.1 libharfbuzz-icu0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz-subset0-2.6.4-150200.3.3.1 libharfbuzz-subset0-debuginfo-2.6.4-150200.3.3.1 libharfbuzz0-2.6.4-150200.3.3.1 libharfbuzz0-debuginfo-2.6.4-150200.3.3.1 typelib-1_0-HarfBuzz-0_0-2.6.4-150200.3.3.1 - SUSE Enterprise Storage 7 (x86_64): libharfbuzz0-32bit-2.6.4-150200.3.3.1 libharfbuzz0-32bit-debuginfo-2.6.4-150200.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-33068.html https://bugzilla.suse.com/1200900 From sle-updates at lists.suse.com Thu Aug 4 13:20:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 15:20:56 +0200 (CEST) Subject: SUSE-SU-2022:2669-1: important: Security update for qpdf Message-ID: <20220804132056.B33A7FC32@maintenance.suse.de> SUSE Security Update: Security update for qpdf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2669-1 Rating: important References: #1188514 #1201830 Cross-References: CVE-2021-36978 CVE-2022-34503 CVSS scores: CVE-2021-36978 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36978 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-34503 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-34503 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for qpdf fixes the following issues: - CVE-2022-34503: Fixed a heap buffer overflow via the function QPDF::processXRefStream (bsc#1201830). - CVE-2021-36978: Fixed heap-based buffer overflow in Pl_ASCII85Decoder::write (bsc#1188514). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2669=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2669=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2669=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2669=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2669=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2669=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2669=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2669=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libqpdf18-7.1.1-3.8.1 libqpdf18-debuginfo-7.1.1-3.8.1 qpdf-7.1.1-3.8.1 qpdf-debuginfo-7.1.1-3.8.1 qpdf-debugsource-7.1.1-3.8.1 - SUSE OpenStack Cloud 9 (x86_64): libqpdf18-7.1.1-3.8.1 libqpdf18-debuginfo-7.1.1-3.8.1 qpdf-7.1.1-3.8.1 qpdf-debuginfo-7.1.1-3.8.1 qpdf-debugsource-7.1.1-3.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): qpdf-debuginfo-7.1.1-3.8.1 qpdf-debugsource-7.1.1-3.8.1 qpdf-devel-7.1.1-3.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libqpdf18-7.1.1-3.8.1 libqpdf18-debuginfo-7.1.1-3.8.1 qpdf-7.1.1-3.8.1 qpdf-debuginfo-7.1.1-3.8.1 qpdf-debugsource-7.1.1-3.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libqpdf18-7.1.1-3.8.1 libqpdf18-debuginfo-7.1.1-3.8.1 qpdf-7.1.1-3.8.1 qpdf-debuginfo-7.1.1-3.8.1 qpdf-debugsource-7.1.1-3.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libqpdf18-7.1.1-3.8.1 libqpdf18-debuginfo-7.1.1-3.8.1 qpdf-7.1.1-3.8.1 qpdf-debuginfo-7.1.1-3.8.1 qpdf-debugsource-7.1.1-3.8.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libqpdf18-7.1.1-3.8.1 libqpdf18-debuginfo-7.1.1-3.8.1 qpdf-7.1.1-3.8.1 qpdf-debuginfo-7.1.1-3.8.1 qpdf-debugsource-7.1.1-3.8.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libqpdf18-7.1.1-3.8.1 libqpdf18-debuginfo-7.1.1-3.8.1 qpdf-7.1.1-3.8.1 qpdf-debuginfo-7.1.1-3.8.1 qpdf-debugsource-7.1.1-3.8.1 References: https://www.suse.com/security/cve/CVE-2021-36978.html https://www.suse.com/security/cve/CVE-2022-34503.html https://bugzilla.suse.com/1188514 https://bugzilla.suse.com/1201830 From sle-updates at lists.suse.com Thu Aug 4 16:16:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 18:16:26 +0200 (CEST) Subject: SUSE-SU-2022:2671-1: important: Security update for go1.17 Message-ID: <20220804161627.00B2CFC32@maintenance.suse.de> SUSE Security Update: Security update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2671-1 Rating: important References: #1190649 #1201434 #1201436 #1201437 #1201440 #1201443 #1201444 #1201445 #1201447 #1201448 #1202035 Cross-References: CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 CVSS scores: CVE-2022-1705 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-1962 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28131 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30630 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30631 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30632 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30633 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30635 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-32148 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-32189 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for go1.17 fixes the following issues: Update to go version 1.17.13 (bsc#1190649): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2671=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2671=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2671=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2671=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2671=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2671=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2671=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2671=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2671=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2671=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2671=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2671=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2671=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.17-race-1.17.13-150000.1.42.1 - openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.17-race-1.17.13-150000.1.42.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 - SUSE Manager Server 4.1 (x86_64): go1.17-race-1.17.13-150000.1.42.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 go1.17-race-1.17.13-150000.1.42.1 - SUSE Manager Proxy 4.1 (x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 go1.17-race-1.17.13-150000.1.42.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): go1.17-race-1.17.13-150000.1.42.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): go1.17-race-1.17.13-150000.1.42.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 go1.17-race-1.17.13-150000.1.42.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.17-race-1.17.13-150000.1.42.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.13-150000.1.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 go1.17-race-1.17.13-150000.1.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 go1.17-race-1.17.13-150000.1.42.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): go1.17-1.17.13-150000.1.42.1 go1.17-doc-1.17.13-150000.1.42.1 go1.17-race-1.17.13-150000.1.42.1 References: https://www.suse.com/security/cve/CVE-2022-1705.html https://www.suse.com/security/cve/CVE-2022-1962.html https://www.suse.com/security/cve/CVE-2022-28131.html https://www.suse.com/security/cve/CVE-2022-30630.html https://www.suse.com/security/cve/CVE-2022-30631.html https://www.suse.com/security/cve/CVE-2022-30632.html https://www.suse.com/security/cve/CVE-2022-30633.html https://www.suse.com/security/cve/CVE-2022-30635.html https://www.suse.com/security/cve/CVE-2022-32148.html https://www.suse.com/security/cve/CVE-2022-32189.html https://bugzilla.suse.com/1190649 https://bugzilla.suse.com/1201434 https://bugzilla.suse.com/1201436 https://bugzilla.suse.com/1201437 https://bugzilla.suse.com/1201440 https://bugzilla.suse.com/1201443 https://bugzilla.suse.com/1201444 https://bugzilla.suse.com/1201445 https://bugzilla.suse.com/1201447 https://bugzilla.suse.com/1201448 https://bugzilla.suse.com/1202035 From sle-updates at lists.suse.com Thu Aug 4 16:18:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 18:18:02 +0200 (CEST) Subject: SUSE-SU-2022:2673-1: moderate: Security update for python-ujson Message-ID: <20220804161802.198D8FC32@maintenance.suse.de> SUSE Security Update: Security update for python-ujson ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2673-1 Rating: moderate References: #1201254 #1201255 Cross-References: CVE-2022-31116 CVE-2022-31117 CVSS scores: CVE-2022-31116 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-31116 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L CVE-2022-31117 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-31117 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-ujson fixes the following issues: - CVE-2022-31116: Fixed improper decoding of escaped surrogate characters (bsc#1201255). - CVE-2022-31117: Fixed a double free while reallocating a buffer for string decoding (bsc#1201254). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2673=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2673=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2673=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2673=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2673=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2673=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-ujson-debuginfo-1.35-150100.3.5.1 python-ujson-debugsource-1.35-150100.3.5.1 python3-ujson-1.35-150100.3.5.1 python3-ujson-debuginfo-1.35-150100.3.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-ujson-debuginfo-1.35-150100.3.5.1 python-ujson-debugsource-1.35-150100.3.5.1 python2-ujson-1.35-150100.3.5.1 python2-ujson-debuginfo-1.35-150100.3.5.1 python3-ujson-1.35-150100.3.5.1 python3-ujson-debuginfo-1.35-150100.3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): python-ujson-debuginfo-1.35-150100.3.5.1 python-ujson-debugsource-1.35-150100.3.5.1 python2-ujson-1.35-150100.3.5.1 python2-ujson-debuginfo-1.35-150100.3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-ujson-debuginfo-1.35-150100.3.5.1 python-ujson-debugsource-1.35-150100.3.5.1 python2-ujson-1.35-150100.3.5.1 python2-ujson-debuginfo-1.35-150100.3.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): python-ujson-debuginfo-1.35-150100.3.5.1 python-ujson-debugsource-1.35-150100.3.5.1 python3-ujson-1.35-150100.3.5.1 python3-ujson-debuginfo-1.35-150100.3.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python-ujson-debuginfo-1.35-150100.3.5.1 python-ujson-debugsource-1.35-150100.3.5.1 python3-ujson-1.35-150100.3.5.1 python3-ujson-debuginfo-1.35-150100.3.5.1 References: https://www.suse.com/security/cve/CVE-2022-31116.html https://www.suse.com/security/cve/CVE-2022-31117.html https://bugzilla.suse.com/1201254 https://bugzilla.suse.com/1201255 From sle-updates at lists.suse.com Thu Aug 4 16:18:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 4 Aug 2022 18:18:53 +0200 (CEST) Subject: SUSE-SU-2022:2672-1: important: Security update for go1.18 Message-ID: <20220804161853.6EEE8FC32@maintenance.suse.de> SUSE Security Update: Security update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2672-1 Rating: important References: #1193742 #1201434 #1201436 #1201437 #1201440 #1201443 #1201444 #1201445 #1201447 #1201448 #1202035 Cross-References: CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 CVSS scores: CVE-2022-1705 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-1962 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28131 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30630 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30631 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30632 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30633 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-30635 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-32148 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-32189 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has one errata is now available. Description: This update for go1.18 fixes the following issues: Update to go version 1.18.5 (bsc#1193742): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2672=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2672=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2672=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2672=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.5-150000.1.25.1 go1.18-doc-1.18.5-150000.1.25.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.18-race-1.18.5-150000.1.25.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.5-150000.1.25.1 go1.18-doc-1.18.5-150000.1.25.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.18-race-1.18.5-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.5-150000.1.25.1 go1.18-doc-1.18.5-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.18-race-1.18.5-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.5-150000.1.25.1 go1.18-doc-1.18.5-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18.5-150000.1.25.1 References: https://www.suse.com/security/cve/CVE-2022-1705.html https://www.suse.com/security/cve/CVE-2022-1962.html https://www.suse.com/security/cve/CVE-2022-28131.html https://www.suse.com/security/cve/CVE-2022-30630.html https://www.suse.com/security/cve/CVE-2022-30631.html https://www.suse.com/security/cve/CVE-2022-30632.html https://www.suse.com/security/cve/CVE-2022-30633.html https://www.suse.com/security/cve/CVE-2022-30635.html https://www.suse.com/security/cve/CVE-2022-32148.html https://www.suse.com/security/cve/CVE-2022-32189.html https://bugzilla.suse.com/1193742 https://bugzilla.suse.com/1201434 https://bugzilla.suse.com/1201436 https://bugzilla.suse.com/1201437 https://bugzilla.suse.com/1201440 https://bugzilla.suse.com/1201443 https://bugzilla.suse.com/1201444 https://bugzilla.suse.com/1201445 https://bugzilla.suse.com/1201447 https://bugzilla.suse.com/1201448 https://bugzilla.suse.com/1202035 From sle-updates at lists.suse.com Thu Aug 4 22:16:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 00:16:08 +0200 (CEST) Subject: SUSE-RU-2022:2676-1: critical: Recommended update for patterns-suse-manager Message-ID: <20220804221608.A8EA5FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-suse-manager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2676-1 Rating: critical References: #1202142 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-suse-manager fixes the following issues: - Strictly require OpenJDK 11. (bsc#1202142) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-2676=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-2676=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): patterns-suma_retail-4.3-150400.5.3.1 patterns-suma_server-4.3-150400.5.3.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): patterns-suma_proxy-4.3-150400.5.3.1 References: https://bugzilla.suse.com/1202142 From sle-updates at lists.suse.com Fri Aug 5 07:15:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 09:15:26 +0200 (CEST) Subject: SUSE-CU-2022:1767-1: Security update of bci/golang Message-ID: <20220805071526.9D2CCFC32@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1767-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.30 , bci/golang:latest Container Release : 7.30 Severity : important Type : security References : 1193742 1198720 1200747 1201385 1201434 1201436 1201437 1201440 1201443 1201444 1201445 1201447 1201448 1202035 CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2672-1 Released: Thu Aug 4 14:06:24 2022 Summary: Security update for go1.18 Type: security Severity: important References: 1193742,1201434,1201436,1201437,1201440,1201443,1201444,1201445,1201447,1201448,1202035,CVE-2022-1705,CVE-2022-1962,CVE-2022-28131,CVE-2022-30630,CVE-2022-30631,CVE-2022-30632,CVE-2022-30633,CVE-2022-30635,CVE-2022-32148,CVE-2022-32189 This update for go1.18 fixes the following issues: Update to go version 1.18.5 (bsc#1193742): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - go1.18-1.18.5-150000.1.25.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Fri Aug 5 07:15:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 09:15:55 +0200 (CEST) Subject: SUSE-RU-2022:2678-1: important: Recommended update for hwinfo Message-ID: <20220805071555.83CBEFC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2678-1 Rating: important References: #1184339 #1198043 #1199948 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) - Fix bug in determining serial console device name (bsc#1198043) - Don't rely on select() updating its timeout argument (bsc#1184339) - Fix logic around CD-ROM detection - Prevent closing of the open CD-ROM tray after read - Always read numerical 32bit serial number from EDID header. Override this with ASCII serial number from display descriptor, if available. - Display numerical 32bit serial number for monitors without serial number display descriptor - Fix timezone issue in SOURCE_DATE_EPOCH code - Recognize loongarch64 architecture - Update PCI and USB ids Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2678=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2678=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2678=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2678=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): hwinfo-21.82-150300.3.3.1 hwinfo-debuginfo-21.82-150300.3.3.1 hwinfo-debugsource-21.82-150300.3.3.1 hwinfo-devel-21.82-150300.3.3.1 hwinfo-devel-debuginfo-21.82-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): hwinfo-21.82-150300.3.3.1 hwinfo-debuginfo-21.82-150300.3.3.1 hwinfo-debugsource-21.82-150300.3.3.1 hwinfo-devel-21.82-150300.3.3.1 hwinfo-devel-debuginfo-21.82-150300.3.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): hwinfo-21.82-150300.3.3.1 hwinfo-debuginfo-21.82-150300.3.3.1 hwinfo-debugsource-21.82-150300.3.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): hwinfo-21.82-150300.3.3.1 hwinfo-debuginfo-21.82-150300.3.3.1 hwinfo-debugsource-21.82-150300.3.3.1 References: https://bugzilla.suse.com/1184339 https://bugzilla.suse.com/1198043 https://bugzilla.suse.com/1199948 From sle-updates at lists.suse.com Fri Aug 5 07:16:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 09:16:44 +0200 (CEST) Subject: SUSE-RU-2022:2677-1: important: Recommended update for hwinfo Message-ID: <20220805071644.D195AFC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwinfo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2677-1 Rating: important References: #1199948 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2677=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2677=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): hwinfo-21.82-150400.3.3.1 hwinfo-debuginfo-21.82-150400.3.3.1 hwinfo-debugsource-21.82-150400.3.3.1 hwinfo-devel-21.82-150400.3.3.1 hwinfo-devel-debuginfo-21.82-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): hwinfo-21.82-150400.3.3.1 hwinfo-debuginfo-21.82-150400.3.3.1 hwinfo-debugsource-21.82-150400.3.3.1 hwinfo-devel-21.82-150400.3.3.1 hwinfo-devel-debuginfo-21.82-150400.3.3.1 References: https://bugzilla.suse.com/1199948 From sle-updates at lists.suse.com Fri Aug 5 07:17:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 09:17:04 +0200 (CEST) Subject: SUSE-CU-2022:1768-1: Security update of bci/openjdk-devel Message-ID: <20220805071704.22367FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1768-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.59 , bci/openjdk-devel:latest Container Release : 14.59 Severity : important Type : security References : 1200900 CVE-2022-33068 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2664-1 Released: Thu Aug 4 09:22:06 2022 Summary: Security update for harfbuzz Type: security Severity: important References: 1200900,CVE-2022-33068 This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900). The following package changes have been done: - libharfbuzz0-3.4.0-150400.3.3.1 updated - container:bci-openjdk-11-11-12.31 updated From sle-updates at lists.suse.com Fri Aug 5 07:18:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 09:18:10 +0200 (CEST) Subject: SUSE-CU-2022:1769-1: Security update of bci/openjdk Message-ID: <20220805071810.B5790FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1769-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-12.31 , bci/openjdk:latest Container Release : 12.31 Severity : important Type : security References : 1200900 CVE-2022-33068 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2664-1 Released: Thu Aug 4 09:22:06 2022 Summary: Security update for harfbuzz Type: security Severity: important References: 1200900,CVE-2022-33068 This update for harfbuzz fixes the following issues: - CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900). The following package changes have been done: - libharfbuzz0-3.4.0-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Aug 5 13:16:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 15:16:14 +0200 (CEST) Subject: SUSE-SU-2022:2680-1: moderate: Security update for buildah Message-ID: <20220805131614.9A494FC32@maintenance.suse.de> SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2680-1 Rating: moderate References: #1197870 Cross-References: CVE-2022-27651 CVSS scores: CVE-2022-27651 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-27651 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for buildah fixes the following issues: - CVE-2022-27651: Fixed incorrect default inheritable capabilities for linux container (bsc#1197870). Update to version 1.25.1. The following non-security bugs were fixed: - add workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1183043 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2680=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-2680=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): buildah-1.25.1-150400.3.3.28 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): buildah-1.25.1-150400.3.3.28 References: https://www.suse.com/security/cve/CVE-2022-27651.html https://bugzilla.suse.com/1197870 From sle-updates at lists.suse.com Fri Aug 5 13:16:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 15:16:52 +0200 (CEST) Subject: SUSE-RU-2022:2684-1: moderate: Recommended update for rmt-server Message-ID: <20220805131652.50825FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2684-1 Rating: moderate References: #1188578 #1191552 #1195318 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: Version 2.8.0 - Forwarding information of registered systems to SCC more efficiently in batches - Syncing the systems' most recent last seen timestamps to SCC - Optional '--no-confirmation' switch to skip user confirmation when cleaning repository data - Fix "rmt-cli systems list --csv -a" for RMTs with millions of systems (bsc#1191552) - Enable nginx configs to serve on IPv6 - Enable users with old versions of RMT to sync systems with SCC by default - Fix build using ruby 3.x (bsc#1195318). Version 2.7.1 - Remove products with a negative ID during migration - Changes to RMT/connect API: RMT returns HTTP status code 422 whenever a system tries to register/activate a product with an expired subscription. - Mirror metadata retry. (bsc#1188578) - Update the way allowed paths are checked SUMA requested a new feature where it is possible to validate all versions of the same product and arch (that are allowed to that system) - De-register BYOS systems using RMT as a proxy from SCC - De-activate a single product from a BYOS proxy system Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2684=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2684=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2684=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2684=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2684=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2684=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2684=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): rmt-server-2.8.0-150100.3.36.1 rmt-server-config-2.8.0-150100.3.36.1 rmt-server-debuginfo-2.8.0-150100.3.36.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): rmt-server-2.8.0-150100.3.36.1 rmt-server-config-2.8.0-150100.3.36.1 rmt-server-debuginfo-2.8.0-150100.3.36.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): rmt-server-2.8.0-150100.3.36.1 rmt-server-config-2.8.0-150100.3.36.1 rmt-server-debuginfo-2.8.0-150100.3.36.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.8.0-150100.3.36.1 rmt-server-pubcloud-2.8.0-150100.3.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): rmt-server-2.8.0-150100.3.36.1 rmt-server-config-2.8.0-150100.3.36.1 rmt-server-debuginfo-2.8.0-150100.3.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): rmt-server-2.8.0-150100.3.36.1 rmt-server-config-2.8.0-150100.3.36.1 rmt-server-debuginfo-2.8.0-150100.3.36.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): rmt-server-2.8.0-150100.3.36.1 rmt-server-config-2.8.0-150100.3.36.1 rmt-server-debuginfo-2.8.0-150100.3.36.1 - SUSE CaaS Platform 4.0 (x86_64): rmt-server-2.8.0-150100.3.36.1 rmt-server-config-2.8.0-150100.3.36.1 rmt-server-debuginfo-2.8.0-150100.3.36.1 References: https://bugzilla.suse.com/1188578 https://bugzilla.suse.com/1191552 https://bugzilla.suse.com/1195318 From sle-updates at lists.suse.com Fri Aug 5 13:17:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 15:17:39 +0200 (CEST) Subject: SUSE-RU-2022:2683-1: moderate: Recommended update for rmt-server Message-ID: <20220805131739.2A0AEFC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2683-1 Rating: moderate References: #1188578 #1191552 #1195318 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Version 2.8.0 - Forwarding information of registered systems to SCC more efficiently in batches. - Syncing the systems' most recent last seen timestamps to SCC. - Optional '--no-confirmation' switch to skip user confirmation when cleaning repository data. - Fix "rmt-cli systems list --csv -a" for RMTs with millions of systems. (bsc#1191552) - Enable nginx configs to serve on IPv6. - Enable users with old versions of RMT to sync systems with SCC by default. - Fix build using ruby 3.x (bsc#1195318) - Remove products with a negative ID during migration. - Changes to RMT/connect API: RMT returns HTTP status code 422 whenever a system tries to register/activate a product with an expired subscription. - Mirror metadata retry. (bsc#1188578) - Update the way allowed paths are checked. - SUMA: Make it possible to validate all versions of the same product and arch (that are allowed to that system). - De-register BYOS systems using RMT as a proxy from SCC. - De-activate a single product from a BYOS proxy system. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2683=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2683=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2683=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2683=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): rmt-server-2.8.0-150000.3.55.1 rmt-server-config-2.8.0-150000.3.55.1 rmt-server-debuginfo-2.8.0-150000.3.55.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): rmt-server-2.8.0-150000.3.55.1 rmt-server-config-2.8.0-150000.3.55.1 rmt-server-debuginfo-2.8.0-150000.3.55.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): rmt-server-2.8.0-150000.3.55.1 rmt-server-config-2.8.0-150000.3.55.1 rmt-server-debuginfo-2.8.0-150000.3.55.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): rmt-server-2.8.0-150000.3.55.1 rmt-server-config-2.8.0-150000.3.55.1 rmt-server-debuginfo-2.8.0-150000.3.55.1 References: https://bugzilla.suse.com/1188578 https://bugzilla.suse.com/1191552 https://bugzilla.suse.com/1195318 From sle-updates at lists.suse.com Fri Aug 5 13:18:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 15:18:21 +0200 (CEST) Subject: SUSE-SU-2022:2682-1: Security update for wavpack Message-ID: <20220805131821.B0B7EFC32@maintenance.suse.de> SUSE Security Update: Security update for wavpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2682-1 Rating: low References: #1201716 Cross-References: CVE-2022-2476 CVSS scores: CVE-2022-2476 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2476 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wavpack fixes the following issues: - CVE-2022-2476: Fixed a Null pointer dereference in wvunpack (bsc#1201716). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2682=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2682=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): wavpack-4.60.99-5.12.1 wavpack-debuginfo-4.60.99-5.12.1 wavpack-debugsource-4.60.99-5.12.1 wavpack-devel-4.60.99-5.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libwavpack1-4.60.99-5.12.1 libwavpack1-debuginfo-4.60.99-5.12.1 wavpack-debuginfo-4.60.99-5.12.1 wavpack-debugsource-4.60.99-5.12.1 References: https://www.suse.com/security/cve/CVE-2022-2476.html https://bugzilla.suse.com/1201716 From sle-updates at lists.suse.com Fri Aug 5 13:18:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 15:18:57 +0200 (CEST) Subject: SUSE-RU-2022:2679-1: moderate: Recommended update for release-notes-sles Message-ID: <20220805131857.18D0FFC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2679-1 Rating: moderate References: #1185196 #1196097 #933411 SLE-11600 SLE-20041 SLE-23330 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server Installer 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes and contains three features can now be installed. Description: This update for release-notes-sles fixes the following issues: - Update to version 12.5.20220718 (bsc#933411) - Added note about Samba 4.15 (jsc#SLE-23330, bsc#1196097) - Added note about DFS share failover (jsc#SLE-20041) - Added note about Xenstore stubdom (bsc#1185196) - Added note about `CONFIG_NUMA_EMU` (jsc#SLE-11600) - Removed LibreOffice and MariaDB from requiring specific contracts Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server Installer 12-SP5: zypper in -t patch SUSE-SLE-SERVER-INSTALLER-12-SP5-2022-2679=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2679=1 Package List: - SUSE Linux Enterprise Server Installer 12-SP5 (noarch): release-notes-sles-12.5.20220718-3.31.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): release-notes-sles-12.5.20220718-3.31.1 References: https://bugzilla.suse.com/1185196 https://bugzilla.suse.com/1196097 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Fri Aug 5 13:19:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 15:19:47 +0200 (CEST) Subject: SUSE-SU-2022:2681-1: Security update for wavpack Message-ID: <20220805131947.DB88BFC32@maintenance.suse.de> SUSE Security Update: Security update for wavpack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2681-1 Rating: low References: #1201716 Cross-References: CVE-2022-2476 CVSS scores: CVE-2022-2476 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2476 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for wavpack fixes the following issues: - CVE-2022-2476: Fixed a Null pointer dereference in wvunpack (bsc#1201716). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2681=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2681=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2681=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2681=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2681=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2681=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libwavpack1-5.4.0-150000.4.15.1 libwavpack1-debuginfo-5.4.0-150000.4.15.1 wavpack-5.4.0-150000.4.15.1 wavpack-debuginfo-5.4.0-150000.4.15.1 wavpack-debugsource-5.4.0-150000.4.15.1 wavpack-devel-5.4.0-150000.4.15.1 - openSUSE Leap 15.4 (x86_64): libwavpack1-32bit-5.4.0-150000.4.15.1 libwavpack1-32bit-debuginfo-5.4.0-150000.4.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libwavpack1-5.4.0-150000.4.15.1 libwavpack1-debuginfo-5.4.0-150000.4.15.1 wavpack-5.4.0-150000.4.15.1 wavpack-debuginfo-5.4.0-150000.4.15.1 wavpack-debugsource-5.4.0-150000.4.15.1 wavpack-devel-5.4.0-150000.4.15.1 - openSUSE Leap 15.3 (x86_64): libwavpack1-32bit-5.4.0-150000.4.15.1 libwavpack1-32bit-debuginfo-5.4.0-150000.4.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): wavpack-5.4.0-150000.4.15.1 wavpack-debuginfo-5.4.0-150000.4.15.1 wavpack-debugsource-5.4.0-150000.4.15.1 wavpack-devel-5.4.0-150000.4.15.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): wavpack-5.4.0-150000.4.15.1 wavpack-debuginfo-5.4.0-150000.4.15.1 wavpack-debugsource-5.4.0-150000.4.15.1 wavpack-devel-5.4.0-150000.4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libwavpack1-5.4.0-150000.4.15.1 libwavpack1-debuginfo-5.4.0-150000.4.15.1 wavpack-debuginfo-5.4.0-150000.4.15.1 wavpack-debugsource-5.4.0-150000.4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libwavpack1-5.4.0-150000.4.15.1 libwavpack1-debuginfo-5.4.0-150000.4.15.1 wavpack-debuginfo-5.4.0-150000.4.15.1 wavpack-debugsource-5.4.0-150000.4.15.1 References: https://www.suse.com/security/cve/CVE-2022-2476.html https://bugzilla.suse.com/1201716 From sle-updates at lists.suse.com Fri Aug 5 16:16:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 18:16:18 +0200 (CEST) Subject: SUSE-RU-2022:2688-1: moderate: Recommended update for rmt-server Message-ID: <20220805161618.EC3B7FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2688-1 Rating: moderate References: #1191552 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rmt-server fixes the following issues: Version 2.8.0 - Forwarding information of registered systems to SCC more efficiently in batches - Syncing the systems' most recent last seen timestamps to SCC - Optional '--no-confirmation' switch to skip user confirmation when cleaning repository data - Fix "rmt-cli systems list --csv -a" for RMTs with millions of systems (bsc#1191552) - Enable users with old versions of RMT to sync systems with SCC by default Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2688=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2688=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2688=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rmt-server-2.8.0-150400.3.3.1 rmt-server-config-2.8.0-150400.3.3.1 rmt-server-debuginfo-2.8.0-150400.3.3.1 rmt-server-debugsource-2.8.0-150400.3.3.1 rmt-server-pubcloud-2.8.0-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): rmt-server-2.8.0-150400.3.3.1 rmt-server-config-2.8.0-150400.3.3.1 rmt-server-debuginfo-2.8.0-150400.3.3.1 rmt-server-debugsource-2.8.0-150400.3.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.8.0-150400.3.3.1 rmt-server-debugsource-2.8.0-150400.3.3.1 rmt-server-pubcloud-2.8.0-150400.3.3.1 References: https://bugzilla.suse.com/1191552 From sle-updates at lists.suse.com Fri Aug 5 16:16:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 18:16:58 +0200 (CEST) Subject: SUSE-RU-2022:2685-1: moderate: Recommended update for rmt-server Message-ID: <20220805161658.75FA4FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2685-1 Rating: moderate References: #1188578 #1191552 #1195318 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: Version 2.8.0 - Forwarding information of registered systems to SCC more efficiently in batches - Syncing the systems' most recent last seen timestamps to SCC - Optional '--no-confirmation' switch to skip user confirmation when cleaning repository data - Fix "rmt-cli systems list --csv -a" for RMTs with millions of systems (bsc#1191552) - Enable nginx configs to serve on IPv6 - Enable users with old versions of RMT to sync systems with SCC by default - Fix build using ruby 3.x (bsc#1195318). Version 2.7.1 - Remove products with a negative ID during migration - Changes to RMT/connect API: RMT returns HTTP status code 422 whenever a system tries to register/activate a product with an expired subscription. - Mirror metadata retry. (bsc#1188578) - Update the way allowed paths are checked SUMA requested a new feature where it is possible to validate all versions of the same product and arch (that are allowed to that system) - De-register BYOS systems using RMT as a proxy from SCC - De-activate a single product from a BYOS proxy system Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2685=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2685=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2685=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2685=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2685=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2685=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2685=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2685=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2685=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2685=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): rmt-server-2.8.0-150200.3.23.1 rmt-server-config-2.8.0-150200.3.23.1 rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): rmt-server-2.8.0-150200.3.23.1 rmt-server-config-2.8.0-150200.3.23.1 rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 - SUSE Manager Proxy 4.1 (x86_64): rmt-server-2.8.0-150200.3.23.1 rmt-server-config-2.8.0-150200.3.23.1 rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): rmt-server-2.8.0-150200.3.23.1 rmt-server-config-2.8.0-150200.3.23.1 rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): rmt-server-2.8.0-150200.3.23.1 rmt-server-config-2.8.0-150200.3.23.1 rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): rmt-server-2.8.0-150200.3.23.1 rmt-server-config-2.8.0-150200.3.23.1 rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 rmt-server-pubcloud-2.8.0-150200.3.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): rmt-server-2.8.0-150200.3.23.1 rmt-server-config-2.8.0-150200.3.23.1 rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): rmt-server-2.8.0-150200.3.23.1 rmt-server-config-2.8.0-150200.3.23.1 rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): rmt-server-2.8.0-150200.3.23.1 rmt-server-config-2.8.0-150200.3.23.1 rmt-server-debuginfo-2.8.0-150200.3.23.1 rmt-server-debugsource-2.8.0-150200.3.23.1 References: https://bugzilla.suse.com/1188578 https://bugzilla.suse.com/1191552 https://bugzilla.suse.com/1195318 From sle-updates at lists.suse.com Fri Aug 5 16:17:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 18:17:45 +0200 (CEST) Subject: SUSE-SU-2022:2687-1: moderate: Security update for fwupd Message-ID: <20220805161745.2AE75FC32@maintenance.suse.de> SUSE Security Update: Security update for fwupd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2687-1 Rating: moderate References: #1193921 #1198581 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for fwupd fixes the following issues: - Ignore non-PCI NVMe devices (e.g. NVMe-over-Fabrics) when probing (bsc#1193921) - package was rebuilt with new UEFI secure boot key. (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2687=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2687=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dfu-tool-1.7.3-150400.3.3.19 dfu-tool-debuginfo-1.7.3-150400.3.3.19 fwupd-1.7.3-150400.3.3.19 fwupd-debuginfo-1.7.3-150400.3.3.19 fwupd-debugsource-1.7.3-150400.3.3.19 fwupd-devel-1.7.3-150400.3.3.19 libfwupd2-1.7.3-150400.3.3.19 libfwupd2-debuginfo-1.7.3-150400.3.3.19 libfwupdplugin5-1.7.3-150400.3.3.19 libfwupdplugin5-debuginfo-1.7.3-150400.3.3.19 typelib-1_0-Fwupd-2_0-1.7.3-150400.3.3.19 typelib-1_0-FwupdPlugin-1_0-1.7.3-150400.3.3.19 - openSUSE Leap 15.4 (noarch): fwupd-lang-1.7.3-150400.3.3.19 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): fwupd-1.7.3-150400.3.3.19 fwupd-debuginfo-1.7.3-150400.3.3.19 fwupd-debugsource-1.7.3-150400.3.3.19 fwupd-devel-1.7.3-150400.3.3.19 libfwupd2-1.7.3-150400.3.3.19 libfwupd2-debuginfo-1.7.3-150400.3.3.19 libfwupdplugin5-1.7.3-150400.3.3.19 libfwupdplugin5-debuginfo-1.7.3-150400.3.3.19 typelib-1_0-Fwupd-2_0-1.7.3-150400.3.3.19 typelib-1_0-FwupdPlugin-1_0-1.7.3-150400.3.3.19 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): fwupd-lang-1.7.3-150400.3.3.19 References: https://bugzilla.suse.com/1193921 https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Fri Aug 5 19:16:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 21:16:23 +0200 (CEST) Subject: SUSE-SU-2022:2691-1: important: Security update for python-M2Crypto Message-ID: <20220805191623.5C969FC32@maintenance.suse.de> SUSE Security Update: Security update for python-M2Crypto ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2691-1 Rating: important References: #1178829 Cross-References: CVE-2020-25657 CVSS scores: CVE-2020-25657 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-25657 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-M2Crypto fixes the following issues: - CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2691=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2691=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debugsource-0.38.0-150400.3.6.1 python3-M2Crypto-0.38.0-150400.3.6.1 python3-M2Crypto-debuginfo-0.38.0-150400.3.6.1 - openSUSE Leap 15.4 (noarch): python-M2Crypto-doc-0.38.0-150400.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-M2Crypto-debugsource-0.38.0-150400.3.6.1 python3-M2Crypto-0.38.0-150400.3.6.1 python3-M2Crypto-debuginfo-0.38.0-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2020-25657.html https://bugzilla.suse.com/1178829 From sle-updates at lists.suse.com Fri Aug 5 19:17:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 21:17:30 +0200 (CEST) Subject: SUSE-SU-2022:2689-1: Security update for dpkg Message-ID: <20220805191730.8F97AFC32@maintenance.suse.de> SUSE Security Update: Security update for dpkg ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2689-1 Rating: low References: #1199944 Cross-References: CVE-2022-1664 CVSS scores: CVE-2022-1664 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1664 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2689=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): update-alternatives-1.18.4-16.3.5 update-alternatives-debuginfo-1.18.4-16.3.5 update-alternatives-debugsource-1.18.4-16.3.5 References: https://www.suse.com/security/cve/CVE-2022-1664.html https://bugzilla.suse.com/1199944 From sle-updates at lists.suse.com Fri Aug 5 19:16:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 5 Aug 2022 21:16:59 +0200 (CEST) Subject: SUSE-RU-2022:2690-1: moderate: Recommended update for rust, rust1.62 Message-ID: <20220805191659.99705FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust, rust1.62 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2690-1 Rating: moderate References: SLE-18626 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for rust, rust1.62 fixes the following issues: This update delivers rust1.62. - Improve support for wasi targets Version 1.62.1 (2022-07-19) ========================== Rust 1.62.1 addresses a few recent regressions in the compiler and standard library, and also mitigates a CPU vulnerability on Intel SGX. * The compiler fixed unsound function coercions involving `impl Trait` return types. * The compiler fixed an incremental compilation bug with `async fn` lifetimes. * Windows added a fallback for overlapped I/O in synchronous reads and writes. * The `x86_64-fortanix-unknown-sgx` target added a mitigation for the MMIO stale data vulnerability, advisory [INTEL-SA-00615]. - Experimental support for wasi targets Version 1.62.0 (2022-06-30) ========================== Language -------- - Stabilize `#[derive(Default)]` on enums with a `#[default]` variant - Teach flow sensitive checks that visibly uninhabited call expressions never return - Fix constants not getting dropped if part of a diverging expression - Support unit struct/enum variant in destructuring assignment][95380 - Remove mutable_borrow_reservation_conflict lint and allow the code pattern Compiler -------- - linker: Stop using whole-archive on dependencies of dylibs - Make `unaligned_references` lint deny-by-default This lint is also a future compatibility lint, and is expected to eventually become a hard error. - Only add codegen backend to dep info if -Zbinary-dep-depinfo is used - Reject `#[thread_local]` attribute on non-static items - Add tier 3 `aarch64-pc-windows-gnullvm` and `x86_64-pc-windows-gnullvm` targets\* - Implement a lint to warn about unused macro rules - Promote `x86_64-unknown-none` target to Tier 2 * Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - Windows: Use a pipe relay for chaining pipes - Replace Linux Mutex and Condvar with futex based ones. - Replace RwLock by a futex based one on Linux - std: directly use pthread in UNIX parker implementation Stabilized APIs --------------- - `bool::then_some` - `f32::total_cmp` - `f64::total_cmp` - `Stdin::lines` - `windows::CommandExt::raw_arg` - `impl Default for AssertUnwindSafe` - `From> for Rc<[u8]>` rc-u8-from-str - `From> for Arc<[u8]>` arc-u8-from-str - `FusedIterator for EncodeWide` - RDM intrinsics on aarch64 stdarch/1285 Clippy ------ - Create clippy lint against unexpectedly late drop for temporaries in match scrutinee expressions Cargo ----- - Added the `cargo add` command for adding dependencies to `Cargo.toml` from the command-line. [docs](https://doc.rust-lang.org/nightly/cargo/commands/cargo-add.html) - Package ID specs now support `name at version` syntax in addition to the previous `name:version` to align with the behavior in `cargo add` and other tools. `cargo install` and `cargo yank` also now support this syntax so the version does not need to passed as a separate flag. - The `git` and `registry` directories in Cargo's home directory (usually `~/.cargo`) are now marked as cache directories so that they are not included in backups or content indexing (on Windows). - Added automatic `@` argfile support, which will use "response files" if the command-line to `rustc` exceeds the operating system's limit. Compatibility Notes ------------------- - `cargo test` now passes `--target` to `rustdoc` if the specified target is the same as the host target. - rustdoc: doctests are now run on unexported `macro_rules!` macros, matching other private items - rustdoc: Remove .woff font files - Enforce Copy bounds for repeat elements while considering lifetimes - Windows: Fix potentinal unsoundness by aborting if `File` reads or writes cannot complete synchronously. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2690=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2690=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2690=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2690=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo-1.62.0-150300.21.29.1 cargo1.62-1.62.1-150300.7.4.1 cargo1.62-debuginfo-1.62.1-150300.7.4.1 rust-1.62.0-150300.21.29.1 rust1.62-1.62.1-150300.7.4.1 rust1.62-debuginfo-1.62.1-150300.7.4.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cargo-1.62.0-150300.21.29.1 cargo1.62-1.62.1-150300.7.4.1 cargo1.62-debuginfo-1.62.1-150300.7.4.1 rust-1.62.0-150300.21.29.1 rust1.62-1.62.1-150300.7.4.1 rust1.62-debuginfo-1.62.1-150300.7.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo-1.62.0-150300.21.29.1 cargo1.62-1.62.1-150300.7.4.1 cargo1.62-debuginfo-1.62.1-150300.7.4.1 rust-1.62.0-150300.21.29.1 rust1.62-1.62.1-150300.7.4.1 rust1.62-debuginfo-1.62.1-150300.7.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo-1.62.0-150300.21.29.1 cargo1.62-1.62.1-150300.7.4.1 cargo1.62-debuginfo-1.62.1-150300.7.4.1 rust-1.62.0-150300.21.29.1 rust1.62-1.62.1-150300.7.4.1 rust1.62-debuginfo-1.62.1-150300.7.4.1 References: From sle-updates at lists.suse.com Sat Aug 6 07:14:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Aug 2022 09:14:28 +0200 (CEST) Subject: SUSE-CU-2022:1771-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20220806071428.46175FC32@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1771-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-4.2.1 , suse/sle-micro/5.3/toolbox:latest Container Release : 4.2.1 Severity : important Type : security References : 1073299 1093392 1104700 1112310 1113554 1120402 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1181658 1185637 1188127 1194708 1195157 1196025 1196026 1196168 1196169 1196171 1196784 1197443 1197570 1197718 1198511 1198732 1199140 1199166 1199232 1200170 1200334 1200550 1200734 1200735 1200736 1200737 1200855 1200855 1201099 1201276 1201560 1201640 CVE-2015-20107 CVE-2022-1292 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2358-1 Released: Tue Jul 12 04:21:59 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issues: - Fix handling of keywords in new sysctl.conf (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) The following package changes have been done: - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-2.31-150300.31.2 updated - libaugeas0-1.12.0-150400.3.3.6 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libcurl4-7.79.1-150400.5.3.1 updated - libexpat1-2.4.4-150400.3.6.9 updated - libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated - libopenssl1_1-1.1.1l-150400.7.7.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - openssl-1_1-1.1.1l-150400.7.7.1 updated - python3-base-3.6.15-150300.10.27.1 updated - systemd-presets-branding-SMO-20220103-150400.2.1 updated - systemd-249.11-150400.8.5.1 updated - timezone-2022a-150000.75.7.1 added - container:sles15-image-15.0.0-27.9.1 updated From sle-updates at lists.suse.com Sat Aug 6 07:29:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Aug 2022 09:29:54 +0200 (CEST) Subject: SUSE-CU-2022:1774-1: Security update of bci/python Message-ID: <20220806072954.DD933FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1774-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.46 Container Release : 18.46 Severity : important Type : security References : 1164384 1199235 CVE-2019-20454 CVE-2022-1587 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - libpcre2-8-0-10.31-150000.3.12.1 updated - container:sles15-image-15.0.0-17.20.9 updated From sle-updates at lists.suse.com Sat Aug 6 07:31:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Aug 2022 09:31:10 +0200 (CEST) Subject: SUSE-CU-2022:1775-1: Security update of bci/golang Message-ID: <20220806073110.EC947FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1775-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-12.32 Container Release : 12.32 Severity : important Type : security References : 1190649 1201434 1201436 1201437 1201440 1201443 1201444 1201445 1201447 1201448 1202035 CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2671-1 Released: Thu Aug 4 14:05:32 2022 Summary: Security update for go1.17 Type: security Severity: important References: 1190649,1201434,1201436,1201437,1201440,1201443,1201444,1201445,1201447,1201448,1202035,CVE-2022-1705,CVE-2022-1962,CVE-2022-28131,CVE-2022-30630,CVE-2022-30631,CVE-2022-30632,CVE-2022-30633,CVE-2022-30635,CVE-2022-32148,CVE-2022-32189 This update for go1.17 fixes the following issues: Update to go version 1.17.13 (bsc#1190649): - CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). The following package changes have been done: - go1.17-1.17.13-150000.1.42.1 updated From sle-updates at lists.suse.com Sat Aug 6 07:31:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Aug 2022 09:31:51 +0200 (CEST) Subject: SUSE-CU-2022:1776-1: Security update of suse/pcp Message-ID: <20220806073151.BAE7BFC32@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1776-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-8.13 , suse/pcp:latest Container Release : 8.13 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:bci-bci-init-15.4-15.4-19.20 updated From sle-updates at lists.suse.com Sat Aug 6 07:32:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Aug 2022 09:32:14 +0200 (CEST) Subject: SUSE-CU-2022:1777-1: Security update of bci/rust Message-ID: <20220806073214.C0A0FFC32@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1777-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.16 Container Release : 9.16 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Sat Aug 6 07:32:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Aug 2022 09:32:31 +0200 (CEST) Subject: SUSE-CU-2022:1778-1: Security update of bci/rust Message-ID: <20220806073231.49854FC32@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1778-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-4.8 Container Release : 4.8 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Sat Aug 6 07:32:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Aug 2022 09:32:49 +0200 (CEST) Subject: SUSE-CU-2022:1779-1: Security update of bci/rust Message-ID: <20220806073249.D0EEAFC32@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1779-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-4.8 , bci/rust:latest Container Release : 4.8 Severity : important Type : security References : 1198720 1200747 1201385 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - container:sles15-image-15.0.0-27.11.9 updated From sle-updates at lists.suse.com Sat Aug 6 07:33:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 6 Aug 2022 09:33:10 +0200 (CEST) Subject: SUSE-CU-2022:1780-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20220806073310.A4D06FC32@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1780-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.74 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.74 Severity : important Type : security References : 1029961 1040589 1070955 1073299 1093392 1099272 1104700 1112310 1113554 1115529 1120402 1120610 1121227 1121230 1122004 1122021 1128846 1130496 1130557 1137373 1140016 1150451 1162964 1164384 1169582 1172055 1172113 1173277 1174075 1174911 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1180689 1181131 1181658 1181826 1183533 1184501 1185637 1187906 1188127 1189028 1190315 1190926 1190943 1191096 1191157 1191502 1191770 1191794 1192167 1192902 1192903 1192904 1192951 1193086 1193204 1193466 1193489 1193659 1193732 1193868 1193905 1194093 1194216 1194217 1194229 1194388 1194642 1194708 1194848 1194872 1194883 1194885 1195004 1195157 1195203 1195231 1195247 1195251 1195258 1195283 1195326 1195332 1195354 1195463 1195468 1195529 1195628 1195797 1195899 1195999 1196061 1196093 1196107 1196317 1196361 1196368 1196490 1196514 1196567 1196647 1196850 1196861 1196925 1196939 1197004 1197024 1197065 1197134 1197443 1197459 1197570 1197718 1197771 1197794 1198062 1198062 1198090 1198114 1198176 1198446 1198507 1198511 1198596 1198614 1198723 1198732 1198748 1198751 1198766 1198922 1199132 1199140 1199166 1199223 1199224 1199232 1199232 1199235 1199240 1199331 1199333 1199334 1199651 1199655 1199693 1199745 1199747 1199936 1200010 1200011 1200012 1200170 1200334 1200550 1200735 1200737 1200855 1200855 1201099 1201560 1201640 CVE-2015-20107 CVE-2017-17087 CVE-2018-20482 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-20454 CVE-2019-6285 CVE-2019-6292 CVE-2019-9923 CVE-2020-14367 CVE-2021-20193 CVE-2021-22570 CVE-2021-28153 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1381 CVE-2022-1420 CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S??o Tom?? and Pr??ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1119-1 Released: Wed Apr 6 09:16:06 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect SUSE Linux Enterprise 15 Serivce Pack 3 and 4 (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1770-1 Released: Fri May 20 14:36:30 2022 Summary: Recommended update for skelcd, sles15-image Type: recommended Severity: moderate References: This update for skelcd, sles15-image fixes the following issues: Changes in skelcd: - Ship skelcd-EULA-bci for SLE BCI EULA (jsc#BCI-10) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2102-1 Released: Thu Jun 16 15:18:23 2022 Summary: Security update for vim Type: security Severity: important References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927 This update for vim fixes the following issues: - CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955). - CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770). - CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167). - CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902). - CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903). - CVE-2021-3974: Fixed use-after-free (bsc#1192904). - CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466). - CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905). - CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093). - CVE-2021-4192: Fixed use-after-free (bsc#1194217). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388). - CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885). - CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872). - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203). - CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332). - CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354). - CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361). - CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596). - CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748). - CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331). - CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333). - CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334). - CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655). - CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651). - CVE-2022-1771: Fixed stack exhaustion (bsc#1199693). - CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745). - CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747). - CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936). - CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010). - CVE-2022-1898: Fixed use-after-free (bsc#1200011). - CVE-2022-1927: Fixed buffer over-read (bsc#1200012). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1195463,1196850 This update for apparmor fixes the following issues: - Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-2.31-150300.31.2 updated - grep-3.1-150000.4.6.1 updated - gzip-1.10-150200.10.1 updated - libapparmor1-2.13.6-150300.3.15.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libcurl4-7.66.0-150200.4.36.1 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libgmodule-2_0-0-2.62.6-150200.3.9.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.12.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-246.16-150300.7.45.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libudev1-246.16-150300.7.45.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.0-150200.36.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - pam-1.3.0-150000.6.58.3 updated - perl-base-5.26.1-150300.17.3.1 updated - perl-5.26.1-150300.17.3.1 updated - procps-3.3.15-7.22.1 updated - python3-base-3.6.15-150300.10.27.1 updated - supportutils-3.1.20-150300.7.35.10.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-246.16-150300.7.48.1 updated - tar-1.34-150000.3.12.1 updated - timezone-2022a-150000.75.7.1 added - udev-246.16-150300.7.48.1 updated - util-linux-systemd-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - vim-data-common-8.2.5038-150000.5.21.1 updated - vim-8.2.5038-150000.5.21.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.18.1 updated From sle-updates at lists.suse.com Sun Aug 7 16:15:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 7 Aug 2022 18:15:35 +0200 (CEST) Subject: SUSE-SU-2022:2692-1: important: Security update for crash Message-ID: <20220807161535.D4ABEFC32@maintenance.suse.de> SUSE Security Update: Security update for crash ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2692-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of crash fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2692=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2692=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): crash-7.3.0-150400.3.2.6 crash-debuginfo-7.3.0-150400.3.2.6 crash-debugsource-7.3.0-150400.3.2.6 crash-devel-7.3.0-150400.3.2.6 crash-doc-7.3.0-150400.3.2.6 crash-eppic-7.3.0-150400.3.2.6 crash-eppic-debuginfo-7.3.0-150400.3.2.6 crash-kmp-default-7.3.0_k5.14.21_150400.24.11-150400.3.2.6 crash-kmp-default-debuginfo-7.3.0_k5.14.21_150400.24.11-150400.3.2.6 - openSUSE Leap 15.4 (aarch64): crash-kmp-64kb-7.3.0_k5.14.21_150400.24.11-150400.3.2.6 crash-kmp-64kb-debuginfo-7.3.0_k5.14.21_150400.24.11-150400.3.2.6 - openSUSE Leap 15.4 (x86_64): crash-gcore-7.3.0-150400.3.2.6 crash-gcore-debuginfo-7.3.0-150400.3.2.6 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): crash-7.3.0-150400.3.2.6 crash-debuginfo-7.3.0-150400.3.2.6 crash-debugsource-7.3.0-150400.3.2.6 crash-devel-7.3.0-150400.3.2.6 crash-kmp-default-7.3.0_k5.14.21_150400.24.11-150400.3.2.6 crash-kmp-default-debuginfo-7.3.0_k5.14.21_150400.24.11-150400.3.2.6 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64): crash-kmp-64kb-7.3.0_k5.14.21_150400.24.11-150400.3.2.6 crash-kmp-64kb-debuginfo-7.3.0_k5.14.21_150400.24.11-150400.3.2.6 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Mon Aug 8 19:16:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 8 Aug 2022 21:16:20 +0200 (CEST) Subject: SUSE-RU-2022:2693-1: moderate: Recommended update for scap-security-guide Message-ID: <20220808191620.91037FE10@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2693-1 Rating: moderate References: #1200122 #1200149 #1200163 ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.63 (jsc#ECO-3319): - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 SUSE specific issues fixed: - stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2693=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.63-3.36.1 scap-security-guide-debian-0.1.63-3.36.1 scap-security-guide-redhat-0.1.63-3.36.1 scap-security-guide-ubuntu-0.1.63-3.36.1 References: https://bugzilla.suse.com/1200122 https://bugzilla.suse.com/1200149 https://bugzilla.suse.com/1200163 From sle-updates at lists.suse.com Mon Aug 8 22:16:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 00:16:47 +0200 (CEST) Subject: SUSE-SU-2022:2696-1: important: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3) Message-ID: <20220808221647.60188FE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2696-1 Rating: important References: #1200605 #1201080 #1201222 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-34918 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_71 fixes several issues. The following security issues were fixed: - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2695=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2696=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_71-default-4-150300.2.1 kernel-livepatch-5_3_18-150300_59_76-default-3-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201222 From sle-updates at lists.suse.com Mon Aug 8 22:17:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 00:17:36 +0200 (CEST) Subject: SUSE-SU-2022:2697-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP4) Message-ID: <20220808221736.3D2CAFE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2697-1 Rating: important References: #1200605 #1201080 Cross-References: CVE-2022-1679 CVE-2022-20141 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2697=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_99-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 From sle-updates at lists.suse.com Tue Aug 9 01:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 03:16:06 +0200 (CEST) Subject: SUSE-SU-2022:2699-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) Message-ID: <20220809011606.1F878FE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2699-1 Rating: important References: #1200605 #1201080 #1201517 #1201655 #1201656 #1201657 Cross-References: CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2698=1 SUSE-SLE-Live-Patching-12-SP4-2022-2699=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_88-default-8-2.2 kgraft-patch-4_12_14-95_93-default-7-2.2 References: https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201655 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Tue Aug 9 07:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 09:16:06 +0200 (CEST) Subject: SUSE-SU-2022:2700-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP1) Message-ID: <20220809071606.1B6C0FE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2700-1 Rating: important References: #1200605 #1201080 #1201517 #1201655 #1201656 #1201657 Cross-References: CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_105 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2700=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_105-default-8-150100.2.2 References: https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201655 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Tue Aug 9 10:16:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 12:16:19 +0200 (CEST) Subject: SUSE-RU-2022:2702-1: moderate: Recommended update for python-paramiko Message-ID: <20220809101619.33A03FE27@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2702-1 Rating: moderate References: #1199454 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-paramiko fixes the following issues: - Fix deprecation warnings. NOTE: the '.travis' changes were excluded as the file doesn't exist in the tarball as it was used by upstream CI only. (bsc#1199454) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2702=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-paramiko-2.4.0-9.16.1 python-paramiko-doc-2.4.0-9.16.1 python3-paramiko-2.4.0-9.16.1 References: https://bugzilla.suse.com/1199454 From sle-updates at lists.suse.com Tue Aug 9 10:16:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 12:16:53 +0200 (CEST) Subject: SUSE-RU-2022:2705-1: moderate: Recommended update for yast2-sap-ha Message-ID: <20220809101653.13167FE27@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-sap-ha ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2705-1 Rating: moderate References: #1158843 #1186618 #1190774 #1197290 #1199029 #1200427 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for yast2-sap-ha fixes the following issues: - Introduce a new function refresh_all_proposals. This reads the proposal for the modules watchdog and fence. This is neccessary when reading an earlier configuration. - Use .gsub instead of File.basename to find all modules files. (bsc#1197290) - system/watchdog.rb searches watchdog modules with .ko extension but we ship .ko.xz (bsc#1197290) - softdog missing in Yast while configuring HA for SAP Products (bsc#1199029) - kmod-compat has broken dependencies (bsc#1186618) - "SUSE SAP HA Yast wizard for HANA does not configure the HANA hooks. (bsc#1190774) - Add SAPHanaSR via global.ini as proposoed. - Fix for broken gettext support (bsc#1158843) - YaST2 sap_ha tool does not allow digits at the beginning of site names (bsc#1200427) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-2705=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-2705=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-2705=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): yast2-sap-ha-1.0.15-150000.3.11.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): yast2-sap-ha-1.0.15-150000.3.11.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): yast2-sap-ha-1.0.15-150000.3.11.1 References: https://bugzilla.suse.com/1158843 https://bugzilla.suse.com/1186618 https://bugzilla.suse.com/1190774 https://bugzilla.suse.com/1197290 https://bugzilla.suse.com/1199029 https://bugzilla.suse.com/1200427 From sle-updates at lists.suse.com Tue Aug 9 10:17:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 12:17:50 +0200 (CEST) Subject: SUSE-RU-2022:2704-1: moderate: Re-release for SLE Base System Message-ID: <20220809101750.55048FE27@maintenance.suse.de> SUSE Recommended Update: Re-release for SLE Base System ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2704-1 Rating: moderate References: SLE-22800 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: Re-release for moving from Public Cloud to SLE Base System (jsc#SLE-22800) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2704=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python-pip-10.0.1-13.8.1 python3-pip-10.0.1-13.8.1 References: From sle-updates at lists.suse.com Tue Aug 9 10:18:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 12:18:21 +0200 (CEST) Subject: SUSE-RU-2022:2703-1: moderate: Recommended update for python-google-resumable-media Message-ID: <20220809101821.EB9CFFE27@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-google-resumable-media ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2703-1 Rating: moderate References: #1197841 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-google-resumable-media fixes the following issues: - Fix testsuite invocation (bsc#1197841) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2703=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2703=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2703=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2703=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2703=1 Package List: - openSUSE Leap 15.4 (noarch): python3-google-resumable-media-0.5.0-150200.5.6.1 - openSUSE Leap 15.3 (noarch): python2-google-resumable-media-0.5.0-150200.5.6.1 python3-google-resumable-media-0.5.0-150200.5.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): python3-google-resumable-media-0.5.0-150200.5.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-google-resumable-media-0.5.0-150200.5.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-google-resumable-media-0.5.0-150200.5.6.1 References: https://bugzilla.suse.com/1197841 From sle-updates at lists.suse.com Tue Aug 9 10:18:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 12:18:59 +0200 (CEST) Subject: SUSE-RU-2022:2706-1: moderate: Recommended update for postgresql Message-ID: <20220809101859.A7943FE27@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2706-1 Rating: moderate References: #1195680 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2706=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2706=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2706=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2706=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2706=1 Package List: - openSUSE Leap 15.4 (noarch): postgresql-14-150400.4.3.88 postgresql-contrib-14-150400.4.3.88 postgresql-devel-14-150400.4.3.88 postgresql-docs-14-150400.4.3.88 postgresql-llvmjit-14-150400.4.3.88 postgresql-plperl-14-150400.4.3.88 postgresql-plpython-14-150400.4.3.88 postgresql-pltcl-14-150400.4.3.88 postgresql-server-14-150400.4.3.88 postgresql-server-devel-14-150400.4.3.88 postgresql-test-14-150400.4.3.88 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): postgresql-contrib-14-150400.4.3.88 postgresql-devel-14-150400.4.3.88 postgresql-docs-14-150400.4.3.88 postgresql-plperl-14-150400.4.3.88 postgresql-plpython-14-150400.4.3.88 postgresql-pltcl-14-150400.4.3.88 postgresql-server-14-150400.4.3.88 postgresql-server-devel-14-150400.4.3.88 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): postgresql-14-150400.4.3.88 postgresql-contrib-14-150400.4.3.88 postgresql-devel-14-150400.4.3.88 postgresql-docs-14-150400.4.3.88 postgresql-llvmjit-14-150400.4.3.88 postgresql-llvmjit-devel-14-150400.4.3.88 postgresql-plperl-14-150400.4.3.88 postgresql-plpython-14-150400.4.3.88 postgresql-pltcl-14-150400.4.3.88 postgresql-server-14-150400.4.3.88 postgresql-server-devel-14-150400.4.3.88 postgresql-test-14-150400.4.3.88 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (noarch): postgresql-llvmjit-14-150400.4.3.88 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): postgresql-14-150400.4.3.88 References: https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Tue Aug 9 10:19:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 12:19:36 +0200 (CEST) Subject: SUSE-RU-2022:2701-1: moderate: Recommended update for python-google-apitools Message-ID: <20220809101936.1F2CDFE27@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-google-apitools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2701-1 Rating: moderate References: #1196763 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-google-apitools fixes the following issues: - Add patch to fix metaclass usage for six 1.11.0 (bsc#1196763) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2701=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-google-apitools-0.5.6-6.1 References: https://bugzilla.suse.com/1196763 From sle-updates at lists.suse.com Tue Aug 9 13:16:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 15:16:57 +0200 (CEST) Subject: SUSE-SU-2022:2707-1: important: Security update for java-11-openjdk Message-ID: <20220809131657.7A341FE27@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2707-1 Rating: important References: #1201684 #1201692 #1201694 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-34169 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2707=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2707=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2707=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2707=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2707=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2707=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2707=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2707=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2707=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2707=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2707=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2707=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2707=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2707=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2707=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2707=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2707=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2707=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2707=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2707=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2707=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2707=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2707=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2707=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2707=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-accessibility-11.0.16.0-150000.3.83.1 java-11-openjdk-accessibility-debuginfo-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 java-11-openjdk-jmods-11.0.16.0-150000.3.83.1 java-11-openjdk-src-11.0.16.0-150000.3.83.1 - openSUSE Leap 15.4 (noarch): java-11-openjdk-javadoc-11.0.16.0-150000.3.83.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-accessibility-11.0.16.0-150000.3.83.1 java-11-openjdk-accessibility-debuginfo-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 java-11-openjdk-jmods-11.0.16.0-150000.3.83.1 java-11-openjdk-src-11.0.16.0-150000.3.83.1 - openSUSE Leap 15.3 (noarch): java-11-openjdk-javadoc-11.0.16.0-150000.3.83.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Manager Proxy 4.1 (x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): java-11-openjdk-javadoc-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 - SUSE CaaS Platform 4.0 (x86_64): java-11-openjdk-11.0.16.0-150000.3.83.1 java-11-openjdk-debugsource-11.0.16.0-150000.3.83.1 java-11-openjdk-demo-11.0.16.0-150000.3.83.1 java-11-openjdk-devel-11.0.16.0-150000.3.83.1 java-11-openjdk-headless-11.0.16.0-150000.3.83.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-34169.html https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 From sle-updates at lists.suse.com Tue Aug 9 16:16:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:16:59 +0200 (CEST) Subject: SUSE-SU-2022:2721-1: important: Security update for the Linux Kernel Message-ID: <20220809161659.A2142FE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2721-1 Rating: important References: #1173514 #1196973 #1198829 #1200598 #1200762 #1200910 #1201251 #1201429 #1201635 #1201636 #1201742 #1201752 #1201930 #1201940 Cross-References: CVE-2020-15393 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2021-39713 CVE-2022-1462 CVE-2022-20166 CVE-2022-2318 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946 CVSS scores: CVE-2020-15393 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-15393 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-15393: Fixed a memory leak in the usbtest driver which could lead to denial of service (bnc#1173514). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs could lead to a use-after-free (bnc#1201429). - CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251). - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bnc#1196973). The following non-security bugs were fixed: - kvm: emulate: Do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2721=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.181.1 kernel-default-base-4.4.121-92.181.1 kernel-default-base-debuginfo-4.4.121-92.181.1 kernel-default-debuginfo-4.4.121-92.181.1 kernel-default-debugsource-4.4.121-92.181.1 kernel-default-devel-4.4.121-92.181.1 kernel-syms-4.4.121-92.181.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.181.1 kernel-macros-4.4.121-92.181.1 kernel-source-4.4.121-92.181.1 References: https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1196973 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201251 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201742 https://bugzilla.suse.com/1201752 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 From sle-updates at lists.suse.com Tue Aug 9 16:18:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:18:52 +0200 (CEST) Subject: SUSE-SU-2022:2720-1: important: Security update for the Linux Kernel Message-ID: <20220809161852.CA8E3FE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2720-1 Rating: important References: #1103269 #1114648 #1190812 #1195775 #1195926 #1198484 #1198829 #1200442 #1200598 #1200644 #1200651 #1200910 #1201196 #1201381 #1201429 #1201635 #1201636 #1201644 #1201651 #1201742 #1201752 #1201930 #1201940 #1201954 #1201958 Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-20166 CVE-2022-36946 CVSS scores: CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 18 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs could lead to a use-after-free (bnc#1201429). - CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools (bsc#1200442) - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - nfs: avoid NULL pointer dereference when there is unflushed data (bsc#1201196). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - lkdtm: Disable return thunks in rodata.c (bsc#1114648). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948). - powerpc/fadump: make crash memory ranges array allocation generic (bsc#1103269 ltc#169948). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201958). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201958). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201651). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201958). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201651). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201958). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201958). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201651). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201651). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201958). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201958). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201651). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201958). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201958). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201651). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201958). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201958). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201958). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201958). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201958). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201958). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201958). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201958). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201958). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201958). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201958). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201958). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201958). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201958). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201958). - scsi: qla2xxx: edif: bsg refactor (bsc#1201958). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1114648). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2720=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.106.1 kernel-azure-base-4.12.14-16.106.1 kernel-azure-base-debuginfo-4.12.14-16.106.1 kernel-azure-debuginfo-4.12.14-16.106.1 kernel-azure-debugsource-4.12.14-16.106.1 kernel-azure-devel-4.12.14-16.106.1 kernel-syms-azure-4.12.14-16.106.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.106.1 kernel-source-azure-4.12.14-16.106.1 References: https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1190812 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1198484 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200644 https://bugzilla.suse.com/1200651 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201196 https://bugzilla.suse.com/1201381 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201651 https://bugzilla.suse.com/1201742 https://bugzilla.suse.com/1201752 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 https://bugzilla.suse.com/1201954 https://bugzilla.suse.com/1201958 From sle-updates at lists.suse.com Tue Aug 9 16:21:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:21:27 +0200 (CEST) Subject: SUSE-SU-2022:2723-1: important: Security update for the Linux Kernel Message-ID: <20220809162127.2FB79FE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2723-1 Rating: important References: #1195775 #1195926 #1198484 #1198829 #1200442 #1200598 #1200910 #1201050 #1201429 #1201635 #1201636 #1201926 #1201930 #1201940 Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-20166 CVE-2022-36946 CVSS scores: CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 6 fixes is now available. Description: The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - kernel-binary.spec: check s390x vmlinux location As a side effect of mainline commit edd4a8667355 ("s390/boot: get rid of startup archive"), vmlinux on s390x moved from "compressed" subdirectory directly into arch/s390/boot. As the specfile is shared among branches, check both locations and let objcopy use one that exists. - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2723=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2723=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2723=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2723=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2723=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2723=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150000.150.98.1 kernel-default-base-4.12.14-150000.150.98.1 kernel-default-debuginfo-4.12.14-150000.150.98.1 kernel-default-debugsource-4.12.14-150000.150.98.1 kernel-default-devel-4.12.14-150000.150.98.1 kernel-default-devel-debuginfo-4.12.14-150000.150.98.1 kernel-obs-build-4.12.14-150000.150.98.1 kernel-obs-build-debugsource-4.12.14-150000.150.98.1 kernel-syms-4.12.14-150000.150.98.1 kernel-vanilla-base-4.12.14-150000.150.98.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1 kernel-vanilla-debuginfo-4.12.14-150000.150.98.1 kernel-vanilla-debugsource-4.12.14-150000.150.98.1 reiserfs-kmp-default-4.12.14-150000.150.98.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.98.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150000.150.98.1 kernel-docs-4.12.14-150000.150.98.2 kernel-macros-4.12.14-150000.150.98.1 kernel-source-4.12.14-150000.150.98.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150000.150.98.1 kernel-default-base-4.12.14-150000.150.98.1 kernel-default-debuginfo-4.12.14-150000.150.98.1 kernel-default-debugsource-4.12.14-150000.150.98.1 kernel-default-devel-4.12.14-150000.150.98.1 kernel-default-devel-debuginfo-4.12.14-150000.150.98.1 kernel-obs-build-4.12.14-150000.150.98.1 kernel-obs-build-debugsource-4.12.14-150000.150.98.1 kernel-syms-4.12.14-150000.150.98.1 kernel-vanilla-base-4.12.14-150000.150.98.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1 kernel-vanilla-debuginfo-4.12.14-150000.150.98.1 kernel-vanilla-debugsource-4.12.14-150000.150.98.1 reiserfs-kmp-default-4.12.14-150000.150.98.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.98.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.98.1 kernel-docs-4.12.14-150000.150.98.2 kernel-macros-4.12.14-150000.150.98.1 kernel-source-4.12.14-150000.150.98.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150000.150.98.1 kernel-zfcpdump-debuginfo-4.12.14-150000.150.98.1 kernel-zfcpdump-debugsource-4.12.14-150000.150.98.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150000.150.98.1 kernel-default-debugsource-4.12.14-150000.150.98.1 kernel-default-livepatch-4.12.14-150000.150.98.1 kernel-livepatch-4_12_14-150000_150_98-default-1-150000.1.3.1 kernel-livepatch-4_12_14-150000_150_98-default-debuginfo-1-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150000.150.98.1 kernel-default-base-4.12.14-150000.150.98.1 kernel-default-debuginfo-4.12.14-150000.150.98.1 kernel-default-debugsource-4.12.14-150000.150.98.1 kernel-default-devel-4.12.14-150000.150.98.1 kernel-default-devel-debuginfo-4.12.14-150000.150.98.1 kernel-obs-build-4.12.14-150000.150.98.1 kernel-obs-build-debugsource-4.12.14-150000.150.98.1 kernel-syms-4.12.14-150000.150.98.1 kernel-vanilla-base-4.12.14-150000.150.98.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1 kernel-vanilla-debuginfo-4.12.14-150000.150.98.1 kernel-vanilla-debugsource-4.12.14-150000.150.98.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.98.1 kernel-docs-4.12.14-150000.150.98.2 kernel-macros-4.12.14-150000.150.98.1 kernel-source-4.12.14-150000.150.98.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150000.150.98.1 kernel-default-base-4.12.14-150000.150.98.1 kernel-default-debuginfo-4.12.14-150000.150.98.1 kernel-default-debugsource-4.12.14-150000.150.98.1 kernel-default-devel-4.12.14-150000.150.98.1 kernel-default-devel-debuginfo-4.12.14-150000.150.98.1 kernel-obs-build-4.12.14-150000.150.98.1 kernel-obs-build-debugsource-4.12.14-150000.150.98.1 kernel-syms-4.12.14-150000.150.98.1 kernel-vanilla-base-4.12.14-150000.150.98.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.98.1 kernel-vanilla-debuginfo-4.12.14-150000.150.98.1 kernel-vanilla-debugsource-4.12.14-150000.150.98.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150000.150.98.1 kernel-docs-4.12.14-150000.150.98.2 kernel-macros-4.12.14-150000.150.98.1 kernel-source-4.12.14-150000.150.98.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150000.150.98.1 cluster-md-kmp-default-debuginfo-4.12.14-150000.150.98.1 dlm-kmp-default-4.12.14-150000.150.98.1 dlm-kmp-default-debuginfo-4.12.14-150000.150.98.1 gfs2-kmp-default-4.12.14-150000.150.98.1 gfs2-kmp-default-debuginfo-4.12.14-150000.150.98.1 kernel-default-debuginfo-4.12.14-150000.150.98.1 kernel-default-debugsource-4.12.14-150000.150.98.1 ocfs2-kmp-default-4.12.14-150000.150.98.1 ocfs2-kmp-default-debuginfo-4.12.14-150000.150.98.1 References: https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1198484 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201926 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 From sle-updates at lists.suse.com Tue Aug 9 16:23:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:23:13 +0200 (CEST) Subject: SUSE-SU-2022:2718-1: moderate: Security update for ncurses Message-ID: <20220809162313.AA5C9FE27@maintenance.suse.de> SUSE Security Update: Security update for ncurses ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2718-1 Rating: moderate References: #1198627 Cross-References: CVE-2022-29458 CVSS scores: CVE-2022-29458 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-29458 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2718=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2718=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ncurses-debugsource-5.9-78.1 ncurses-devel-5.9-78.1 ncurses-devel-debuginfo-5.9-78.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libncurses5-5.9-78.1 libncurses5-debuginfo-5.9-78.1 libncurses6-5.9-78.1 libncurses6-debuginfo-5.9-78.1 ncurses-debugsource-5.9-78.1 ncurses-devel-5.9-78.1 ncurses-devel-debuginfo-5.9-78.1 ncurses-utils-5.9-78.1 ncurses-utils-debuginfo-5.9-78.1 tack-5.9-78.1 tack-debuginfo-5.9-78.1 terminfo-5.9-78.1 terminfo-base-5.9-78.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libncurses5-32bit-5.9-78.1 libncurses5-debuginfo-32bit-5.9-78.1 libncurses6-32bit-5.9-78.1 libncurses6-debuginfo-32bit-5.9-78.1 ncurses-devel-32bit-5.9-78.1 ncurses-devel-debuginfo-32bit-5.9-78.1 References: https://www.suse.com/security/cve/CVE-2022-29458.html https://bugzilla.suse.com/1198627 From sle-updates at lists.suse.com Tue Aug 9 16:23:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:23:51 +0200 (CEST) Subject: SUSE-SU-2022:2713-1: important: Security update for bind Message-ID: <20220809162351.BC5DDFE27@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2713-1 Rating: important References: #1192146 #1197135 #1197136 #1199044 #1200685 SLE-24600 Cross-References: CVE-2021-25219 CVE-2021-25220 CVE-2022-0396 CVSS scores: CVE-2021-25219 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-25219 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-25220 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N CVE-2021-25220 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N CVE-2022-0396 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-0396 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities, contains one feature and has two fixes is now available. Description: This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135). - CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136). The following non-security bugs were fixed: - Update to release 9.16.31 (jsc#SLE-24600). - Logrotation broken since dropping chroot (bsc#1200685). - A non-existent initialization script (eg a leftorver "createNamedConfInclude" in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2713=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2713=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2713=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bind-9.16.31-150400.5.6.1 bind-debuginfo-9.16.31-150400.5.6.1 bind-debugsource-9.16.31-150400.5.6.1 bind-utils-9.16.31-150400.5.6.1 bind-utils-debuginfo-9.16.31-150400.5.6.1 - openSUSE Leap 15.4 (noarch): bind-doc-9.16.31-150400.5.6.1 python3-bind-9.16.31-150400.5.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): bind-9.16.31-150400.5.6.1 bind-debuginfo-9.16.31-150400.5.6.1 bind-debugsource-9.16.31-150400.5.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): bind-doc-9.16.31-150400.5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.31-150400.5.6.1 bind-debugsource-9.16.31-150400.5.6.1 bind-utils-9.16.31-150400.5.6.1 bind-utils-debuginfo-9.16.31-150400.5.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-bind-9.16.31-150400.5.6.1 References: https://www.suse.com/security/cve/CVE-2021-25219.html https://www.suse.com/security/cve/CVE-2021-25220.html https://www.suse.com/security/cve/CVE-2022-0396.html https://bugzilla.suse.com/1192146 https://bugzilla.suse.com/1197135 https://bugzilla.suse.com/1197136 https://bugzilla.suse.com/1199044 https://bugzilla.suse.com/1200685 From sle-updates at lists.suse.com Tue Aug 9 16:24:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:24:50 +0200 (CEST) Subject: SUSE-SU-2022:2719-1: important: Security update for the Linux Kernel Message-ID: <20220809162450.C5721FE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2719-1 Rating: important References: #1103269 #1114648 #1190812 #1195775 #1195926 #1198484 #1198829 #1200442 #1200598 #1200644 #1200651 #1200910 #1201196 #1201381 #1201429 #1201635 #1201636 #1201644 #1201651 #1201930 #1201940 #1201954 #1201958 Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-20166 CVE-2022-36946 CVSS scores: CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 16 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Drop qla2xxx patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958) - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - arch_topology: Do not set llc_sibling if llc_id is invalid (git-fixes). - blk-cgroup: synchronize blkg creation against policy deactivation (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bnxt_en: Re-write PCI BARs after PCI fatal error (git-fixes). - bnxt_en: Remove the setting of dev_port (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb3/l2t: Fix undefined behaviour (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - kabi/severities: add cxgb3 network driver - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - latent_entropy: avoid build error when plugin cflags are not set (git-fixes). - lib/hexdump.c: return -EINVAL in case of error in hex2bin() (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1114648). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - mvpp2: suppress warning (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: fec: check DMA addressing limitations (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: hamradio: fix memory leak in mkiss_close (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: ll_temac: Fix TX BD buffer overwrite (git-fixes). - net: ll_temac: Fix bug causing buffer descriptor overrun (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: macb: mark device wake capable when "magic-packet" property present (git-fixes). - net: mdio: octeon: Fix some double free issues (git-fixes). - net: mdio: thunder: Fix a double free issue in the .remove function (git-fixes). - net: stmmac: Fix misuses of GENMASK macro (git-fixes). - net: stmmac: dwmac1000: Disable ACS if enhanced descs are not used (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: xilinx_emaclite: Do not print real IOMEM pointer (git-fixes). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: make crash memory ranges array allocation generic (bsc#1103269 ltc#169948 git-fixes). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - random: always fill buffer in get_random_bytes_wait (git-fixes). - random: fix crash on multiple early calls to (git-fixes) - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (git-fixes). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201958). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201958). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201651). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201958). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201651). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201958). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201958). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201651). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201651). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201958). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201958). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201651). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201958). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201958). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201651). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201958). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201958). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201958). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201958). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201958). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201958). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201958). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201958). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201958). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201958). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201958). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201958). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201958). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201958). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201958). - scsi: qla2xxx: edif: bsg refactor (bsc#1201958). - serial: mvebu-uart: correctly report configured baudrate value (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - usbnet: fix memory allocation in helpers. - usbnet: fix memory leak in error case (git-fixes). - vrf: Fix IPv6 with qdisc and xfrm (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1114648). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2719=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2719=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2719=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2719=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2719=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.130.1 kernel-default-debugsource-4.12.14-122.130.1 kernel-default-extra-4.12.14-122.130.1 kernel-default-extra-debuginfo-4.12.14-122.130.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.130.1 kernel-obs-build-debugsource-4.12.14-122.130.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.130.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.130.1 kernel-default-base-4.12.14-122.130.1 kernel-default-base-debuginfo-4.12.14-122.130.1 kernel-default-debuginfo-4.12.14-122.130.1 kernel-default-debugsource-4.12.14-122.130.1 kernel-default-devel-4.12.14-122.130.1 kernel-syms-4.12.14-122.130.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.130.1 kernel-macros-4.12.14-122.130.1 kernel-source-4.12.14-122.130.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.130.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.130.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.130.1 kernel-default-debugsource-4.12.14-122.130.1 kernel-default-kgraft-4.12.14-122.130.1 kernel-default-kgraft-devel-4.12.14-122.130.1 kgraft-patch-4_12_14-122_130-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.130.1 cluster-md-kmp-default-debuginfo-4.12.14-122.130.1 dlm-kmp-default-4.12.14-122.130.1 dlm-kmp-default-debuginfo-4.12.14-122.130.1 gfs2-kmp-default-4.12.14-122.130.1 gfs2-kmp-default-debuginfo-4.12.14-122.130.1 kernel-default-debuginfo-4.12.14-122.130.1 kernel-default-debugsource-4.12.14-122.130.1 ocfs2-kmp-default-4.12.14-122.130.1 ocfs2-kmp-default-debuginfo-4.12.14-122.130.1 References: https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1190812 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1198484 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200644 https://bugzilla.suse.com/1200651 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201196 https://bugzilla.suse.com/1201381 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201651 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 https://bugzilla.suse.com/1201954 https://bugzilla.suse.com/1201958 From sle-updates at lists.suse.com Tue Aug 9 16:27:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:27:19 +0200 (CEST) Subject: SUSE-SU-2022:2722-1: important: Security update for the Linux Kernel Message-ID: <20220809162719.9807BFE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2722-1 Rating: important References: #1190256 #1190497 #1198410 #1198829 #1199086 #1199291 #1199364 #1199665 #1199670 #1200015 #1200465 #1200494 #1200644 #1200651 #1201258 #1201323 #1201381 #1201391 #1201427 #1201458 #1201471 #1201524 #1201592 #1201593 #1201595 #1201596 #1201635 #1201651 #1201675 #1201691 #1201705 #1201725 #1201846 #1201930 #1201954 #1201958 SLE-18130 SLE-20183 SLE-21132 SLE-24569 SLE-24570 SLE-24571 SLE-24578 SLE-24635 SLE-24682 Cross-References: CVE-2021-33655 CVE-2022-1462 CVE-2022-21505 CVE-2022-29581 CVE-2022-32250 CVSS scores: CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains 9 features and has 31 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue (bnc#1200015, bnc#1200494). The following non-security bugs were fixed: - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: Fix deadlock on resume (git-fixes). - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Documentation: add description for net.core.gro_normal_batch (git-fixes). - Documentation: add description for net.sctp.ecn_enable (git-fixes). - Documentation: add description for net.sctp.intl_enable (git-fixes). - Documentation: add description for net.sctp.reconf_enable (git-fixes). - Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes). - Documentation: move watch_queue to core-api (git-fixes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - XArray: Update the LRU list in xas_split() (git-fixes). - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - arm_pmu: Validate single/group leader events (git-fixes). - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - batman-adv: Use netif_rx() (git-fixes). - bcmgenet: add WOL IRQ check (git-fixes). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - bitfield.h: Fix "type of reg too small for mask" test (git-fixes). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - cifs: fix reconnect on smb3 mount types (bsc#1201427). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - device property: Check fwnode->secondary when finding properties (git-fixes). - dm: do not stop request queue after the dm device is suspended (bsc#1201651). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - drivers: net: smc911x: Check for error irq (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - ethtool: Fix get module eeprom fallback (bsc#1201323). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - exfat: use updated exfat_chain directly during renaming (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - fjes: Check for error irq (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim does not write the inode (bsc#1201592). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - gve: Recording rx queue before sending to napi (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - i2c: smbus: Check for parent device before dereference (git-fixes). - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - ice: Fix error with handling of bonding MTU (git-fixes). - ice: Fix race condition during interface enslave (git-fixes). - ice: stop disabling VFs due to PF error responses (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI workaround for phy_device changes (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kABI workaround for snd-soc-rt5682-* (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - kABI: fix adding field to ufs_hba (git-fixes). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for "i2c: smbus: Use device_*() functions instead of of_*()" - kabi/severities: Exclude ppc kvm - kabi/severities: add intel ice - kabi/severities: add stmmac network driver local symbols - kabi/severities: ignore dropped symbol rt5682_headset_detect - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - kselftest: signal all child processes (git-fixes). - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Use square brackets around "landlock-ruleset" (git-fixes). - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - lockdep: Correct lock_classes index mapping (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - memregion: Fix memregion_free() fallback definition (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - natsemi: xtensa: fix section mismatch warnings (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - net: altera: set a couple error code in probe() (git-fixes). - net: amd-xgbe: Fix skb data length underflow (git-fixes). - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - net: axienet: Fix TX ring slot available check (git-fixes). - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - net: axienet: add missing memory barriers (git-fixes). - net: axienet: fix for TX busy handling (git-fixes). - net: axienet: fix number of TX ring slots for available check (git-fixes). - net: axienet: increase default TX ring size to 128 (git-fixes). - net: axienet: increase reset timeout (git-fixes). - net: axienet: limit minimum TX ring size (git-fixes). - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: bcmgenet: skip invalid partial checksums (git-fixes). - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes). - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: felix: do not use devres for mdiobus (git-fixes). - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - net: dsa: lan9303: fix reset on probe (git-fixes). - net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes). - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - net: ipa: add an interconnect dependency (git-fixes). - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - net: ipa: prevent concurrent replenish (git-fixes). - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - net: ks8851: Check for error irq (git-fixes). - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - net: mscc: ocelot: fix using match before it is set (git-fixes). - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - net: mvpp2: fix XDP rx queues registering (git-fixes). - net: phy: Do not trigger state machine while in suspend (git-fixes). - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - net: sfp: ignore disabled SFP node (git-fixes). - net: sparx5: Fix add vlan when invalid operation (git-fixes). - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - net: stmmac: Add platform level debug register dump feature (git-fixes). - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - net: stmmac: fix return value of __setup handler (git-fixes). - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - net: sxgbe: fix return value of __setup handler (git-fixes). - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - netdevsim: do not overwrite read only ethtool parms (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - nouveau/svm: Fix to migrate all requested pages (git-fixes). - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: consider also host_iface when checking ip options (bsc#1199670). - nvme: implement In-Band authentication (jsc#SLE-20183). - nvme: kabi fixes for in-band authentication (bsc#1199086). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: wait until quiesce is done (bsc#1201651). - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - octeontx2-af: Do not fixup all VF action entries (git-fixes). - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - octeontx2-pf: Forward error codes to VF (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - qede: validate non LSO skb length (git-fixes). - r8152: fix a WOL issue (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - rocker: fix a sleeping in atomic bug (git-fixes). - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - scripts/gdb: change kernel config dumping method (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Add tests for unknown access rights (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Fully test file rename with "remove" access (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - spi: amd: Limit max transfer and message size (git-fixes). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183) - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - tee: fix put order in teedev_close_context() (git-fixes). - tee: optee: do not check memref size on return from Secure World (git-fixes). - tee: tee_get_drvdata(): fix description of return value (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - tun: fix bonding active backup with arp monitoring (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - udmabuf: add back sanity check (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: serial: ftdi_sio: add Belimo device ids (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - veth: Do not record rx queue hint in veth_xmit (git-fixes). - veth: ensure skb entering GRO are not cloned (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch_queue: Fix missing rcu annotation (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1190497). - x86/entry: Remove skip_r11rcx (bsc#1201524). - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2722=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2722=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-azure-5.14.21-150400.14.10.1 cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.10.1 dlm-kmp-azure-5.14.21-150400.14.10.1 dlm-kmp-azure-debuginfo-5.14.21-150400.14.10.1 gfs2-kmp-azure-5.14.21-150400.14.10.1 gfs2-kmp-azure-debuginfo-5.14.21-150400.14.10.1 kernel-azure-5.14.21-150400.14.10.1 kernel-azure-debuginfo-5.14.21-150400.14.10.1 kernel-azure-debugsource-5.14.21-150400.14.10.1 kernel-azure-devel-5.14.21-150400.14.10.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.10.1 kernel-azure-extra-5.14.21-150400.14.10.1 kernel-azure-extra-debuginfo-5.14.21-150400.14.10.1 kernel-azure-livepatch-devel-5.14.21-150400.14.10.1 kernel-azure-optional-5.14.21-150400.14.10.1 kernel-azure-optional-debuginfo-5.14.21-150400.14.10.1 kernel-syms-azure-5.14.21-150400.14.10.1 kselftests-kmp-azure-5.14.21-150400.14.10.1 kselftests-kmp-azure-debuginfo-5.14.21-150400.14.10.1 ocfs2-kmp-azure-5.14.21-150400.14.10.1 ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.10.1 reiserfs-kmp-azure-5.14.21-150400.14.10.1 reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.10.1 - openSUSE Leap 15.4 (noarch): kernel-devel-azure-5.14.21-150400.14.10.1 kernel-source-azure-5.14.21-150400.14.10.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): kernel-azure-5.14.21-150400.14.10.1 kernel-azure-debuginfo-5.14.21-150400.14.10.1 kernel-azure-debugsource-5.14.21-150400.14.10.1 kernel-azure-devel-5.14.21-150400.14.10.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.10.1 kernel-syms-azure-5.14.21-150400.14.10.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): kernel-devel-azure-5.14.21-150400.14.10.1 kernel-source-azure-5.14.21-150400.14.10.1 References: https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-21505.html https://www.suse.com/security/cve/CVE-2022-29581.html https://www.suse.com/security/cve/CVE-2022-32250.html https://bugzilla.suse.com/1190256 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1198410 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1199086 https://bugzilla.suse.com/1199291 https://bugzilla.suse.com/1199364 https://bugzilla.suse.com/1199665 https://bugzilla.suse.com/1199670 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200465 https://bugzilla.suse.com/1200494 https://bugzilla.suse.com/1200644 https://bugzilla.suse.com/1200651 https://bugzilla.suse.com/1201258 https://bugzilla.suse.com/1201323 https://bugzilla.suse.com/1201381 https://bugzilla.suse.com/1201391 https://bugzilla.suse.com/1201427 https://bugzilla.suse.com/1201458 https://bugzilla.suse.com/1201471 https://bugzilla.suse.com/1201524 https://bugzilla.suse.com/1201592 https://bugzilla.suse.com/1201593 https://bugzilla.suse.com/1201595 https://bugzilla.suse.com/1201596 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201651 https://bugzilla.suse.com/1201675 https://bugzilla.suse.com/1201691 https://bugzilla.suse.com/1201705 https://bugzilla.suse.com/1201725 https://bugzilla.suse.com/1201846 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201954 https://bugzilla.suse.com/1201958 From sle-updates at lists.suse.com Tue Aug 9 16:30:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:30:39 +0200 (CEST) Subject: SUSE-SU-2022:2712-1: important: Security update for u-boot Message-ID: <20220809163039.167CBFE27@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2712-1 Rating: important References: #1201214 Cross-References: CVE-2022-34835 CVSS scores: CVE-2022-34835 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34835 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-34835: Fixed stack buffer overflow vulnerability in i2c md command (bsc#1201214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2712=1 Package List: - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): u-boot-rpi3-2018.03-4.9.1 u-boot-tools-2018.03-4.9.1 u-boot-tools-debuginfo-2018.03-4.9.1 References: https://www.suse.com/security/cve/CVE-2022-34835.html https://bugzilla.suse.com/1201214 From sle-updates at lists.suse.com Tue Aug 9 16:31:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:31:21 +0200 (CEST) Subject: SUSE-SU-2022:2717-1: moderate: Security update for ncurses Message-ID: <20220809163121.51BFDFE27@maintenance.suse.de> SUSE Security Update: Security update for ncurses ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2717-1 Rating: moderate References: #1198627 Cross-References: CVE-2022-29458 CVSS scores: CVE-2022-29458 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-29458 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2717=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2717=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2717=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2717=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2717=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2717=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2717=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2717=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2717=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2717=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libncurses5-6.1-150000.5.12.1 libncurses5-debuginfo-6.1-150000.5.12.1 libncurses6-6.1-150000.5.12.1 libncurses6-debuginfo-6.1-150000.5.12.1 ncurses-debugsource-6.1-150000.5.12.1 ncurses-devel-6.1-150000.5.12.1 ncurses-devel-debuginfo-6.1-150000.5.12.1 ncurses-utils-6.1-150000.5.12.1 ncurses-utils-debuginfo-6.1-150000.5.12.1 ncurses5-devel-6.1-150000.5.12.1 tack-6.1-150000.5.12.1 tack-debuginfo-6.1-150000.5.12.1 terminfo-6.1-150000.5.12.1 terminfo-base-6.1-150000.5.12.1 terminfo-iterm-6.1-150000.5.12.1 terminfo-screen-6.1-150000.5.12.1 - openSUSE Leap 15.4 (x86_64): libncurses5-32bit-6.1-150000.5.12.1 libncurses5-32bit-debuginfo-6.1-150000.5.12.1 libncurses6-32bit-6.1-150000.5.12.1 libncurses6-32bit-debuginfo-6.1-150000.5.12.1 ncurses-devel-32bit-6.1-150000.5.12.1 ncurses-devel-32bit-debuginfo-6.1-150000.5.12.1 ncurses5-devel-32bit-6.1-150000.5.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libncurses5-6.1-150000.5.12.1 libncurses5-debuginfo-6.1-150000.5.12.1 libncurses6-6.1-150000.5.12.1 libncurses6-debuginfo-6.1-150000.5.12.1 ncurses-debugsource-6.1-150000.5.12.1 ncurses-devel-6.1-150000.5.12.1 ncurses-devel-debuginfo-6.1-150000.5.12.1 ncurses-utils-6.1-150000.5.12.1 ncurses-utils-debuginfo-6.1-150000.5.12.1 ncurses5-devel-6.1-150000.5.12.1 tack-6.1-150000.5.12.1 tack-debuginfo-6.1-150000.5.12.1 terminfo-6.1-150000.5.12.1 terminfo-base-6.1-150000.5.12.1 terminfo-iterm-6.1-150000.5.12.1 terminfo-screen-6.1-150000.5.12.1 - openSUSE Leap 15.3 (x86_64): libncurses5-32bit-6.1-150000.5.12.1 libncurses5-32bit-debuginfo-6.1-150000.5.12.1 libncurses6-32bit-6.1-150000.5.12.1 libncurses6-32bit-debuginfo-6.1-150000.5.12.1 ncurses-devel-32bit-6.1-150000.5.12.1 ncurses-devel-32bit-debuginfo-6.1-150000.5.12.1 ncurses5-devel-32bit-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): libncurses5-6.1-150000.5.12.1 libncurses5-debuginfo-6.1-150000.5.12.1 ncurses-debugsource-6.1-150000.5.12.1 ncurses5-devel-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (x86_64): libncurses5-32bit-6.1-150000.5.12.1 libncurses5-32bit-debuginfo-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): libncurses5-6.1-150000.5.12.1 libncurses5-debuginfo-6.1-150000.5.12.1 ncurses-debugsource-6.1-150000.5.12.1 ncurses5-devel-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (x86_64): libncurses5-32bit-6.1-150000.5.12.1 libncurses5-32bit-debuginfo-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): ncurses-debugsource-6.1-150000.5.12.1 ncurses-devel-32bit-6.1-150000.5.12.1 ncurses-devel-32bit-debuginfo-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): ncurses-debugsource-6.1-150000.5.12.1 ncurses-devel-32bit-6.1-150000.5.12.1 ncurses-devel-32bit-debuginfo-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libncurses6-6.1-150000.5.12.1 libncurses6-debuginfo-6.1-150000.5.12.1 ncurses-debugsource-6.1-150000.5.12.1 ncurses-devel-6.1-150000.5.12.1 ncurses-devel-debuginfo-6.1-150000.5.12.1 ncurses-utils-6.1-150000.5.12.1 ncurses-utils-debuginfo-6.1-150000.5.12.1 tack-6.1-150000.5.12.1 tack-debuginfo-6.1-150000.5.12.1 terminfo-6.1-150000.5.12.1 terminfo-base-6.1-150000.5.12.1 terminfo-iterm-6.1-150000.5.12.1 terminfo-screen-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libncurses6-32bit-6.1-150000.5.12.1 libncurses6-32bit-debuginfo-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libncurses6-6.1-150000.5.12.1 libncurses6-debuginfo-6.1-150000.5.12.1 ncurses-debugsource-6.1-150000.5.12.1 ncurses-devel-6.1-150000.5.12.1 ncurses-devel-debuginfo-6.1-150000.5.12.1 ncurses-utils-6.1-150000.5.12.1 ncurses-utils-debuginfo-6.1-150000.5.12.1 tack-6.1-150000.5.12.1 tack-debuginfo-6.1-150000.5.12.1 terminfo-6.1-150000.5.12.1 terminfo-base-6.1-150000.5.12.1 terminfo-iterm-6.1-150000.5.12.1 terminfo-screen-6.1-150000.5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libncurses6-32bit-6.1-150000.5.12.1 libncurses6-32bit-debuginfo-6.1-150000.5.12.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libncurses6-6.1-150000.5.12.1 libncurses6-debuginfo-6.1-150000.5.12.1 ncurses-debugsource-6.1-150000.5.12.1 ncurses-utils-6.1-150000.5.12.1 ncurses-utils-debuginfo-6.1-150000.5.12.1 terminfo-6.1-150000.5.12.1 terminfo-base-6.1-150000.5.12.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libncurses6-6.1-150000.5.12.1 libncurses6-debuginfo-6.1-150000.5.12.1 ncurses-debugsource-6.1-150000.5.12.1 ncurses-utils-6.1-150000.5.12.1 ncurses-utils-debuginfo-6.1-150000.5.12.1 terminfo-6.1-150000.5.12.1 terminfo-base-6.1-150000.5.12.1 References: https://www.suse.com/security/cve/CVE-2022-29458.html https://bugzilla.suse.com/1198627 From sle-updates at lists.suse.com Tue Aug 9 16:32:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:32:04 +0200 (CEST) Subject: SUSE-SU-2022:2710-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) Message-ID: <20220809163204.6246DFE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2710-1 Rating: important References: #1200605 #1201080 #1201655 Cross-References: CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVSS scores: CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_111 fixes several issues. The following security issues were fixed: - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2710=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2715=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_111-default-6-150100.2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_96-default-6-2.2 References: https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201655 From sle-updates at lists.suse.com Tue Aug 9 16:32:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:32:54 +0200 (CEST) Subject: SUSE-RU-2022:2711-1: moderate: Recommended update for libnvme, nvme-cli Message-ID: <20220809163254.D77D8FE27@maintenance.suse.de> SUSE Recommended Update: Recommended update for libnvme, nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2711-1 Rating: moderate References: #1199503 #1199504 #1199956 #1199990 #1199994 #1200044 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for libnvme, nvme-cli fixes the following issues: - Reduce log noise and export error codes (bsc#1199994 bsc#1199503) - Apply configuration from JSON file (bsc#1199503) - fabrics: Already connected uses a different error code (bsc#1199994) - fabrics: skip connect if the transport types don't match (bsc#1199994) - nvme-print: Show ANA state only for one namespace (bsc#1200044 bsc#1199956 bsc#1199990) - fabrics: Honor config file for connect-all (bsc#1199504) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2711=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2711=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libnvme-debuginfo-1.0-150400.3.3.4 libnvme-debugsource-1.0-150400.3.3.4 libnvme-devel-1.0-150400.3.3.4 libnvme1-1.0-150400.3.3.4 libnvme1-debuginfo-1.0-150400.3.3.4 nvme-cli-2.0-150400.3.3.3 nvme-cli-bash-completion-2.0-150400.3.3.3 nvme-cli-debuginfo-2.0-150400.3.3.3 nvme-cli-debugsource-2.0-150400.3.3.3 nvme-cli-regress-script-2.0-150400.3.3.3 nvme-cli-zsh-completion-2.0-150400.3.3.3 python3-libnvme-1.0-150400.3.3.4 python3-libnvme-debuginfo-1.0-150400.3.3.4 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libnvme-debuginfo-1.0-150400.3.3.4 libnvme-debugsource-1.0-150400.3.3.4 libnvme-devel-1.0-150400.3.3.4 libnvme1-1.0-150400.3.3.4 libnvme1-debuginfo-1.0-150400.3.3.4 nvme-cli-2.0-150400.3.3.3 nvme-cli-bash-completion-2.0-150400.3.3.3 nvme-cli-debuginfo-2.0-150400.3.3.3 nvme-cli-debugsource-2.0-150400.3.3.3 nvme-cli-zsh-completion-2.0-150400.3.3.3 python3-libnvme-1.0-150400.3.3.4 python3-libnvme-debuginfo-1.0-150400.3.3.4 References: https://bugzilla.suse.com/1199503 https://bugzilla.suse.com/1199504 https://bugzilla.suse.com/1199956 https://bugzilla.suse.com/1199990 https://bugzilla.suse.com/1199994 https://bugzilla.suse.com/1200044 From sle-updates at lists.suse.com Tue Aug 9 16:33:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:33:53 +0200 (CEST) Subject: SUSE-SU-2022:2709-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15) Message-ID: <20220809163353.A9AB9FE27@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2709-1 Rating: important References: #1200605 #1201080 #1201517 #1201655 #1201656 #1201657 Cross-References: CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_78 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2708=1 SUSE-SLE-Module-Live-Patching-15-2022-2709=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2714=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_78-default-12-150000.2.2 kernel-livepatch-4_12_14-150_78-default-debuginfo-12-150000.2.2 kernel-livepatch-4_12_14-150_83-default-8-150000.2.2 kernel-livepatch-4_12_14-150_83-default-debuginfo-8-150000.2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_83-default-12-2.2 References: https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201655 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Tue Aug 9 16:35:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 9 Aug 2022 18:35:04 +0200 (CEST) Subject: SUSE-SU-2022:2716-1: moderate: Security update for mokutil Message-ID: <20220809163504.D5CEDFE27@maintenance.suse.de> SUSE Security Update: Security update for mokutil ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2716-1 Rating: moderate References: #1198458 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2716=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2716=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2716=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2716=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2716=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2716=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): mokutil-0.2.0-12.3.1 mokutil-debuginfo-0.2.0-12.3.1 mokutil-debugsource-0.2.0-12.3.1 - SUSE OpenStack Cloud 9 (x86_64): mokutil-0.2.0-12.3.1 mokutil-debuginfo-0.2.0-12.3.1 mokutil-debugsource-0.2.0-12.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): mokutil-0.2.0-12.3.1 mokutil-debuginfo-0.2.0-12.3.1 mokutil-debugsource-0.2.0-12.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): mokutil-0.2.0-12.3.1 mokutil-debuginfo-0.2.0-12.3.1 mokutil-debugsource-0.2.0-12.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): mokutil-0.2.0-12.3.1 mokutil-debuginfo-0.2.0-12.3.1 mokutil-debugsource-0.2.0-12.3.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): mokutil-0.2.0-12.3.1 mokutil-debuginfo-0.2.0-12.3.1 mokutil-debugsource-0.2.0-12.3.1 References: https://bugzilla.suse.com/1198458 From sle-updates at lists.suse.com Tue Aug 9 22:17:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 00:17:11 +0200 (CEST) Subject: SUSE-SU-2022:2728-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP1) Message-ID: <20220809221711.F0B03FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2728-1 Rating: important References: #1200605 #1201080 #1201517 #1201655 #1201656 #1201657 Cross-References: CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_108 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2728=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-2730=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2729=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-12-150100.2.2 kernel-livepatch-4_12_14-197_108-default-7-150100.2.2 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_86-default-7-150000.2.2 kernel-livepatch-4_12_14-150_86-default-debuginfo-7-150000.2.2 References: https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201655 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Tue Aug 9 22:18:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 00:18:18 +0200 (CEST) Subject: SUSE-SU-2022:2727-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) Message-ID: <20220809221818.A9B17FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2727-1 Rating: important References: #1200605 #1201080 #1201222 #1201517 #1201657 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-28389 CVE-2022-28390 CVE-2022-34918 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_60 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2727=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_60-default-9-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Wed Aug 10 01:16:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 03:16:36 +0200 (CEST) Subject: SUSE-SU-2022:2732-1: important: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) Message-ID: <20220810011636.9E7D9FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 17 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2732-1 Rating: important References: #1200605 #1201080 #1201222 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-34918 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_63 fixes several issues. The following security issues were fixed: - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2732=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_63-default-6-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201222 From sle-updates at lists.suse.com Wed Aug 10 01:17:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 03:17:34 +0200 (CEST) Subject: SUSE-SU-2022:2726-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) Message-ID: <20220810011734.992EEFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2726-1 Rating: important References: #1200605 #1201080 #1201222 #1201517 #1201656 #1201657 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVE-2022-34918 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_49 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2724=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2725=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2726=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2731=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-12-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-12-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-12-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-12-150300.2.2 kernel-livepatch-5_3_18-150300_59_49-default-11-150300.2.2 kernel-livepatch-5_3_18-150300_59_54-default-10-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Wed Aug 10 07:16:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 09:16:33 +0200 (CEST) Subject: SUSE-RU-2022:2737-1: moderate: Recommended update for gedit Message-ID: <20220810071633.CD663FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gedit ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2737-1 Rating: moderate References: #1198312 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gedit fixes the following issues: - Add necessary dependency to resolve schema "is not installed" error after install in WSL (bsc#1198312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2737=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2737=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2737=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gedit-40.1-150400.4.3.1 gedit-debuginfo-40.1-150400.4.3.1 gedit-debugsource-40.1-150400.4.3.1 gedit-devel-40.1-150400.4.3.1 - openSUSE Leap 15.4 (noarch): gedit-lang-40.1-150400.4.3.1 python3-gedit-40.1-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gedit-40.1-150400.4.3.1 gedit-debuginfo-40.1-150400.4.3.1 gedit-debugsource-40.1-150400.4.3.1 gedit-devel-40.1-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): gedit-lang-40.1-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-gedit-40.1-150400.4.3.1 References: https://bugzilla.suse.com/1198312 From sle-updates at lists.suse.com Wed Aug 10 07:17:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 09:17:10 +0200 (CEST) Subject: SUSE-RU-2022:2735-1: moderate: Recommended update for tar Message-ID: <20220810071710.0A1C0FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2735-1 Rating: moderate References: #1200657 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2735=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2735=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2735=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2735=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2735=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2735=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.15.1 tar-debuginfo-1.34-150000.3.15.1 tar-debugsource-1.34-150000.3.15.1 tar-rmt-1.34-150000.3.15.1 tar-rmt-debuginfo-1.34-150000.3.15.1 tar-tests-1.34-150000.3.15.1 tar-tests-debuginfo-1.34-150000.3.15.1 - openSUSE Leap 15.4 (noarch): tar-backup-scripts-1.34-150000.3.15.1 tar-doc-1.34-150000.3.15.1 tar-lang-1.34-150000.3.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.15.1 tar-debuginfo-1.34-150000.3.15.1 tar-debugsource-1.34-150000.3.15.1 tar-rmt-1.34-150000.3.15.1 tar-rmt-debuginfo-1.34-150000.3.15.1 tar-tests-1.34-150000.3.15.1 tar-tests-debuginfo-1.34-150000.3.15.1 - openSUSE Leap 15.3 (noarch): tar-backup-scripts-1.34-150000.3.15.1 tar-doc-1.34-150000.3.15.1 tar-lang-1.34-150000.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.15.1 tar-debuginfo-1.34-150000.3.15.1 tar-debugsource-1.34-150000.3.15.1 tar-rmt-1.34-150000.3.15.1 tar-rmt-debuginfo-1.34-150000.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): tar-lang-1.34-150000.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.15.1 tar-debuginfo-1.34-150000.3.15.1 tar-debugsource-1.34-150000.3.15.1 tar-rmt-1.34-150000.3.15.1 tar-rmt-debuginfo-1.34-150000.3.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tar-lang-1.34-150000.3.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): tar-1.34-150000.3.15.1 tar-debuginfo-1.34-150000.3.15.1 tar-debugsource-1.34-150000.3.15.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): tar-1.34-150000.3.15.1 tar-debuginfo-1.34-150000.3.15.1 tar-debugsource-1.34-150000.3.15.1 References: https://bugzilla.suse.com/1200657 From sle-updates at lists.suse.com Wed Aug 10 07:17:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 09:17:45 +0200 (CEST) Subject: SUSE-RU-2022:2734-1: moderate: Recommended update for SAPHanaSR Message-ID: <20220810071745.6D4BAFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for SAPHanaSR ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2734-1 Rating: moderate References: #1198780 #1198897 SLE-16347 SLE-18613 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes and contains two features can now be installed. Description: This update for SAPHanaSR fixes the following issues: - Fix HANA_CALL function to support MCOS environments again (bsc#1198780) - Fix SAPHanaSR-replay-archive to handle hb_report archives again (bsc#1198897) - Add HANA_CALL_TIMEOUT parameter back to the resource agents and read the setting from the cluster configuration, if available. Defaults to '60' - Add new HA/DR provider hook susTkOver (jsc#SLE-16347) - Add new hook script for SAP HANA System Replication Scale-Up Cost Optimized Scenario (jsc#SLE-18613) - Add a new and optional instance parameter 'REMOVE_SAP_SOCKETS' (defaults to 'true'). Now you can control, if the RA should remove the unix domain sockets related to sapstartsrv before (re-)start `sapstartsrv` or if it should try to adjust the permissions and ownership of these files instead Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-2734=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2734=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): SAPHanaSR-0.160.1-3.20.1 SAPHanaSR-doc-0.160.1-3.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): SAPHanaSR-0.160.1-3.20.1 SAPHanaSR-doc-0.160.1-3.20.1 References: https://bugzilla.suse.com/1198780 https://bugzilla.suse.com/1198897 From sle-updates at lists.suse.com Wed Aug 10 07:18:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 09:18:24 +0200 (CEST) Subject: SUSE-FU-2022:2733-1: moderate: Feature update for which Message-ID: <20220810071824.4A9D6FF0F@maintenance.suse.de> SUSE Feature Update: Feature update for which ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2733-1 Rating: moderate References: #1082318 SLE-24667 SLE-24668 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one feature fix and contains two features can now be installed. Description: This feature update for which fixes the following issues: Update which to version 2.21 (jsc#SLE-24668, jsc#SLE-24667): - Upgraded code from bash to version 4.3 (now uses eaccess). - Fixed a bug related to getgroups / sysconfig that caused Which not to see more than 64 groups for a single user - Build system maintenance - Package license file correctly in the RPM (bsc#1082318) - Update project and source URL to GNU project - Correct usage of info scriplets Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2733=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): which-2.21-1.8.1 which-debuginfo-2.21-1.8.1 which-debugsource-2.21-1.8.1 References: https://bugzilla.suse.com/1082318 From sle-updates at lists.suse.com Wed Aug 10 07:19:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 09:19:01 +0200 (CEST) Subject: SUSE-RU-2022:2736-1: moderate: Recommended update for libqt5-qttools Message-ID: <20220810071901.D3D58FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqt5-qttools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2736-1 Rating: moderate References: #1200152 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libqt5-qttools fixes the following issues: - Increase the disk constraint to 4.5G (bsc#1200152) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2736=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2736=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2736=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libQt5Designer5-5.15.2+kde17-150400.3.3.1 libQt5Designer5-debuginfo-5.15.2+kde17-150400.3.3.1 libQt5DesignerComponents5-5.15.2+kde17-150400.3.3.1 libQt5DesignerComponents5-debuginfo-5.15.2+kde17-150400.3.3.1 libQt5Help5-5.15.2+kde17-150400.3.3.1 libQt5Help5-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-linguist-5.15.2+kde17-150400.3.3.1 libqt5-linguist-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-linguist-devel-5.15.2+kde17-150400.3.3.1 libqt5-qdbus-5.15.2+kde17-150400.3.3.1 libqt5-qdbus-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qtpaths-5.15.2+kde17-150400.3.3.1 libqt5-qtpaths-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-5.15.2+kde17-150400.3.3.1 libqt5-qttools-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-debugsource-5.15.2+kde17-150400.3.3.1 libqt5-qttools-devel-5.15.2+kde17-150400.3.3.1 libqt5-qttools-doc-5.15.2+kde17-150400.3.3.1 libqt5-qttools-doc-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-example-plugins-5.15.2+kde17-150400.3.3.1 libqt5-qttools-example-plugins-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-examples-5.15.2+kde17-150400.3.3.1 libqt5-qttools-examples-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-qhelpgenerator-5.15.2+kde17-150400.3.3.1 libqt5-qttools-qhelpgenerator-debuginfo-5.15.2+kde17-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): libQt5Designer5-32bit-5.15.2+kde17-150400.3.3.1 libQt5Designer5-32bit-debuginfo-5.15.2+kde17-150400.3.3.1 libQt5DesignerComponents5-32bit-5.15.2+kde17-150400.3.3.1 libQt5DesignerComponents5-32bit-debuginfo-5.15.2+kde17-150400.3.3.1 libQt5Help5-32bit-5.15.2+kde17-150400.3.3.1 libQt5Help5-32bit-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-32bit-5.15.2+kde17-150400.3.3.1 libqt5-qttools-32bit-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-devel-32bit-5.15.2+kde17-150400.3.3.1 - openSUSE Leap 15.4 (noarch): libqt5-qttools-private-headers-devel-5.15.2+kde17-150400.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libqt5-qdbus-5.15.2+kde17-150400.3.3.1 libqt5-qdbus-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qtpaths-5.15.2+kde17-150400.3.3.1 libqt5-qtpaths-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-5.15.2+kde17-150400.3.3.1 libqt5-qttools-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-debugsource-5.15.2+kde17-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libQt5Designer5-5.15.2+kde17-150400.3.3.1 libQt5Designer5-debuginfo-5.15.2+kde17-150400.3.3.1 libQt5DesignerComponents5-5.15.2+kde17-150400.3.3.1 libQt5DesignerComponents5-debuginfo-5.15.2+kde17-150400.3.3.1 libQt5Help5-5.15.2+kde17-150400.3.3.1 libQt5Help5-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-linguist-5.15.2+kde17-150400.3.3.1 libqt5-linguist-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-linguist-devel-5.15.2+kde17-150400.3.3.1 libqt5-qttools-debuginfo-5.15.2+kde17-150400.3.3.1 libqt5-qttools-debugsource-5.15.2+kde17-150400.3.3.1 libqt5-qttools-devel-5.15.2+kde17-150400.3.3.1 libqt5-qttools-qhelpgenerator-5.15.2+kde17-150400.3.3.1 libqt5-qttools-qhelpgenerator-debuginfo-5.15.2+kde17-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): libqt5-qttools-private-headers-devel-5.15.2+kde17-150400.3.3.1 References: https://bugzilla.suse.com/1200152 From sle-updates at lists.suse.com Wed Aug 10 07:23:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 09:23:56 +0200 (CEST) Subject: SUSE-CU-2022:1782-1: Security update of suse/sles12sp5 Message-ID: <20220810072356.569C4FF0D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1782-1 Container Tags : suse/sles12sp5:6.5.359 , suse/sles12sp5:latest Container Release : 6.5.359 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2718-1 Released: Tue Aug 9 12:54:54 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses5-5.9-78.1 updated - libncurses6-5.9-78.1 updated - ncurses-utils-5.9-78.1 updated - terminfo-base-5.9-78.1 updated From sle-updates at lists.suse.com Wed Aug 10 07:44:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 09:44:21 +0200 (CEST) Subject: SUSE-CU-2022:1783-1: Security update of suse/sle15 Message-ID: <20220810074421.1ECC0FF0D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1783-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.651 Container Release : 6.2.651 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated From sle-updates at lists.suse.com Wed Aug 10 08:00:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:00:33 +0200 (CEST) Subject: SUSE-CU-2022:1784-1: Security update of suse/sle15 Message-ID: <20220810080033.54C0EFF0D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1784-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.171 Container Release : 9.5.171 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated From sle-updates at lists.suse.com Wed Aug 10 08:03:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:03:11 +0200 (CEST) Subject: SUSE-CU-2022:1785-1: Security update of bci/bci-minimal Message-ID: <20220810080311.9134FFF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1785-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.29.33 Container Release : 29.33 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - container:micro-image-15.3.0-19.15 updated From sle-updates at lists.suse.com Wed Aug 10 08:03:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:03:59 +0200 (CEST) Subject: SUSE-CU-2022:1786-1: Security update of suse/389-ds Message-ID: <20220810080359.A2681FF0D@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1786-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-15.1 , suse/389-ds:latest Container Release : 15.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:04:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:04:49 +0200 (CEST) Subject: SUSE-CU-2022:1787-1: Security update of bci/dotnet-aspnet Message-ID: <20220810080449.87597FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1787-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-38.3 , bci/dotnet-aspnet:3.1.27 , bci/dotnet-aspnet:3.1.27-38.3 Container Release : 38.3 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:05:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:05:36 +0200 (CEST) Subject: SUSE-CU-2022:1789-1: Security update of bci/dotnet-aspnet Message-ID: <20220810080536.AD2E1FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1789-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-25.3 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-25.3 Container Release : 25.3 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:06:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:06:27 +0200 (CEST) Subject: SUSE-CU-2022:1791-1: Security update of bci/dotnet-aspnet Message-ID: <20220810080627.A1979FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1791-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-19.21 , bci/dotnet-aspnet:6.0.7 , bci/dotnet-aspnet:6.0.7-19.21 , bci/dotnet-aspnet:latest Container Release : 19.21 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:08:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:08:16 +0200 (CEST) Subject: SUSE-CU-2022:1794-1: Security update of bci/dotnet-sdk Message-ID: <20220810080816.02C78FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1794-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-21.19 , bci/dotnet-sdk:6.0.7 , bci/dotnet-sdk:6.0.7-21.19 , bci/dotnet-sdk:latest Container Release : 21.19 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:09:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:09:16 +0200 (CEST) Subject: SUSE-CU-2022:1796-1: Security update of bci/dotnet-runtime Message-ID: <20220810080916.43C3BFF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1796-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-45.3 , bci/dotnet-runtime:3.1.27 , bci/dotnet-runtime:3.1.27-45.3 Container Release : 45.3 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:10:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:10:02 +0200 (CEST) Subject: SUSE-CU-2022:1798-1: Security update of bci/dotnet-runtime Message-ID: <20220810081002.92152FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1798-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-32.3 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-32.3 Container Release : 32.3 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:10:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:10:43 +0200 (CEST) Subject: SUSE-CU-2022:1799-1: Security update of bci/dotnet-runtime Message-ID: <20220810081043.47105FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1799-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-18.19 , bci/dotnet-runtime:6.0.7 , bci/dotnet-runtime:6.0.7-18.19 , bci/dotnet-runtime:latest Container Release : 18.19 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:11:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:11:50 +0200 (CEST) Subject: SUSE-CU-2022:1800-1: Security update of bci/golang Message-ID: <20220810081150.563B9FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1800-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.1 Container Release : 30.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:13:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:13:01 +0200 (CEST) Subject: SUSE-CU-2022:1801-1: Security update of bci/golang Message-ID: <20220810081301.8C4FBFF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1801-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.1 Container Release : 29.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:13:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:13:52 +0200 (CEST) Subject: SUSE-CU-2022:1802-1: Security update of bci/golang Message-ID: <20220810081352.A8738FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1802-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-15.1 , bci/golang:latest Container Release : 15.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:14:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:14:33 +0200 (CEST) Subject: SUSE-CU-2022:1803-1: Security update of bci/bci-init Message-ID: <20220810081433.D2519FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1803-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.20.1 , bci/bci-init:latest Container Release : 20.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:14:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:14:43 +0200 (CEST) Subject: SUSE-CU-2022:1804-1: Security update of bci/bci-minimal Message-ID: <20220810081443.5A960FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1804-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.13.12 , bci/bci-minimal:latest Container Release : 13.12 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - container:micro-image-15.4.0-13.5 updated From sle-updates at lists.suse.com Wed Aug 10 08:15:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:15:19 +0200 (CEST) Subject: SUSE-CU-2022:1805-1: Security update of bci/nodejs Message-ID: <20220810081519.0B054FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1805-1 Container Tags : bci/node:16 , bci/node:16-9.1 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-9.1 , bci/nodejs:latest Container Release : 9.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:16:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:16:53 +0200 (CEST) Subject: SUSE-CU-2022:1806-1: Security update of bci/openjdk-devel Message-ID: <20220810081653.D82F4FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1806-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-34.3 , bci/openjdk-devel:latest Container Release : 34.3 Severity : important Type : security References : 1198627 1201684 1201692 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-29458 CVE-2022-34169 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2707-1 Released: Tue Aug 9 10:18:18 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1201684,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-34169 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - java-11-openjdk-headless-11.0.16.0-150000.3.83.1 updated - java-11-openjdk-11.0.16.0-150000.3.83.1 updated - java-11-openjdk-devel-11.0.16.0-150000.3.83.1 updated - container:bci-openjdk-11-15.4-30.1 updated From sle-updates at lists.suse.com Wed Aug 10 08:18:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:18:06 +0200 (CEST) Subject: SUSE-CU-2022:1807-1: Security update of bci/openjdk Message-ID: <20220810081806.B23DEFF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1807-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-30.1 , bci/openjdk:latest Container Release : 30.1 Severity : important Type : security References : 1198627 1201684 1201692 1201694 CVE-2022-21540 CVE-2022-21541 CVE-2022-29458 CVE-2022-34169 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2707-1 Released: Tue Aug 9 10:18:18 2022 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1201684,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-34169 This update for java-11-openjdk fixes the following issues: Update to upstream tag jdk-11.0.16+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - java-11-openjdk-headless-11.0.16.0-150000.3.83.1 updated - java-11-openjdk-11.0.16.0-150000.3.83.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 08:18:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 10:18:43 +0200 (CEST) Subject: SUSE-CU-2022:1808-1: Security update of bci/python Message-ID: <20220810081843.9C9F6FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1808-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.1 , bci/python:latest Container Release : 5.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 10:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 12:16:39 +0200 (CEST) Subject: SUSE-SU-2022:2738-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) Message-ID: <20220810101639.F1703FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2738-1 Rating: important References: #1200605 #1201080 #1201222 #1201517 #1201656 #1201657 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVE-2022-34918 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_40 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2738=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_40-default-13-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-13-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Wed Aug 10 13:16:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 15:16:51 +0200 (CEST) Subject: SUSE-SU-2022:2741-1: important: Security update for the Linux Kernel Message-ID: <20220810131651.4636EFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2741-1 Rating: important References: #1178134 #1198829 #1199364 #1199647 #1199665 #1199670 #1200521 #1200598 #1200644 #1200651 #1200762 #1200910 #1201196 #1201206 #1201251 #1201381 #1201429 #1201458 #1201635 #1201636 #1201644 #1201664 #1201672 #1201673 #1201676 #1201846 #1201930 #1201940 #1201954 #1201956 #1201958 SLE-24559 Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1116 CVE-2022-1462 CVE-2022-20166 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-29581 CVE-2022-32250 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946 CVSS scores: CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 16 vulnerabilities, contains one feature and has 15 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-29581: Fixed improper update of reference count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs that could lead to a use-after-free (bnc#1201429). - CVE-2021-33655: Fixed an out of bounds write by ioctl cmd FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed an out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2022-21505: Fixed a kernel lockdown bypass via IMA policy (bsc#1201458). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). - CVE-2022-1116: Fixed an integer overflow vulnerability in io_uring which allowed a local attacker to escalate privileges to root (bnc#1199647).- CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: enable BPF type format (BTF) (jsc#SLE-24559). - nfs: avoid NULL pointer dereference when there is unflushed data (bsc#1201196). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - nvme: consider also host_iface when checking ip options (bsc#1199670). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2741=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2741=1 Package List: - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.75.1 kernel-source-azure-5.3.18-150300.38.75.1 - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.75.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.75.1 dlm-kmp-azure-5.3.18-150300.38.75.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.75.1 gfs2-kmp-azure-5.3.18-150300.38.75.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1 kernel-azure-5.3.18-150300.38.75.1 kernel-azure-debuginfo-5.3.18-150300.38.75.1 kernel-azure-debugsource-5.3.18-150300.38.75.1 kernel-azure-devel-5.3.18-150300.38.75.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1 kernel-azure-extra-5.3.18-150300.38.75.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.75.1 kernel-azure-livepatch-devel-5.3.18-150300.38.75.1 kernel-azure-optional-5.3.18-150300.38.75.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.75.1 kernel-syms-azure-5.3.18-150300.38.75.1 kselftests-kmp-azure-5.3.18-150300.38.75.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.75.1 ocfs2-kmp-azure-5.3.18-150300.38.75.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.75.1 reiserfs-kmp-azure-5.3.18-150300.38.75.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.75.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.75.1 kernel-azure-debuginfo-5.3.18-150300.38.75.1 kernel-azure-debugsource-5.3.18-150300.38.75.1 kernel-azure-devel-5.3.18-150300.38.75.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.75.1 kernel-syms-azure-5.3.18-150300.38.75.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.75.1 kernel-source-azure-5.3.18-150300.38.75.1 References: https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-21505.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-29581.html https://www.suse.com/security/cve/CVE-2022-32250.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1199364 https://bugzilla.suse.com/1199647 https://bugzilla.suse.com/1199665 https://bugzilla.suse.com/1199670 https://bugzilla.suse.com/1200521 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200644 https://bugzilla.suse.com/1200651 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201196 https://bugzilla.suse.com/1201206 https://bugzilla.suse.com/1201251 https://bugzilla.suse.com/1201381 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201458 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201664 https://bugzilla.suse.com/1201672 https://bugzilla.suse.com/1201673 https://bugzilla.suse.com/1201676 https://bugzilla.suse.com/1201846 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 https://bugzilla.suse.com/1201954 https://bugzilla.suse.com/1201956 https://bugzilla.suse.com/1201958 From sle-updates at lists.suse.com Wed Aug 10 14:00:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:00:41 +0200 (CEST) Subject: SUSE-CU-2022:1809-1: Security update of suse/sles12sp4 Message-ID: <20220810140041.E8FEAFF0D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1809-1 Container Tags : suse/sles12sp4:26.487 , suse/sles12sp4:latest Container Release : 26.487 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2718-1 Released: Tue Aug 9 12:54:54 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - base-container-licenses-3.0-1.306 updated - container-suseconnect-2.0.0-1.194 updated - libncurses5-5.9-78.1 updated - ncurses-utils-5.9-78.1 updated - terminfo-base-5.9-78.1 updated From sle-updates at lists.suse.com Wed Aug 10 14:06:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:06:46 +0200 (CEST) Subject: SUSE-CU-2022:1810-1: Security update of bci/bci-init Message-ID: <20220810140646.ACB4AFF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1810-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.17.45 Container Release : 17.45 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-17.20.12 updated From sle-updates at lists.suse.com Wed Aug 10 14:13:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:13:46 +0200 (CEST) Subject: SUSE-CU-2022:1812-1: Security update of bci/python Message-ID: <20220810141346.54265FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1812-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.55 Container Release : 18.55 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-17.20.12 updated From sle-updates at lists.suse.com Wed Aug 10 14:23:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:23:55 +0200 (CEST) Subject: SUSE-CU-2022:1813-1: Security update of suse/sle15 Message-ID: <20220810142355.96CCEFF0D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1813-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.12 , suse/sle15:15.3 , suse/sle15:15.3.17.20.12 Container Release : 17.20.12 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated From sle-updates at lists.suse.com Wed Aug 10 14:25:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:25:39 +0200 (CEST) Subject: SUSE-CU-2022:1815-1: Security update of bci/dotnet-sdk Message-ID: <20220810142539.D6429FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1815-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-33.4 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-33.4 Container Release : 33.4 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 14:26:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:26:25 +0200 (CEST) Subject: SUSE-CU-2022:1816-1: Security update of bci/nodejs Message-ID: <20220810142625.B0177FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1816-1 Container Tags : bci/node:14 , bci/node:14-33.2 , bci/nodejs:14 , bci/nodejs:14-33.2 Container Release : 33.2 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 14:28:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:28:47 +0200 (CEST) Subject: SUSE-CU-2022:1818-1: Security update of suse/pcp Message-ID: <20220810142847.8663DFF0D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1818-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-9.2 , suse/pcp:latest Container Release : 9.2 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:bci-bci-init-15.4-15.4-20.1 updated From sle-updates at lists.suse.com Wed Aug 10 14:29:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:29:24 +0200 (CEST) Subject: SUSE-CU-2022:1808-1: Security update of bci/python Message-ID: <20220810142924.D7472FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1808-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.1 , bci/python:latest Container Release : 5.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 14:29:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:29:59 +0200 (CEST) Subject: SUSE-CU-2022:1819-1: Security update of bci/python Message-ID: <20220810142959.DB297FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1819-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.1 Container Release : 28.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 14:31:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:31:27 +0200 (CEST) Subject: SUSE-CU-2022:1820-1: Security update of bci/ruby Message-ID: <20220810143127.198B5FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1820-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-29.1 , bci/ruby:latest Container Release : 29.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 14:31:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:31:53 +0200 (CEST) Subject: SUSE-CU-2022:1821-1: Security update of bci/rust Message-ID: <20220810143153.21309FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1821-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.18 Container Release : 9.18 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 14:32:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:32:13 +0200 (CEST) Subject: SUSE-CU-2022:1822-1: Security update of bci/rust Message-ID: <20220810143213.1B692FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1822-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-5.2 Container Release : 5.2 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Wed Aug 10 14:32:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 16:32:45 +0200 (CEST) Subject: SUSE-CU-2022:1823-1: Security update of suse/sle15 Message-ID: <20220810143245.CEC50FF0D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1823-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.10 , suse/sle15:15.4 , suse/sle15:15.4.27.11.10 Container Release : 27.11.10 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated From sle-updates at lists.suse.com Wed Aug 10 16:16:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:16:29 +0200 (CEST) Subject: SUSE-SU-2022:2765-1: important: Security update for rubygem-tzinfo Message-ID: <20220810161629.C78D9FF0F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-tzinfo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2765-1 Rating: important References: #1201835 Cross-References: CVE-2022-31163 CVSS scores: CVE-2022-31163 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31163 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-tzinfo fixes the following issues: - CVE-2022-31163: Fixed relative path traversal vulnerability that allows TZInfo::Timezone.get to load arbitrary files (bsc#1201835). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2765=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2765=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-tzinfo-1.2.2-3.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-tzinfo-1.2.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-31163.html https://bugzilla.suse.com/1201835 From sle-updates at lists.suse.com Wed Aug 10 16:17:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:17:06 +0200 (CEST) Subject: SUSE-SU-2022:2752-1: moderate: Security update for python-codecov Message-ID: <20220810161706.8DBB0FF0F@maintenance.suse.de> SUSE Security Update: Security update for python-codecov ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2752-1 Rating: moderate References: #1201494 Cross-References: CVE-2019-10800 CVSS scores: CVE-2019-10800 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-codecov fixes the following issues: - CVE-2019-10800: Fixed sanitization of gcov arguments before being being provided to the popen method (bsc#1201494). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2752=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2752=1 Package List: - openSUSE Leap 15.4 (noarch): python3-codecov-2.0.15-150100.3.3.1 - openSUSE Leap 15.3 (noarch): python2-codecov-2.0.15-150100.3.3.1 python3-codecov-2.0.15-150100.3.3.1 References: https://www.suse.com/security/cve/CVE-2019-10800.html https://bugzilla.suse.com/1201494 From sle-updates at lists.suse.com Wed Aug 10 16:17:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:17:42 +0200 (CEST) Subject: SUSE-RU-2022:2757-1: moderate: Recommended update for obs-service-source_validator Message-ID: <20220810161742.A9F99FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for obs-service-source_validator ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2757-1 Rating: moderate References: #1202132 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for obs-service-source_validator fixes the following issues: - Update to version 0.25 (bsc#1202132) * Reject empty or ill-formatted patches * Use ERROR for prefixing errors * Split out GPG validation into own check and improve it * Allow mode=manual services * spec_query: add elif support * Also read package in _multibuild * display diff if previous file is present in 20-files-present-and-referenced * Use xmllint for listing multibuild flavors * Don't break if there is no *.spec * Allow for multibuild specfiles with empty default flavour * No need to compress buildtime generated tarballs * Fix running the checks on a directory with whitespace in its path * spec_query: print line numbers on %if/%else/%endif error * Do not complain about debian.*.triggers * No need to compress buildtime generated tarballs * One .changes file per package is enough * allow _multibuild to handle multiple specs * The --buildflavor option was missing from the help output * 70-baselibs: do not run subshells * allow -MACRO ending for changes file on multibuild setups * skip source files checks for product definition directories * Add missing dependency to the debian/control file * /usr/include/X11 is still a valid path. * make path for helpers variable * fix for #bsc985980 * check for LICENSE or COPYING files marked as %doc * 70-baselibs: call spec_query with --no-conditionals so that checking package tevent sees the python3-tevent package for the baselibs checker * Build-depend on obs-build to fix Debian build * move multibuild or multi spec in front * add glibc testcase using multibuild * support _multibuild files when validating sources * do not use "--no-conditionals" for baselibs check Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2757=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2757=1 Package List: - openSUSE Leap 15.4 (noarch): obs-service-source_validator-0.25-150000.3.3.1 - openSUSE Leap 15.3 (noarch): obs-service-source_validator-0.25-150000.3.3.1 References: https://bugzilla.suse.com/1202132 From sle-updates at lists.suse.com Wed Aug 10 16:18:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:18:18 +0200 (CEST) Subject: SUSE-SU-2022:2750-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15) Message-ID: <20220810161818.47DF7FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2750-1 Rating: important References: #1200605 #1201080 #1201655 Cross-References: CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVSS scores: CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150000_150_89 fixes several issues. The following security issues were fixed: - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2742=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2750=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_89-default-6-150000.2.2 kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-6-150000.2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_116-default-6-2.2 References: https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201655 From sle-updates at lists.suse.com Wed Aug 10 16:19:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:19:11 +0200 (CEST) Subject: SUSE-RU-2022:2749-1: moderate: Recommended update for go1.19 Message-ID: <20220810161911.CF3FAFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.19 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2749-1 Rating: moderate References: #1200441 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.19 fixes the following issues: go1.19 (released 2022-08-02) is a major release of Go. go1.19.x minor releases will be provided through August 2023. https://github.com/golang/go/wiki/Go-Release-Cycle go1.19 arrives five months after go1.18. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (Refs bsc#1200441 go1.19 release tracking) * See release notes https://golang.org/doc/go1.19. Excerpts relevant to OBS environment and for SUSE/openSUSE follow: * There is only one small change to the language, a very small correction to the scope of type parameters in method declarations. Existing programs are unaffected. * The Go memory model has been revised to align Go with the memory model used by C, C++, Java, JavaScript, Rust, and Swift. Go only provides sequentially consistent atomics, not any of the more relaxed forms found in other languages. Along with the memory model update, Go 1.19 introduces new types in the sync/atomic package that make it easier to use atomic values, such as atomic.Int64 and atomic.Pointer[T]. * go1.19 adds support for the Loongson 64-bit architecture LoongArch on Linux (GOOS=linux, GOARCH=loong64). The ABI implemented is LP64D. Minimum kernel version supported is 5.19. * The riscv64 port now supports passing function arguments and result using registers. Benchmarking shows typical performance improvements of 10% or more on riscv64. * Go 1.19 adds support for links, lists, and clearer headings in doc comments. As part of this change, gofmt now reformats doc comments to make their rendered meaning clearer. See "Go Doc Comments" for syntax details and descriptions of common mistakes now highlighted by gofmt. As another part of this change, the new package go/doc/comment provides parsing and reformatting of doc comments as well as support for rendering them to HTML, Markdown, and text. * The new build constraint "unix" is now recognized in //go:build lines. The constraint is satisfied if the target operating system, also known as GOOS, is a Unix or Unix-like system. For the 1.19 release it is satisfied if GOOS is one of aix, android, darwin, dragonfly, freebsd, hurd, illumos, ios, linux, netbsd, openbsd, or solaris. In future releases the unix constraint may match additional newly supported operating systems. * The -trimpath flag, if set, is now included in the build settings stamped into Go binaries by go build, and can be examined using go version -m or debug.ReadBuildInfo. * go generate now sets the GOROOT environment variable explicitly in the generator's environment, so that generators can locate the correct GOROOT even if built with -trimpath. * go test and go generate now place GOROOT/bin at the beginning of the PATH used for the subprocess, so tests and generators that execute the go command will resolve it to same GOROOT. * go env now quotes entries that contain spaces in the CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS, CGO_LDFLAGS, and GOGCCFLAGS variables it reports. * go list -json now accepts a comma-separated list of JSON fields to populate. If a list is specified, the JSON output will include only those fields, and go list may avoid work to compute fields that are not included. In some cases, this may suppress errors that would otherwise be reported. * The go command now caches information necessary to load some modules, which should result in a speed-up of some go list invocations. * The vet checker "errorsas" now reports when errors.As is called with a second argument of type *error, a common mistake. * The runtime now includes support for a soft memory limit. This memory limit includes the Go heap and all other memory managed by the runtime, and excludes external memory sources such as mappings of the binary itself, memory managed in other languages, and memory held by the operating system on behalf of the Go program. This limit may be managed via runtime/debug.SetMemoryLimit or the equivalent GOMEMLIMIT environment variable. The limit works in conjunction with runtime/debug.SetGCPercent / GOGC, and will be respected even if GOGC=off, allowing Go programs to always make maximal use of their memory limit, improving resource efficiency in some cases. * In order to limit the effects of GC thrashing when the program's live heap size approaches the soft memory limit, the Go runtime also attempts to limit total GC CPU utilization to 50%, excluding idle time, choosing to use more memory over preventing application progress. In practice, we expect this limit to only play a role in exceptional cases, and the new runtime metric /gc/limiter/last-enabled:gc-cycle reports when this last occurred. * The runtime now schedules many fewer GC worker goroutines on idle operating system threads when the application is idle enough to force a periodic GC cycle. * The runtime will now allocate initial goroutine stacks based on the historic average stack usage of goroutines. This avoids some of the early stack growth and copying needed in the average case in exchange for at most 2x wasted space on below-average goroutines. * On Unix operating systems, Go programs that import package os now automatically increase the open file limit (RLIMIT_NOFILE) to the maximum allowed value; that is, they change the soft limit to match the hard limit. This corrects artificially low limits set on some systems for compatibility with very old C programs using the select system call. Go programs are not helped by that limit, and instead even simple programs like gofmt often ran out of file descriptors on such systems when processing many files in parallel. One impact of this change is that Go programs that in turn execute very old C programs in child processes may run those programs with too high a limit. This can be corrected by setting the hard limit before invoking the Go program. * Unrecoverable fatal errors (such as concurrent map writes, or unlock of unlocked mutexes) now print a simpler traceback excluding runtime metadata (equivalent to a fatal panic) unless GOTRACEBACK=system or crash. Runtime-internal fatal error tracebacks always include full metadata regardless of the value of GOTRACEBACK * Support for debugger-injected function calls has been added on ARM64, enabling users to call functions from their binary in an interactive debugging session when using a debugger that is updated to make use of this functionality. * The address sanitizer support added in Go 1.18 now handles function arguments and global variables more precisely. * The compiler now uses a jump table to implement large integer and string switch statements. Performance improvements for the switch statement vary but can be on the order of 20% faster. (GOARCH=amd64 and GOARCH=arm64 only) * The Go compiler now requires the -p=importpath flag to build a linkable object file. This is already supplied by the go command and by Bazel. Any other build systems that invoke the Go compiler directly will need to make sure they pass this flag as well. * The Go compiler no longer accepts the -importmap flag. Build systems that invoke the Go compiler directly must use the -importcfg flag instead. * Like the compiler, the assembler now requires the -p=importpath flag to build a linkable object file. This is already supplied by the go command. Any other build systems that invoke the Go assembler directly will need to make sure they pass this flag as well. * Command and LookPath no longer allow results from a PATH search to be found relative to the current directory. This removes a common source of security problems but may also break existing programs that depend on using, say, exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in the current directory. See the os/exec package documentation for information about how best to update such programs. * On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath environment variable, making it possible to disable the default implicit search of ???.??? in PATH lookups on Windows systems. * crypto/elliptic: Operating on invalid curve points (those for which the IsOnCurve method returns false, and which are never returned by Unmarshal or by a Curve method operating on a valid point) has always been undefined behavior and can lead to key recovery attacks. If an invalid point is supplied to Marshal, MarshalCompressed, Add, Double, or ScalarMult, they will now panic. ScalarBaseMult operations on the P224, P384, and P521 curves are now up to three times faster, leading to similar speedups in some ECDSA operations. The generic (not platform optimized) P256 implementation was replaced with one derived from a formally verified model; this might lead to significant slowdowns on 32-bit platforms. * crypto/rand: Read no longer buffers random data obtained from the operating system between calls. Applications that perform many small reads at high frequency might choose to wrap Reader in a bufio.Reader for performance reasons, taking care to use io.ReadFull to ensure no partial reads occur. The Prime implementation was changed to use only rejection sampling, which removes a bias when generating small primes in non-cryptographic contexts, removes one possible minor timing leak, and better aligns the behavior with BoringSSL, all while simplifying the implementation. The change does produce different outputs for a given random source stream compared to the previous implementation, which can break tests written expecting specific results from specific deterministic random sources. To help prevent such problems in the future, the implementation is now intentionally non-deterministic with respect to the input stream. * crypto/tls: The GODEBUG option tls10default=1 has been removed. It is still possible to enable TLS 1.0 client-side by setting Config.MinVersion. The TLS server and client now reject duplicate extensions in TLS handshakes, as required by RFC 5246, Section 7.4.1.4 and RFC 8446, Section 4.2. * crypto/x509: CreateCertificate no longer supports creating certificates with SignatureAlgorithm set to MD5WithRSA. CreateCertificate no longer accepts negative serial numbers. CreateCertificate will not emit an empty SEQUENCE anymore when the produced certificate has no extensions. ParseCertificate and ParseCertificateRequest now reject certificates and CSRs which contain duplicate extensions. The new CertPool.Clone and CertPool.Equal methods allow cloning a CertPool and checking the equivalence of two CertPools respectively. The new function ParseRevocationList provides a faster, safer to use CRL parser which returns a RevocationList. Parsing a CRL also populates the new RevocationList fields RawIssuer, Signature, AuthorityKeyId, and Extensions, which are ignored by CreateRevocationList. The new method RevocationList.CheckSignatureFrom checks that the signature on a CRL is a valid signature from a Certificate. The ParseCRL and ParseDERCRL functions are now deprecated in favor of ParseRevocationList. The Certificate.CheckCRLSignature method is deprecated in favor of RevocationList.CheckSignatureFrom. The path builder of Certificate.Verify was overhauled and should now produce better chains and/or be more efficient in complicated scenarios. Name constraints are now also enforced on non-leaf certificates. * crypto/x509/pkix: The types CertificateList and TBSCertificateList have been deprecated. The new crypto/x509 CRL functionality should be used instead. * debug/elf: The new EM_LOONGARCH and R_LARCH_* constants support the loong64 port. * debug/pe: The new File.COFFSymbolReadSectionDefAux method, which returns a COFFSymbolAuxFormat5, provides access to COMDAT information in PE file sections. These are supported by new IMAGE_COMDAT_* and IMAGE_SCN_* constants. * runtime: The GOROOT function now returns the empty string (instead of "go") when the binary was built with the -trimpath flag set and the GOROOT variable is not set in the process environment. * runtime/metrics: The new /sched/gomaxprocs:threads metric reports the current runtime.GOMAXPROCS value. The new /cgo/go-to-c-calls:calls metric reports the total number of calls made from Go to C. This metric is identical to the runtime.NumCgoCall function. The new /gc/limiter/last-enabled:gc-cycle metric reports the last GC cycle when the GC CPU limiter was enabled. See the runtime notes for details about the GC CPU limiter. * runtime/pprof: Stop-the-world pause times have been significantly reduced when collecting goroutine profiles, reducing the overall latency impact to the application. MaxRSS is now reported in heap profiles for all Unix operating systems (it was previously only reported for GOOS=android, darwin, ios, and linux). * runtime/race: The race detector has been upgraded to use thread sanitizer version v3 on all supported platforms except windows/amd64 and openbsd/amd64, which remain on v2. Compared to v2, it is now typically 1.5x to 2x faster, uses half as much memory, and it supports an unlimited number of goroutines. On Linux, the race detector now requires at least glibc version 2.17 and GNU binutils 2.26. The race detector is now supported on GOARCH=s390x. Race detector support for openbsd/amd64 has been removed from thread sanitizer upstream, so it is unlikely to ever be updated from v2. * runtime/trace: When tracing and the CPU profiler are enabled simultaneously, the execution trace includes CPU profile samples as instantaneous events. * syscall: On PowerPC (GOARCH=ppc64, ppc64le), Syscall, Syscall6, RawSyscall, and RawSyscall6 now always return 0 for return value r2 instead of an undefined value. On AIX and Solaris, Getrusage is now defined. - Trace viewer html and javascript files moved from misc/trace in previous versions to src/cmd/trace/static in go1.19. * Added files with mode 0644: /usr/share/go/1.19/src/cmd/trace/static /usr/share/go/1.19/src/cmd/trace/static/README.md /usr/share/go/1.19/src/cmd/trace/static/trace_viewer_full.html /usr/share/go/1.19/src/cmd/trace/static/webcomponents.min.js Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2749=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2749=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2749=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2749=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.19-1.19-150000.1.3.1 go1.19-doc-1.19-150000.1.3.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.19-race-1.19-150000.1.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.19-1.19-150000.1.3.1 go1.19-doc-1.19-150000.1.3.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.19-race-1.19-150000.1.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.19-1.19-150000.1.3.1 go1.19-doc-1.19-150000.1.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.19-race-1.19-150000.1.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.19-1.19-150000.1.3.1 go1.19-doc-1.19-150000.1.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.19-race-1.19-150000.1.3.1 References: https://bugzilla.suse.com/1200441 From sle-updates at lists.suse.com Wed Aug 10 16:19:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:19:49 +0200 (CEST) Subject: SUSE-SU-2022:2754-1: moderate: Security update for libnbd Message-ID: <20220810161949.841D1FF0F@maintenance.suse.de> SUSE Security Update: Security update for libnbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2754-1 Rating: moderate References: #1195636 Cross-References: CVE-2022-0485 CVSS scores: CVE-2022-0485 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libnbd fixes the following issues: - CVE-2022-0485: Fixed a missing error handling that may create corrupted destination image (bsc#1195636). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2754=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2754=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libnbd-1.12.4-150300.8.12.1 libnbd-debuginfo-1.12.4-150300.8.12.1 libnbd-debugsource-1.12.4-150300.8.12.1 libnbd-devel-1.12.4-150300.8.12.1 libnbd0-1.12.4-150300.8.12.1 libnbd0-debuginfo-1.12.4-150300.8.12.1 nbdfuse-1.12.4-150300.8.12.1 nbdfuse-debuginfo-1.12.4-150300.8.12.1 - openSUSE Leap 15.4 (noarch): libnbd-bash-completion-1.12.4-150300.8.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libnbd-1.12.4-150300.8.12.1 libnbd-debuginfo-1.12.4-150300.8.12.1 libnbd-debugsource-1.12.4-150300.8.12.1 libnbd-devel-1.12.4-150300.8.12.1 libnbd0-1.12.4-150300.8.12.1 libnbd0-debuginfo-1.12.4-150300.8.12.1 nbdfuse-1.12.4-150300.8.12.1 nbdfuse-debuginfo-1.12.4-150300.8.12.1 - openSUSE Leap 15.3 (noarch): libnbd-bash-completion-1.12.4-150300.8.12.1 References: https://www.suse.com/security/cve/CVE-2022-0485.html https://bugzilla.suse.com/1195636 From sle-updates at lists.suse.com Wed Aug 10 16:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:20:26 +0200 (CEST) Subject: SUSE-SU-2022:2762-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1) Message-ID: <20220810162026.53832FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2762-1 Rating: important References: #1200605 #1201080 Cross-References: CVE-2022-1679 CVE-2022-20141 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_114 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2739=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-2740=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2751=1 SUSE-SLE-Live-Patching-12-SP5-2022-2762=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_114-default-3-150100.2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_92-default-3-150000.2.1 kernel-livepatch-4_12_14-150000_150_92-default-debuginfo-3-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_121-default-4-2.2 kgraft-patch-4_12_14-122_124-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 From sle-updates at lists.suse.com Wed Aug 10 16:21:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:21:13 +0200 (CEST) Subject: SUSE-SU-2022:2759-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP3) Message-ID: <20220810162113.4F7CAFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2759-1 Rating: important References: #1200605 #1201080 #1201222 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-34918 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_68 fixes several issues. The following security issues were fixed: - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2759=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_68-default-5-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201222 From sle-updates at lists.suse.com Wed Aug 10 16:22:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:22:04 +0200 (CEST) Subject: SUSE-SU-2022:2748-1: important: Security update for MozillaThunderbird Message-ID: <20220810162204.6D5D5FF0F@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2748-1 Rating: important References: #1201758 Cross-References: CVE-2022-36318 CVE-2022-36319 CVSS scores: CVE-2022-36318 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-36319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.12 * changed: Support for Google Talk chat accounts removed * fixed: OpenPGP signatures were broken when "Primary Password" dialog remained open * fixed: Various security fixes - Security fixes (MFSA 2022-31) (bsc#1201758): - CVE-2022-36319: Fixed mouse Position spoofing with CSS transforms (bmo#1737722) - CVE-2022-36318: Fixed directory indexes for bundled resources reflected URL parameters (bmo#1771774) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2748=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2748=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2748=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2748=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2748=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2748=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.12.0-150200.8.79.1 MozillaThunderbird-debuginfo-91.12.0-150200.8.79.1 MozillaThunderbird-debugsource-91.12.0-150200.8.79.1 MozillaThunderbird-translations-common-91.12.0-150200.8.79.1 MozillaThunderbird-translations-other-91.12.0-150200.8.79.1 References: https://www.suse.com/security/cve/CVE-2022-36318.html https://www.suse.com/security/cve/CVE-2022-36319.html https://bugzilla.suse.com/1201758 From sle-updates at lists.suse.com Wed Aug 10 16:22:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:22:41 +0200 (CEST) Subject: SUSE-RU-2022:2755-1: moderate: Recommended update for suse-xsl-stylesheets Message-ID: <20220810162241.124D8FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-xsl-stylesheets ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2755-1 Rating: moderate References: #1187783 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-xsl-stylesheets fixes the following issues: Changes in suse-xsl-stylesheets: - Update SUSE stylesheets - New three-column layout - Update translation strings - Replace old SUSE logo - Update 2.86.0 - Update to JQuery 1.12.4 (#485) - Fix color issues (#486) - Add new section "creating a new release" in README - Update 2.85.2 - Fix single h1 issue in HTML in #484 (improves SEO) - update README - Update 2.85.1 - Fix #453: colors in works now - update README - Add requirement for google-poppins-fonts - Update to 2.85.0 - Fix #479: Typo fix in parameter qnumber -> number - Fix #478: reduce length count for socialmedia and search description to 150 - Fix #474: Support alt/title attributes in images - Fix #455: Add missing strings for HTML output - Fix #286: Rudimentary style element - Update to 2.84.1 - Fix #454: Implement color for phrase/para - Fix #470: Make "Report bug" links attached to titles - Update to 2.84.0: - Fix #96: Remove SUSE address - Fix #458: figure-label for fr-fr: remove stray letter "t" - Fix #458: Add missing datetime format for zh_* - Fix #465: Replace old SUSE logo for suse2013 - Fix #463: Use correct inline color for screen - Add README for SUSE's SASS customization https://github.com/openSUSE/suse-xsl/releases/tag/2.84.0 - Beta release of the SUSE XSL stylesheets 2.83.0: https://github.com/openSUSE/suse-xsl/releases/tag/2.83.0 - PDF/HTML - A variety of small, but important bug fixes for the SUSE 2022 stylesheets, including a fix for a PDF build breaker - Remove obsolete susexsl-fetch-source-git script (bsc#1187783) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2755=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2755=1 Package List: - openSUSE Leap 15.4 (noarch): suse-xsl-stylesheets-2.86.0-150300.3.3.1 - openSUSE Leap 15.3 (noarch): suse-xsl-stylesheets-2.86.0-150300.3.3.1 References: https://bugzilla.suse.com/1187783 From sle-updates at lists.suse.com Wed Aug 10 16:23:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:23:13 +0200 (CEST) Subject: SUSE-RU-2022:2756-1: moderate: Recommended update for rust-cbindgen Message-ID: <20220810162313.D7BB1FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust-cbindgen ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2756-1 Rating: moderate References: Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rust-cbindgen fixes the following issues: rust-cbindgen was updated to version 0.23.0+git0: * constant: Make const.allow_constexpr default to true. * constant: Allow more constexpr constants. * Update syn dependency to at least 1.0.88 Update to version 0.22.0+git0: * Support rename rule for union body members. * constant: Add support for other expressions WebRender uses. * constant: Add support for associated constant expressions. * Fix regression in CamelCase rename rule (should be lowerCamelCase) * enumeration: simplify standard types in variants. * Avoid generating and writing bindings when called recursively * Cython: Omit per-variant tags in unions generated for Rust enums * Update various dependencies. * v0.21.0 Update to version 0.21.0+git0: * Remove etesync from readme. * Update docs.md * Remove wgpu-native from users. * Address clippy lint. * unraw the identifiers * Silence some dead_code warnings. Update to version 0.20.0+git0: * Don't use `check` profile when expanding code on a release build * Update --pretty=expanded to -Zunpretty=expanded * Fix some clippy lints. * Simplify Pin to T * add `Builder::with_using_namespaces` * Ignore PhantomPinned * Move the target-guessing code from #676 to its own function. * Only fetch dependencies for current platform by default (#676) - Update vendored dependencies to resolve potential memory corruption in dependency ( RUSTSEC-2021-0003 ) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2756=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2756=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rust-cbindgen-0.23.0+git0-150000.1.12.1 rust-cbindgen-debuginfo-0.23.0+git0-150000.1.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): rust-cbindgen-0.23.0+git0-150000.1.12.1 References: From sle-updates at lists.suse.com Wed Aug 10 16:23:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:23:44 +0200 (CEST) Subject: SUSE-SU-2022:2763-1: moderate: Security update for sssd Message-ID: <20220810162344.11ACCFF0F@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2763-1 Rating: moderate References: #1182058 #1189492 #1190775 #1195552 #1196166 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3621 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommand (bsc#1189492). - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attributte (bsc#1190775) - Fix 32-bit libraries package. Libraries were moved from sssd to sssd-common but baselibs.conf was not updated accordingly (bsc#1182058, bsc#1196166) - Remove caches only when performing a package downgrade. The sssd daemon takes care of upgrading the database format when necessary (bsc#1195552) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2763=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2763=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-2.5.2-150400.4.5.14 libipa_hbac0-2.5.2-150400.4.5.14 libipa_hbac0-debuginfo-2.5.2-150400.4.5.14 libnfsidmap-sss-2.5.2-150400.4.5.14 libnfsidmap-sss-debuginfo-2.5.2-150400.4.5.14 libsss_certmap-devel-2.5.2-150400.4.5.14 libsss_certmap0-2.5.2-150400.4.5.14 libsss_certmap0-debuginfo-2.5.2-150400.4.5.14 libsss_idmap-devel-2.5.2-150400.4.5.14 libsss_idmap0-2.5.2-150400.4.5.14 libsss_idmap0-debuginfo-2.5.2-150400.4.5.14 libsss_nss_idmap-devel-2.5.2-150400.4.5.14 libsss_nss_idmap0-2.5.2-150400.4.5.14 libsss_nss_idmap0-debuginfo-2.5.2-150400.4.5.14 libsss_simpleifp-devel-2.5.2-150400.4.5.14 libsss_simpleifp0-2.5.2-150400.4.5.14 libsss_simpleifp0-debuginfo-2.5.2-150400.4.5.14 python3-ipa_hbac-2.5.2-150400.4.5.14 python3-ipa_hbac-debuginfo-2.5.2-150400.4.5.14 python3-sss-murmur-2.5.2-150400.4.5.14 python3-sss-murmur-debuginfo-2.5.2-150400.4.5.14 python3-sss_nss_idmap-2.5.2-150400.4.5.14 python3-sss_nss_idmap-debuginfo-2.5.2-150400.4.5.14 python3-sssd-config-2.5.2-150400.4.5.14 python3-sssd-config-debuginfo-2.5.2-150400.4.5.14 sssd-2.5.2-150400.4.5.14 sssd-ad-2.5.2-150400.4.5.14 sssd-ad-debuginfo-2.5.2-150400.4.5.14 sssd-common-2.5.2-150400.4.5.14 sssd-common-debuginfo-2.5.2-150400.4.5.14 sssd-dbus-2.5.2-150400.4.5.14 sssd-dbus-debuginfo-2.5.2-150400.4.5.14 sssd-debugsource-2.5.2-150400.4.5.14 sssd-ipa-2.5.2-150400.4.5.14 sssd-ipa-debuginfo-2.5.2-150400.4.5.14 sssd-kcm-2.5.2-150400.4.5.14 sssd-kcm-debuginfo-2.5.2-150400.4.5.14 sssd-krb5-2.5.2-150400.4.5.14 sssd-krb5-common-2.5.2-150400.4.5.14 sssd-krb5-common-debuginfo-2.5.2-150400.4.5.14 sssd-krb5-debuginfo-2.5.2-150400.4.5.14 sssd-ldap-2.5.2-150400.4.5.14 sssd-ldap-debuginfo-2.5.2-150400.4.5.14 sssd-proxy-2.5.2-150400.4.5.14 sssd-proxy-debuginfo-2.5.2-150400.4.5.14 sssd-tools-2.5.2-150400.4.5.14 sssd-tools-debuginfo-2.5.2-150400.4.5.14 sssd-winbind-idmap-2.5.2-150400.4.5.14 sssd-winbind-idmap-debuginfo-2.5.2-150400.4.5.14 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-2.5.2-150400.4.5.14 libipa_hbac0-2.5.2-150400.4.5.14 libipa_hbac0-debuginfo-2.5.2-150400.4.5.14 libsss_certmap-devel-2.5.2-150400.4.5.14 libsss_certmap0-2.5.2-150400.4.5.14 libsss_certmap0-debuginfo-2.5.2-150400.4.5.14 libsss_idmap-devel-2.5.2-150400.4.5.14 libsss_idmap0-2.5.2-150400.4.5.14 libsss_idmap0-debuginfo-2.5.2-150400.4.5.14 libsss_nss_idmap-devel-2.5.2-150400.4.5.14 libsss_nss_idmap0-2.5.2-150400.4.5.14 libsss_nss_idmap0-debuginfo-2.5.2-150400.4.5.14 libsss_simpleifp-devel-2.5.2-150400.4.5.14 libsss_simpleifp0-2.5.2-150400.4.5.14 libsss_simpleifp0-debuginfo-2.5.2-150400.4.5.14 python3-sssd-config-2.5.2-150400.4.5.14 python3-sssd-config-debuginfo-2.5.2-150400.4.5.14 sssd-2.5.2-150400.4.5.14 sssd-ad-2.5.2-150400.4.5.14 sssd-ad-debuginfo-2.5.2-150400.4.5.14 sssd-common-2.5.2-150400.4.5.14 sssd-common-debuginfo-2.5.2-150400.4.5.14 sssd-dbus-2.5.2-150400.4.5.14 sssd-dbus-debuginfo-2.5.2-150400.4.5.14 sssd-debugsource-2.5.2-150400.4.5.14 sssd-ipa-2.5.2-150400.4.5.14 sssd-ipa-debuginfo-2.5.2-150400.4.5.14 sssd-kcm-2.5.2-150400.4.5.14 sssd-kcm-debuginfo-2.5.2-150400.4.5.14 sssd-krb5-2.5.2-150400.4.5.14 sssd-krb5-common-2.5.2-150400.4.5.14 sssd-krb5-common-debuginfo-2.5.2-150400.4.5.14 sssd-krb5-debuginfo-2.5.2-150400.4.5.14 sssd-ldap-2.5.2-150400.4.5.14 sssd-ldap-debuginfo-2.5.2-150400.4.5.14 sssd-proxy-2.5.2-150400.4.5.14 sssd-proxy-debuginfo-2.5.2-150400.4.5.14 sssd-tools-2.5.2-150400.4.5.14 sssd-tools-debuginfo-2.5.2-150400.4.5.14 sssd-winbind-idmap-2.5.2-150400.4.5.14 sssd-winbind-idmap-debuginfo-2.5.2-150400.4.5.14 References: https://www.suse.com/security/cve/CVE-2021-3621.html https://bugzilla.suse.com/1182058 https://bugzilla.suse.com/1189492 https://bugzilla.suse.com/1190775 https://bugzilla.suse.com/1195552 https://bugzilla.suse.com/1196166 From sle-updates at lists.suse.com Wed Aug 10 16:24:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:24:38 +0200 (CEST) Subject: SUSE-SU-2022:2766-1: important: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) Message-ID: <20220810162438.D0022FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 7 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2766-1 Rating: important References: #1200605 #1201080 #1201222 #1201517 #1201656 #1201657 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVE-2022-34918 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_27 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2766=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_27-default-15-150300.2.2 kernel-livepatch-5_3_18-59_27-default-debuginfo-15-150300.2.2 kernel-livepatch-SLE15-SP3_Update_7-debugsource-15-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Wed Aug 10 16:25:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:25:42 +0200 (CEST) Subject: SUSE-RU-2022:2760-1: moderate: Recommended update for clamsap Message-ID: <20220810162542.5ABDFFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamsap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2760-1 Rating: moderate References: PED-805 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for clamsap fixes the following issues: clamsap was updated to version 0.104 (jsc#PED-805) * Relax javascript check in PDF * use https source url, also https URL * Wildcard support for MIME type lists * Fix SAR file content scan * Add option for PDF active content * Remove own default settings from VsaGetConfig and rely on clamav defaults * Change default virusname in case clamav does not return any virus name. * Limit pcre calls * Increase Version because tested with latest clam engine * Support new parameter SCANHEURISTICLEVEL Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-2760=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2760=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (ppc64le x86_64): clamsap-0.104.2-3.6.1 clamsap-debuginfo-0.104.2-3.6.1 clamsap-debugsource-0.104.2-3.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): clamsap-0.104.2-3.6.1 clamsap-debuginfo-0.104.2-3.6.1 clamsap-debugsource-0.104.2-3.6.1 References: From sle-updates at lists.suse.com Wed Aug 10 16:26:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:26:13 +0200 (CEST) Subject: SUSE-RU-2022:2753-1: moderate: Recommended update for libpulp Message-ID: <20220810162613.2D0CDFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpulp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2753-1 Rating: moderate References: #1200129 #1200316 SLE-20049 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for libpulp fixes the following issues: - Fix ulp tool not patching on high process count (bsc#1200316). - Implement a timeout feature in case of deadlocks. - Fix ulp tool crashing on high process count (bsc#1200316). - Avoid parsing /proc//comm when not needed. Update package with libpulp-0.2.4. - Fix dlsym interposition changing program behaviour (bsc#1200129) - Fix free call of mmap'ed buffers (bsc#1200129) - Fix error message when user has no permission to open livepatch. Update package with libpulp-0.2.3 (jsc#SLE-20049). - Add support for endbr64 instructions on function beginning. - Fix use-after-free bug. - Fix compilation in Tumbleweed. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2753=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (x86_64): libpulp-debuginfo-0.2.4-150400.3.3.1 libpulp-debugsource-0.2.4-150400.3.3.1 libpulp-tools-0.2.4-150400.3.3.1 libpulp-tools-debuginfo-0.2.4-150400.3.3.1 libpulp0-0.2.4-150400.3.3.1 libpulp0-debuginfo-0.2.4-150400.3.3.1 References: https://bugzilla.suse.com/1200129 https://bugzilla.suse.com/1200316 From sle-updates at lists.suse.com Wed Aug 10 16:27:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:27:02 +0200 (CEST) Subject: SUSE-SU-2022:2745-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) Message-ID: <20220810162702.78521FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2745-1 Rating: important References: #1200605 #1201080 #1201517 #1201655 #1201656 #1201657 Cross-References: CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_110 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2743=1 SUSE-SLE-Live-Patching-12-SP5-2022-2744=1 SUSE-SLE-Live-Patching-12-SP5-2022-2745=1 SUSE-SLE-Live-Patching-12-SP5-2022-2764=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-13-2.2 kgraft-patch-4_12_14-122_106-default-11-2.2 kgraft-patch-4_12_14-122_110-default-9-2.2 kgraft-patch-4_12_14-122_113-default-8-2.2 References: https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201655 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Wed Aug 10 16:28:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:28:20 +0200 (CEST) Subject: SUSE-RU-2022:2758-1: moderate: Recommended update for clamsap Message-ID: <20220810162820.209BEFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for clamsap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2758-1 Rating: moderate References: PED-805 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for clamsap fixes the following issues: clamsap was updated to version 0.104 (jsc#PED-805) * Relax javascript check in PDF * use https source url, also https URL * Wildcard support for MIME type lists * Fix SAR file content scan * Add option for PDF active content * Remove own default settings from VsaGetConfig and rely on clamav defaults * Change default virusname in case clamav does not return any virus name. * Limit pcre calls * Increase Version because tested with latest clam engine * Support new parameter SCANHEURISTICLEVEL Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2758=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2758=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-2758=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-2758=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-2758=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-2758=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-2758=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): clamsap-0.104.2-150000.4.6.1 clamsap-debuginfo-0.104.2-150000.4.6.1 clamsap-debugsource-0.104.2-150000.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): clamsap-0.104.2-150000.4.6.1 clamsap-debuginfo-0.104.2-150000.4.6.1 clamsap-debugsource-0.104.2-150000.4.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (aarch64 ppc64le s390x x86_64): clamsap-0.104.2-150000.4.6.1 clamsap-debuginfo-0.104.2-150000.4.6.1 clamsap-debugsource-0.104.2-150000.4.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (aarch64 ppc64le s390x x86_64): clamsap-0.104.2-150000.4.6.1 clamsap-debuginfo-0.104.2-150000.4.6.1 clamsap-debugsource-0.104.2-150000.4.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (aarch64 ppc64le s390x x86_64): clamsap-0.104.2-150000.4.6.1 clamsap-debuginfo-0.104.2-150000.4.6.1 clamsap-debugsource-0.104.2-150000.4.6.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (aarch64 ppc64le s390x x86_64): clamsap-0.104.2-150000.4.6.1 clamsap-debuginfo-0.104.2-150000.4.6.1 clamsap-debugsource-0.104.2-150000.4.6.1 - SUSE Linux Enterprise Module for SAP Applications 15 (aarch64 ppc64le s390x x86_64): clamsap-0.104.2-150000.4.6.1 clamsap-debuginfo-0.104.2-150000.4.6.1 clamsap-debugsource-0.104.2-150000.4.6.1 References: From sle-updates at lists.suse.com Wed Aug 10 16:28:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:28:54 +0200 (CEST) Subject: SUSE-SU-2022:2761-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) Message-ID: <20220810162854.D2FC7FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2761-1 Rating: important References: #1196959 #1199648 Cross-References: CVE-2021-39698 CVE-2022-1116 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_87 fixes several issues. The following security issues were fixed: - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2761=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_87-default-2-150300.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-1116.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1199648 From sle-updates at lists.suse.com Wed Aug 10 16:29:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:29:34 +0200 (CEST) Subject: SUSE-SU-2022:2747-1: important: Security update for oracleasm Message-ID: <20220810162934.DD776FF0F@maintenance.suse.de> SUSE Security Update: Security update for oracleasm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2747-1 Rating: important References: #1198581 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of oracleasm fixes the following issue: - rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-2747=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): oracleasm-kmp-rt-2.0.8_k4.12.14_10.94-4.6.2 oracleasm-kmp-rt-debuginfo-2.0.8_k4.12.14_10.94-4.6.2 References: https://bugzilla.suse.com/1198581 From sle-updates at lists.suse.com Wed Aug 10 16:30:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 10 Aug 2022 18:30:10 +0200 (CEST) Subject: SUSE-RU-2022:2753-1: moderate: Recommended update for libpulp Message-ID: <20220810163010.1340CFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpulp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2753-1 Rating: moderate References: #1200129 #1200316 SLE-20049 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for libpulp fixes the following issues: - Fix ulp tool not patching on high process count (bsc#1200316). - Implement a timeout feature in case of deadlocks. - Fix ulp tool crashing on high process count (bsc#1200316). - Avoid parsing /proc//comm when not needed. Update package with libpulp-0.2.4. - Fix dlsym interposition changing program behaviour (bsc#1200129) - Fix free call of mmap'ed buffers (bsc#1200129) - Fix error message when user has no permission to open livepatch. Update package with libpulp-0.2.3 (jsc#SLE-20049). - Add support for endbr64 instructions on function beginning. - Fix use-after-free bug. - Fix compilation in Tumbleweed. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2753=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2753=1 Package List: - openSUSE Leap 15.4 (x86_64): libpulp-debuginfo-0.2.4-150400.3.3.1 libpulp-debugsource-0.2.4-150400.3.3.1 libpulp-tools-0.2.4-150400.3.3.1 libpulp-tools-debuginfo-0.2.4-150400.3.3.1 libpulp0-0.2.4-150400.3.3.1 libpulp0-debuginfo-0.2.4-150400.3.3.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (x86_64): libpulp-debuginfo-0.2.4-150400.3.3.1 libpulp-debugsource-0.2.4-150400.3.3.1 libpulp-tools-0.2.4-150400.3.3.1 libpulp-tools-debuginfo-0.2.4-150400.3.3.1 libpulp0-0.2.4-150400.3.3.1 libpulp0-debuginfo-0.2.4-150400.3.3.1 References: https://bugzilla.suse.com/1200129 https://bugzilla.suse.com/1200316 From sle-updates at lists.suse.com Wed Aug 10 22:17:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2022 00:17:06 +0200 (CEST) Subject: SUSE-SU-2022:2770-1: important: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3) Message-ID: <20220810221706.314DCFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 9 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2770-1 Rating: important References: #1200605 #1201080 #1201222 #1201517 #1201656 #1201657 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVE-2022-34918 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_34 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2768=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2769=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2770=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-2773=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_19-default-17-150300.2.2 kernel-livepatch-5_3_18-59_19-default-debuginfo-17-150300.2.2 kernel-livepatch-5_3_18-59_24-default-15-150300.2.2 kernel-livepatch-5_3_18-59_24-default-debuginfo-15-150300.2.2 kernel-livepatch-5_3_18-59_34-default-14-150300.2.2 kernel-livepatch-5_3_18-59_34-default-debuginfo-14-150300.2.2 kernel-livepatch-5_3_18-59_37-default-13-150300.2.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-13-150300.2.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-13-150300.2.2 kernel-livepatch-SLE15-SP3_Update_5-debugsource-17-150300.2.2 kernel-livepatch-SLE15-SP3_Update_6-debugsource-15-150300.2.2 kernel-livepatch-SLE15-SP3_Update_9-debugsource-14-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Thu Aug 11 01:16:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2022 03:16:50 +0200 (CEST) Subject: SUSE-SU-2022:2776-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP2) Message-ID: <20220811011650.F2B7DFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2776-1 Rating: important References: #1200605 #1201080 #1201517 #1201656 #1201657 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_102 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2771=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2772=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2774=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2775=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2776=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2777=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-2778=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_102-default-11-150200.2.2 kernel-livepatch-5_3_18-24_102-default-debuginfo-11-150200.2.2 kernel-livepatch-5_3_18-24_107-default-10-150200.2.2 kernel-livepatch-5_3_18-24_107-default-debuginfo-10-150200.2.2 kernel-livepatch-5_3_18-24_78-default-17-150200.2.2 kernel-livepatch-5_3_18-24_78-default-debuginfo-17-150200.2.2 kernel-livepatch-5_3_18-24_83-default-15-150200.2.2 kernel-livepatch-5_3_18-24_83-default-debuginfo-15-150200.2.2 kernel-livepatch-5_3_18-24_86-default-15-150200.2.2 kernel-livepatch-5_3_18-24_86-default-debuginfo-15-150200.2.2 kernel-livepatch-5_3_18-24_96-default-13-150200.2.2 kernel-livepatch-5_3_18-24_96-default-debuginfo-13-150200.2.2 kernel-livepatch-5_3_18-24_99-default-12-150200.2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-12-150200.2.2 kernel-livepatch-SLE15-SP2_Update_18-debugsource-17-150200.2.2 kernel-livepatch-SLE15-SP2_Update_19-debugsource-15-150200.2.2 kernel-livepatch-SLE15-SP2_Update_20-debugsource-15-150200.2.2 kernel-livepatch-SLE15-SP2_Update_22-debugsource-13-150200.2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-12-150200.2.2 kernel-livepatch-SLE15-SP2_Update_24-debugsource-11-150200.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-10-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Thu Aug 11 07:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2022 09:16:32 +0200 (CEST) Subject: SUSE-SU-2022:2779-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) Message-ID: <20220811071632.1401DFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2779-1 Rating: important References: #1200605 #1201080 Cross-References: CVE-2022-1679 CVE-2022-20141 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_112 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2779=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-6-150200.2.2 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-6-150200.2.2 kernel-livepatch-SLE15-SP2_Update_26-debugsource-6-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 From sle-updates at lists.suse.com Thu Aug 11 07:30:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2022 09:30:51 +0200 (CEST) Subject: SUSE-CU-2022:1830-1: Security update of bci/dotnet-sdk Message-ID: <20220811073051.6B025FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1830-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-45.1 , bci/dotnet-sdk:3.1.28 , bci/dotnet-sdk:3.1.28-45.1 Container Release : 45.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Thu Aug 11 10:16:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2022 12:16:35 +0200 (CEST) Subject: SUSE-SU-2022:2781-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2) Message-ID: <20220811101635.E3C3AFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2781-1 Rating: important References: #1200605 #1201080 Cross-References: CVE-2022-1679 CVE-2022-20141 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_115 fixes several issues. The following security issues were fixed: - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2781=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_115-default-4-150200.2.1 kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-4-150200.2.1 kernel-livepatch-SLE15-SP2_Update_27-debugsource-4-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 From sle-updates at lists.suse.com Thu Aug 11 10:17:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2022 12:17:24 +0200 (CEST) Subject: SUSE-SU-2022:2780-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP5) Message-ID: <20220811101724.3BC82FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2780-1 Rating: important References: #1200605 #1201080 #1201517 #1201655 #1201656 #1201657 Cross-References: CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_88 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2780=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_88-default-15-2.2 References: https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201655 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Thu Aug 11 13:15:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2022 15:15:43 +0200 (CEST) Subject: SUSE-SU-2022:2783-1: important: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP2) Message-ID: <20220811131543.8FAD4FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2783-1 Rating: important References: #1200605 #1201080 #1201517 #1201656 #1201657 Cross-References: CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_93 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2783=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_93-default-14-150200.2.2 kernel-livepatch-5_3_18-24_93-default-debuginfo-14-150200.2.2 kernel-livepatch-SLE15-SP2_Update_21-debugsource-14-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Thu Aug 11 19:14:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 11 Aug 2022 21:14:28 +0200 (CEST) Subject: SUSE-SU-2022:2788-1: important: Security update for dbus-1 Message-ID: <20220811191428.6264EFF0F@maintenance.suse.de> SUSE Security Update: Security update for dbus-1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2788-1 Rating: important References: #1187105 Cross-References: CVE-2020-35512 CVSS scores: CVE-2020-35512 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-35512 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dbus-1 fixes the following issues: - CVE-2020-35512: Fixed a memory safety issue which affected systems with users with the same numeric UID (bsc#1187105). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2788=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dbus-1-1.8.22-24.22.1 dbus-1-debuginfo-1.8.22-24.22.1 dbus-1-debuginfo-32bit-1.8.22-24.22.1 dbus-1-debugsource-1.8.22-24.22.1 dbus-1-x11-1.8.22-24.22.1 dbus-1-x11-debuginfo-1.8.22-24.22.1 dbus-1-x11-debugsource-1.8.22-24.22.1 libdbus-1-3-1.8.22-24.22.1 libdbus-1-3-32bit-1.8.22-24.22.1 libdbus-1-3-debuginfo-1.8.22-24.22.1 libdbus-1-3-debuginfo-32bit-1.8.22-24.22.1 References: https://www.suse.com/security/cve/CVE-2020-35512.html https://bugzilla.suse.com/1187105 From sle-updates at lists.suse.com Thu Aug 11 22:15:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 00:15:48 +0200 (CEST) Subject: SUSE-SU-2022:2789-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP5) Message-ID: <20220811221548.BF6CCFF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2789-1 Rating: important References: #1200605 #1201080 #1201517 #1201655 #1201656 #1201657 Cross-References: CVE-2022-1419 CVE-2022-1679 CVE-2022-20141 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2022-1419 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1419 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_83 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-2785=1 SUSE-SLE-Live-Patching-12-SP5-2022-2786=1 SUSE-SLE-Live-Patching-12-SP5-2022-2789=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_83-default-17-2.2 kgraft-patch-4_12_14-122_91-default-15-2.2 kgraft-patch-4_12_14-122_98-default-13-2.2 References: https://www.suse.com/security/cve/CVE-2022-1419.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201655 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Fri Aug 12 07:38:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 09:38:36 +0200 (CEST) Subject: SUSE-CU-2022:1835-1: Security update of suse/sle15 Message-ID: <20220812073836.4A89CFF0D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1835-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.592 Container Release : 4.22.592 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated From sle-updates at lists.suse.com Fri Aug 12 07:39:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 09:39:14 +0200 (CEST) Subject: SUSE-CU-2022:1836-1: Security update of bci/bci-micro Message-ID: <20220812073914.D185AFF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1836-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.19.16 Container Release : 19.16 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated From sle-updates at lists.suse.com Fri Aug 12 07:44:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 09:44:29 +0200 (CEST) Subject: SUSE-CU-2022:1837-1: Security update of bci/nodejs Message-ID: <20220812074429.4C029FF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1837-1 Container Tags : bci/node:12 , bci/node:12-16.134 , bci/nodejs:12 , bci/nodejs:12-16.134 Container Release : 16.134 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-17.20.12 updated From sle-updates at lists.suse.com Fri Aug 12 07:45:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 09:45:28 +0200 (CEST) Subject: SUSE-CU-2022:1839-1: Security update of bci/rust Message-ID: <20220812074528.A69EDFF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1839-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-6.1 Container Release : 6.1 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - container:sles15-image-15.0.0-27.11.10 updated From sle-updates at lists.suse.com Fri Aug 12 13:14:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 15:14:50 +0200 (CEST) Subject: SUSE-RU-2022:2792-1: moderate: Recommended update for drbd Message-ID: <20220812131450.1E204FF0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2792-1 Rating: moderate References: #1197431 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issues: - resync speed is cut by 90+% after resize (bsc#1197431) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2792=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-11.21.2 drbd-debugsource-9.0.14+git.62f906cf-11.21.2 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_122.130-11.21.2 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_122.130-11.21.2 References: https://bugzilla.suse.com/1197431 From sle-updates at lists.suse.com Fri Aug 12 13:15:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 15:15:18 +0200 (CEST) Subject: SUSE-FU-2022:2794-1: moderate: Feature update for ongres-scram, ongres-stringprep, postgresql-jdbc Message-ID: <20220812131518.F085AFF0D@maintenance.suse.de> SUSE Feature Update: Feature update for ongres-scram, ongres-stringprep, postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2794-1 Rating: moderate References: #1196693 #1197356 SLE-23994 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This feature update for ongres-scram, ongres-stringprep, postgresql-jdbc provides: ongres-scram: - Upgrade from version 1.0.0-beta.2 to version 2.1. (jsc#SLE-23994) * Add standard `SASLPrep` (bsc#1196693, jsc#SLE-23994) * Failover to bouncy castle implementation of `PBKDF2WithHmacSHA256` to support Oracle JDK 7 * Updated `saslprep` to version 1.1 to remove a build dependency coming from the `stringprep` module ongres-stringprep: - Introduce `ongres-stringprep` 1.1 as dependency of `ongres-scram`. (bsc#1196693, jsc#SLE-23994) postgresql-jdbc: - CVE-2022-26520: Fixed arbitrary File Write Vulnerability (bsc#1197356) - Upgrade postgresql-jdbc from version 42.2.16 to version 42.2.25 (jsc#SLE-23994) * Use `SASLprep` normalization for SCRAM authentication and fixes issues with spaces in passwords. (bsc#1196693) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2794=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2794=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-2794=1 Package List: - openSUSE Leap 15.3 (noarch): ongres-scram-2.1-150300.3.3.4 ongres-scram-client-2.1-150300.3.3.4 ongres-scram-javadoc-2.1-150300.3.3.4 ongres-scram-parent-2.1-150300.3.3.4 ongres-stringprep-1.1-150300.7.3.4 ongres-stringprep-codegenerator-1.1-150300.7.3.4 ongres-stringprep-javadoc-1.1-150300.7.3.4 ongres-stringprep-parent-1.1-150300.7.3.4 ongres-stringprep-saslprep-1.1-150300.7.3.4 postgresql-jdbc-42.2.25-150300.3.5.2 postgresql-jdbc-javadoc-42.2.25-150300.3.5.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): ongres-scram-2.1-150300.3.3.4 ongres-scram-client-2.1-150300.3.3.4 ongres-stringprep-1.1-150300.7.3.4 ongres-stringprep-saslprep-1.1-150300.7.3.4 postgresql-jdbc-42.2.25-150300.3.5.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): ongres-scram-2.1-150300.3.3.4 ongres-scram-client-2.1-150300.3.3.4 ongres-stringprep-1.1-150300.7.3.4 ongres-stringprep-saslprep-1.1-150300.7.3.4 postgresql-jdbc-42.2.25-150300.3.5.2 References: https://www.suse.com/security/cve/CVE-2022-26520.html https://bugzilla.suse.com/1196693 https://bugzilla.suse.com/1197356 From sle-updates at lists.suse.com Fri Aug 12 13:15:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 15:15:53 +0200 (CEST) Subject: SUSE-RU-2022:2791-1: moderate: Recommended update for supportutils-plugin-ha-sap Message-ID: <20220812131553.DD568FF0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ha-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2791-1 Rating: moderate References: #1201831 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ha-sap fixes the following issues: - Update to version 0.0.3+git.1659022100.39bfcd6: * Update README.md * Replace spaces to tabs. * Search for other groups too. * Include /etc/group in plugin-ha_sap.txt (bsc#1201831) * Update ha_sap * Update pacemaker.log location change * suppress link path in Readme.md * add section 'Additional information' to the Readme.md Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-2791=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2791=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-1.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-1.9.1 References: https://bugzilla.suse.com/1201831 From sle-updates at lists.suse.com Fri Aug 12 13:16:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 15:16:21 +0200 (CEST) Subject: SUSE-SU-2022:2793-1: moderate: Security update for python-numpy Message-ID: <20220812131621.A6195FF0F@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2793-1 Rating: moderate References: #1193911 Cross-References: CVE-2021-41495 CVSS scores: CVE-2021-41495 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-41495 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-numpy fixes the following issues: - CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort (bsc#1193911). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2022-2793=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): python-numpy_1_13_3-gnu-hpc-1.13.3-4.15.1 python-numpy_1_13_3-gnu-hpc-debuginfo-1.13.3-4.15.1 python-numpy_1_13_3-gnu-hpc-debugsource-1.13.3-4.15.1 python-numpy_1_13_3-gnu-hpc-devel-1.13.3-4.15.1 python2-numpy-gnu-hpc-1.13.3-4.15.1 python2-numpy-gnu-hpc-devel-1.13.3-4.15.1 python3-numpy-gnu-hpc-1.13.3-4.15.1 python3-numpy-gnu-hpc-devel-1.13.3-4.15.1 python3-numpy_1_13_3-gnu-hpc-1.13.3-4.15.1 python3-numpy_1_13_3-gnu-hpc-debuginfo-1.13.3-4.15.1 python3-numpy_1_13_3-gnu-hpc-devel-1.13.3-4.15.1 References: https://www.suse.com/security/cve/CVE-2021-41495.html https://bugzilla.suse.com/1193911 From sle-updates at lists.suse.com Fri Aug 12 13:16:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 15:16:56 +0200 (CEST) Subject: SUSE-RU-2022:2790-1: moderate: Recommended update for supportutils-plugin-ha-sap Message-ID: <20220812131656.9A60BFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ha-sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2790-1 Rating: moderate References: #1201831 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ha-sap fixes the following issues: - Update to version 0.0.3+git.1659022100.39bfcd6: * Update README.md * Replace spaces to tabs. * Search for other groups too. * Include /etc/group in plugin-ha_sap.txt (bsc#1201831) * Update ha_sap * Update pacemaker.log location change * suppress link path in Readme.md * add section 'Additional information' to the Readme.md * change release status of the project Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2790=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2790=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-2790=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-2790=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-2790=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-2790=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-2790=1 Package List: - openSUSE Leap 15.4 (noarch): supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-150000.1.9.1 - openSUSE Leap 15.3 (noarch): supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-150000.1.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-150000.1.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-150000.1.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-150000.1.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-150000.1.9.1 - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): supportutils-plugin-ha-sap-0.0.3+git.1659022100.39bfcd6-150000.1.9.1 References: https://bugzilla.suse.com/1201831 From sle-updates at lists.suse.com Fri Aug 12 16:15:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 18:15:13 +0200 (CEST) Subject: SUSE-OU-2022:2795-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220812161513.AADFAFF0D@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:2795-1 Rating: moderate References: #1201760 MSC-391 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one optional fix and contains one feature can now be installed. Description: This optional update provides the following changes: - Fix grafana missing binaries in SUSE Linux Enterprise Desktop 15 Service Pack 4 via PackageHub (bsc#1201055) - Affected source packages: grafana grafana-piechart-panel grafana-status-panel system-user-grafana Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2795=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2795=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2795=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): grafana-8.3.5-150200.3.23.1 grafana-debuginfo-8.3.5-150200.3.23.1 - openSUSE Leap 15.4 (noarch): grafana-piechart-panel-1.6.1-150200.3.8.1 grafana-status-panel-1.0.11-150200.3.10.1 system-user-grafana-1.0.0-150200.5.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grafana-8.3.5-150200.3.23.1 grafana-debuginfo-8.3.5-150200.3.23.1 - openSUSE Leap 15.3 (noarch): grafana-piechart-panel-1.6.1-150200.3.8.1 grafana-status-panel-1.0.11-150200.3.10.1 system-user-grafana-1.0.0-150200.5.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): grafana-8.3.5-150200.3.23.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): grafana-piechart-panel-1.6.1-150200.3.8.1 grafana-status-panel-1.0.11-150200.3.10.1 system-user-grafana-1.0.0-150200.5.5.1 References: https://bugzilla.suse.com/1201760 From sle-updates at lists.suse.com Fri Aug 12 16:15:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 18:15:47 +0200 (CEST) Subject: SUSE-RU-2022:2796-1: moderate: Recommended update for jitterentropy Message-ID: <20220812161547.737F0FF0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for jitterentropy ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2796-1 Rating: moderate References: SLE-24941 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2796=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2796=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): jitterentropy-devel-3.4.0-150000.1.3.1 jitterentropy-devel-static-3.4.0-150000.1.3.1 libjitterentropy3-3.4.0-150000.1.3.1 - openSUSE Leap 15.4 (x86_64): jitterentropy-devel-32bit-3.4.0-150000.1.3.1 libjitterentropy3-32bit-3.4.0-150000.1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): jitterentropy-devel-3.4.0-150000.1.3.1 jitterentropy-devel-static-3.4.0-150000.1.3.1 libjitterentropy3-3.4.0-150000.1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): jitterentropy-devel-32bit-3.4.0-150000.1.3.1 libjitterentropy3-32bit-3.4.0-150000.1.3.1 References: From sle-updates at lists.suse.com Fri Aug 12 19:14:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 21:14:59 +0200 (CEST) Subject: SUSE-SU-2022:2802-1: moderate: Security update for cifs-utils Message-ID: <20220812191459.DD149FF0F@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2802-1 Rating: moderate References: #1198976 Cross-References: CVE-2022-29869 CVSS scores: CVE-2022-29869 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-29869 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2802=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2802=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-debuginfo-6.9-13.23.1 cifs-utils-debugsource-6.9-13.23.1 cifs-utils-devel-6.9-13.23.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-13.23.1 cifs-utils-debuginfo-6.9-13.23.1 cifs-utils-debugsource-6.9-13.23.1 References: https://www.suse.com/security/cve/CVE-2022-29869.html https://bugzilla.suse.com/1198976 From sle-updates at lists.suse.com Fri Aug 12 19:15:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 21:15:34 +0200 (CEST) Subject: SUSE-SU-2022:2798-1: important: Security update for trousers Message-ID: <20220812191534.73836FF0F@maintenance.suse.de> SUSE Security Update: Security update for trousers ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2798-1 Rating: important References: #1164472 Cross-References: CVE-2020-24330 CVSS scores: CVE-2020-24330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-24330 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for trousers fixes the following issues: - CVE-2020-24330: Fixed a potential tss user to root privilege escalation issue (bsc#1164472). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2798=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2798=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2798=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2798=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libtspi1-0.3.14-150000.3.3.1 libtspi1-debuginfo-0.3.14-150000.3.3.1 trousers-0.3.14-150000.3.3.1 trousers-debuginfo-0.3.14-150000.3.3.1 trousers-debugsource-0.3.14-150000.3.3.1 trousers-devel-0.3.14-150000.3.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libtspi1-0.3.14-150000.3.3.1 libtspi1-debuginfo-0.3.14-150000.3.3.1 trousers-0.3.14-150000.3.3.1 trousers-debuginfo-0.3.14-150000.3.3.1 trousers-debugsource-0.3.14-150000.3.3.1 trousers-devel-0.3.14-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libtspi1-0.3.14-150000.3.3.1 libtspi1-debuginfo-0.3.14-150000.3.3.1 trousers-0.3.14-150000.3.3.1 trousers-debuginfo-0.3.14-150000.3.3.1 trousers-debugsource-0.3.14-150000.3.3.1 trousers-devel-0.3.14-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libtspi1-0.3.14-150000.3.3.1 libtspi1-debuginfo-0.3.14-150000.3.3.1 trousers-0.3.14-150000.3.3.1 trousers-debuginfo-0.3.14-150000.3.3.1 trousers-debugsource-0.3.14-150000.3.3.1 trousers-devel-0.3.14-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-24330.html https://bugzilla.suse.com/1164472 From sle-updates at lists.suse.com Fri Aug 12 19:16:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 21:16:16 +0200 (CEST) Subject: SUSE-SU-2022:2803-1: important: Security update for the Linux Kernel Message-ID: <20220812191616.E9863FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2803-1 Rating: important References: #1190256 #1190497 #1199291 #1199356 #1199665 #1201258 #1201323 #1201391 #1201458 #1201592 #1201593 #1201595 #1201596 #1201635 #1201651 #1201691 #1201705 #1201726 #1201846 #1201930 #1202094 SLE-21132 SLE-24569 SLE-24570 SLE-24571 SLE-24578 SLE-24635 SLE-24682 Cross-References: CVE-2021-33655 CVE-2022-21505 CVE-2022-2585 CVE-2022-26373 CVE-2022-29581 CVSS scores: CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2585 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains 7 features and has 16 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bnc#1202094). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26373: Fixed CPU info leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). The following non-security bugs were fixed: - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: Fix deadlock on resume (git-fixes). - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - batman-adv: Use netif_rx() (git-fixes). - bcmgenet: add WOL IRQ check (git-fixes). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - dm: do not stop request queue after the dm device is suspended (bsc#1201651). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - drivers: net: smc911x: Check for error irq (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - ethtool: Fix get module eeprom fallback (bsc#1201323). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fjes: Check for error irq (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim does not write the inode (bsc#1201592). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - gve: Recording rx queue before sending to napi (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - i2c: smbus: Check for parent device before dereference (git-fixes). - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - ice: Fix error with handling of bonding MTU (git-fixes). - ice: Fix race condition during interface enslave (git-fixes). - ice: stop disabling VFs due to PF error responses (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI workaround for phy_device changes (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kABI workaround for snd-soc-rt5682-* (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - kABI: fix adding field to ufs_hba (git-fixes). - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for "i2c: smbus: Use device_*() functions instead of of_*()" - kabi/severities: add intel ice - kabi/severities: add stmmac network driver local symbols - kabi/severities: ignore dropped symbol rt5682_headset_detect - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - memregion: Fix memregion_free() fallback definition (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - natsemi: xtensa: fix section mismatch warnings (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - net: altera: set a couple error code in probe() (git-fixes). - net: amd-xgbe: Fix skb data length underflow (git-fixes). - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - net: axienet: Fix TX ring slot available check (git-fixes). - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - net: axienet: add missing memory barriers (git-fixes). - net: axienet: fix for TX busy handling (git-fixes). - net: axienet: fix number of TX ring slots for available check (git-fixes). - net: axienet: increase default TX ring size to 128 (git-fixes). - net: axienet: increase reset timeout (git-fixes). - net: axienet: limit minimum TX ring size (git-fixes). - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: bcmgenet: skip invalid partial checksums (git-fixes). - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes). - net: dsa: felix: do not use devres for mdiobus (git-fixes). - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - net: dsa: lan9303: fix reset on probe (git-fixes). - net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - net: ipa: add an interconnect dependency (git-fixes). - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - net: ipa: prevent concurrent replenish (git-fixes). - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - net: ks8851: Check for error irq (git-fixes). - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - net: mscc: ocelot: fix using match before it is set (git-fixes). - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - net: mvpp2: fix XDP rx queues registering (git-fixes). - net: phy: Do not trigger state machine while in suspend (git-fixes). - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - net: sfp: ignore disabled SFP node (git-fixes). - net: sparx5: Fix add vlan when invalid operation (git-fixes). - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - net: stmmac: Add platform level debug register dump feature (git-fixes). - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - net: stmmac: fix return value of __setup handler (git-fixes). - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - net: sxgbe: fix return value of __setup handler (git-fixes). - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - netdevsim: do not overwrite read only ethtool parms (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: wait until quiesce is done (bsc#1201651). - octeontx2-af: Do not fixup all VF action entries (git-fixes). - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - octeontx2-pf: Forward error codes to VF (git-fixes). - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - posix_cpu_timers: fix race between exit_itimers() and /proc/pid/timers (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - qede: validate non LSO skb length (git-fixes). - r8152: fix a WOL issue (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - rocker: fix a sleeping in atomic bug (git-fixes). - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). - scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - spi: amd: Limit max transfer and message size (git-fixes). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - tee: fix put order in teedev_close_context() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - tun: fix bonding active backup with arp monitoring (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: serial: ftdi_sio: add Belimo device ids (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - veth: Do not record rx queue hint in veth_xmit (git-fixes). - veth: ensure skb entering GRO are not cloned (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1190497). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2803=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2803=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2803=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2803=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2803=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2803=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2803=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.18.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.18.1 dlm-kmp-default-5.14.21-150400.24.18.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.18.1 gfs2-kmp-default-5.14.21-150400.24.18.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-5.14.21-150400.24.18.1 kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4 kernel-default-base-rebuild-5.14.21-150400.24.18.1.150400.24.5.4 kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 kernel-default-devel-5.14.21-150400.24.18.1 kernel-default-devel-debuginfo-5.14.21-150400.24.18.1 kernel-default-extra-5.14.21-150400.24.18.1 kernel-default-extra-debuginfo-5.14.21-150400.24.18.1 kernel-default-livepatch-5.14.21-150400.24.18.1 kernel-default-livepatch-devel-5.14.21-150400.24.18.1 kernel-default-optional-5.14.21-150400.24.18.1 kernel-default-optional-debuginfo-5.14.21-150400.24.18.1 kernel-obs-build-5.14.21-150400.24.18.1 kernel-obs-build-debugsource-5.14.21-150400.24.18.1 kernel-obs-qa-5.14.21-150400.24.18.1 kernel-syms-5.14.21-150400.24.18.1 kselftests-kmp-default-5.14.21-150400.24.18.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.18.1 ocfs2-kmp-default-5.14.21-150400.24.18.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1 reiserfs-kmp-default-5.14.21-150400.24.18.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.18.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.18.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.18.1 kernel-kvmsmall-devel-5.14.21-150400.24.18.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.18.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.18.1 kernel-debug-debuginfo-5.14.21-150400.24.18.1 kernel-debug-debugsource-5.14.21-150400.24.18.1 kernel-debug-devel-5.14.21-150400.24.18.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.18.1 kernel-debug-livepatch-devel-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.18.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 dlm-kmp-64kb-5.14.21-150400.24.18.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 dtb-allwinner-5.14.21-150400.24.18.1 dtb-altera-5.14.21-150400.24.18.1 dtb-amazon-5.14.21-150400.24.18.1 dtb-amd-5.14.21-150400.24.18.1 dtb-amlogic-5.14.21-150400.24.18.1 dtb-apm-5.14.21-150400.24.18.1 dtb-apple-5.14.21-150400.24.18.1 dtb-arm-5.14.21-150400.24.18.1 dtb-broadcom-5.14.21-150400.24.18.1 dtb-cavium-5.14.21-150400.24.18.1 dtb-exynos-5.14.21-150400.24.18.1 dtb-freescale-5.14.21-150400.24.18.1 dtb-hisilicon-5.14.21-150400.24.18.1 dtb-lg-5.14.21-150400.24.18.1 dtb-marvell-5.14.21-150400.24.18.1 dtb-mediatek-5.14.21-150400.24.18.1 dtb-nvidia-5.14.21-150400.24.18.1 dtb-qcom-5.14.21-150400.24.18.1 dtb-renesas-5.14.21-150400.24.18.1 dtb-rockchip-5.14.21-150400.24.18.1 dtb-socionext-5.14.21-150400.24.18.1 dtb-sprd-5.14.21-150400.24.18.1 dtb-xilinx-5.14.21-150400.24.18.1 gfs2-kmp-64kb-5.14.21-150400.24.18.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-5.14.21-150400.24.18.1 kernel-64kb-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-debugsource-5.14.21-150400.24.18.1 kernel-64kb-devel-5.14.21-150400.24.18.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-extra-5.14.21-150400.24.18.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.18.1 kernel-64kb-optional-5.14.21-150400.24.18.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.18.1 kselftests-kmp-64kb-5.14.21-150400.24.18.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 ocfs2-kmp-64kb-5.14.21-150400.24.18.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 reiserfs-kmp-64kb-5.14.21-150400.24.18.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.18.1 kernel-docs-5.14.21-150400.24.18.1 kernel-docs-html-5.14.21-150400.24.18.1 kernel-macros-5.14.21-150400.24.18.1 kernel-source-5.14.21-150400.24.18.1 kernel-source-vanilla-5.14.21-150400.24.18.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.18.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.18.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 kernel-default-extra-5.14.21-150400.24.18.1 kernel-default-extra-debuginfo-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 kernel-default-livepatch-5.14.21-150400.24.18.1 kernel-default-livepatch-devel-5.14.21-150400.24.18.1 kernel-livepatch-5_14_21-150400_24_18-default-1-150400.9.5.2 kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-1-150400.9.5.2 kernel-livepatch-SLE15-SP4_Update_2-debugsource-1-150400.9.5.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 reiserfs-kmp-default-5.14.21-150400.24.18.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.18.1 kernel-obs-build-debugsource-5.14.21-150400.24.18.1 kernel-syms-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.18.1 kernel-source-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.18.1 kernel-default-base-5.14.21-150400.24.18.1.150400.24.5.4 kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 kernel-default-devel-5.14.21-150400.24.18.1 kernel-default-devel-debuginfo-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.18.1 kernel-64kb-debuginfo-5.14.21-150400.24.18.1 kernel-64kb-debugsource-5.14.21-150400.24.18.1 kernel-64kb-devel-5.14.21-150400.24.18.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.18.1 kernel-macros-5.14.21-150400.24.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.18.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.18.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.18.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.18.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.18.1 dlm-kmp-default-5.14.21-150400.24.18.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.18.1 gfs2-kmp-default-5.14.21-150400.24.18.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debuginfo-5.14.21-150400.24.18.1 kernel-default-debugsource-5.14.21-150400.24.18.1 ocfs2-kmp-default-5.14.21-150400.24.18.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.18.1 References: https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2022-21505.html https://www.suse.com/security/cve/CVE-2022-2585.html https://www.suse.com/security/cve/CVE-2022-26373.html https://www.suse.com/security/cve/CVE-2022-29581.html https://bugzilla.suse.com/1190256 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1199291 https://bugzilla.suse.com/1199356 https://bugzilla.suse.com/1199665 https://bugzilla.suse.com/1201258 https://bugzilla.suse.com/1201323 https://bugzilla.suse.com/1201391 https://bugzilla.suse.com/1201458 https://bugzilla.suse.com/1201592 https://bugzilla.suse.com/1201593 https://bugzilla.suse.com/1201595 https://bugzilla.suse.com/1201596 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201651 https://bugzilla.suse.com/1201691 https://bugzilla.suse.com/1201705 https://bugzilla.suse.com/1201726 https://bugzilla.suse.com/1201846 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1202094 From sle-updates at lists.suse.com Fri Aug 12 19:19:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 21:19:01 +0200 (CEST) Subject: SUSE-SU-2022:2800-1: important: Security update for trousers Message-ID: <20220812191901.3598AFF0F@maintenance.suse.de> SUSE Security Update: Security update for trousers ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2800-1 Rating: important References: #1164472 Cross-References: CVE-2020-24330 CVSS scores: CVE-2020-24330 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-24330 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for trousers fixes the following issues: - CVE-2020-24330: Fixed a potential tss user to root privilege escalation issue (bsc#1164472). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2800=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libtspi1-0.3.13-3.3.1 libtspi1-32bit-0.3.13-3.3.1 libtspi1-debuginfo-0.3.13-3.3.1 libtspi1-debuginfo-32bit-0.3.13-3.3.1 trousers-0.3.13-3.3.1 trousers-debuginfo-0.3.13-3.3.1 trousers-debugsource-0.3.13-3.3.1 References: https://www.suse.com/security/cve/CVE-2020-24330.html https://bugzilla.suse.com/1164472 From sle-updates at lists.suse.com Fri Aug 12 19:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 12 Aug 2022 21:19:32 +0200 (CEST) Subject: SUSE-SU-2022:2801-1: moderate: Security update for cifs-utils Message-ID: <20220812191932.93375FF0F@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2801-1 Rating: moderate References: #1198976 Cross-References: CVE-2022-29869 CVSS scores: CVE-2022-29869 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-29869 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2801=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2801=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2801=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-150100.5.18.1 cifs-utils-debuginfo-6.9-150100.5.18.1 cifs-utils-debugsource-6.9-150100.5.18.1 cifs-utils-devel-6.9-150100.5.18.1 pam_cifscreds-6.9-150100.5.18.1 pam_cifscreds-debuginfo-6.9-150100.5.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-150100.5.18.1 cifs-utils-debuginfo-6.9-150100.5.18.1 cifs-utils-debugsource-6.9-150100.5.18.1 cifs-utils-devel-6.9-150100.5.18.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cifs-utils-6.9-150100.5.18.1 cifs-utils-debuginfo-6.9-150100.5.18.1 cifs-utils-debugsource-6.9-150100.5.18.1 References: https://www.suse.com/security/cve/CVE-2022-29869.html https://bugzilla.suse.com/1198976 From sle-updates at lists.suse.com Sat Aug 13 07:13:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 13 Aug 2022 09:13:10 +0200 (CEST) Subject: SUSE-CU-2022:1840-1: Security update of bci/bci-micro Message-ID: <20220813071310.B3D8AFF0D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1840-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.13.5 , bci/bci-micro:latest Container Release : 13.5 Severity : moderate Type : security References : 1198627 CVE-2022-29458 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). The following package changes have been done: - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated From sle-updates at lists.suse.com Mon Aug 15 10:15:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Aug 2022 12:15:21 +0200 (CEST) Subject: SUSE-RU-2022:2804-1: moderate: Recommended update for gvfs Message-ID: <20220815101521.1914AFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gvfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2804-1 Rating: moderate References: #1198718 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gvfs fixes the following issues: - Fixes inability to mount smb shares with samba 4.16 (bsc#1198718) - Fix build with meson 0.61 and newer - Package org.gtk.vfs.file-operations.rules polkit rules file as an example in docs Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2804=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2804=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gvfs-1.48.1-150400.4.3.1 gvfs-backend-afc-1.48.1-150400.4.3.1 gvfs-backend-afc-debuginfo-1.48.1-150400.4.3.1 gvfs-backend-samba-1.48.1-150400.4.3.1 gvfs-backend-samba-debuginfo-1.48.1-150400.4.3.1 gvfs-backends-1.48.1-150400.4.3.1 gvfs-backends-debuginfo-1.48.1-150400.4.3.1 gvfs-debuginfo-1.48.1-150400.4.3.1 gvfs-debugsource-1.48.1-150400.4.3.1 gvfs-devel-1.48.1-150400.4.3.1 gvfs-fuse-1.48.1-150400.4.3.1 gvfs-fuse-debuginfo-1.48.1-150400.4.3.1 - openSUSE Leap 15.4 (noarch): gvfs-lang-1.48.1-150400.4.3.1 - openSUSE Leap 15.4 (x86_64): gvfs-32bit-1.48.1-150400.4.3.1 gvfs-32bit-debuginfo-1.48.1-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gvfs-1.48.1-150400.4.3.1 gvfs-backend-afc-1.48.1-150400.4.3.1 gvfs-backend-afc-debuginfo-1.48.1-150400.4.3.1 gvfs-backend-samba-1.48.1-150400.4.3.1 gvfs-backend-samba-debuginfo-1.48.1-150400.4.3.1 gvfs-backends-1.48.1-150400.4.3.1 gvfs-backends-debuginfo-1.48.1-150400.4.3.1 gvfs-debuginfo-1.48.1-150400.4.3.1 gvfs-debugsource-1.48.1-150400.4.3.1 gvfs-devel-1.48.1-150400.4.3.1 gvfs-fuse-1.48.1-150400.4.3.1 gvfs-fuse-debuginfo-1.48.1-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): gvfs-lang-1.48.1-150400.4.3.1 References: https://bugzilla.suse.com/1198718 From sle-updates at lists.suse.com Mon Aug 15 10:14:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Aug 2022 12:14:51 +0200 (CEST) Subject: SUSE-RU-2022:2805-1: moderate: Recommended update for gvfs Message-ID: <20220815101451.27062FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for gvfs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2805-1 Rating: moderate References: #1198718 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gvfs fixes the following issues: - Fix inability to mount smb share with samba 4.16 (bsc#1198718) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2805=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2805=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gvfs-1.42.2-150200.6.3.1 gvfs-backend-afc-1.42.2-150200.6.3.1 gvfs-backend-afc-debuginfo-1.42.2-150200.6.3.1 gvfs-backend-samba-1.42.2-150200.6.3.1 gvfs-backend-samba-debuginfo-1.42.2-150200.6.3.1 gvfs-backends-1.42.2-150200.6.3.1 gvfs-backends-debuginfo-1.42.2-150200.6.3.1 gvfs-debuginfo-1.42.2-150200.6.3.1 gvfs-debugsource-1.42.2-150200.6.3.1 gvfs-devel-1.42.2-150200.6.3.1 gvfs-fuse-1.42.2-150200.6.3.1 gvfs-fuse-debuginfo-1.42.2-150200.6.3.1 - openSUSE Leap 15.3 (noarch): gvfs-lang-1.42.2-150200.6.3.1 - openSUSE Leap 15.3 (x86_64): gvfs-32bit-1.42.2-150200.6.3.1 gvfs-32bit-debuginfo-1.42.2-150200.6.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gvfs-1.42.2-150200.6.3.1 gvfs-backend-afc-1.42.2-150200.6.3.1 gvfs-backend-afc-debuginfo-1.42.2-150200.6.3.1 gvfs-backend-samba-1.42.2-150200.6.3.1 gvfs-backend-samba-debuginfo-1.42.2-150200.6.3.1 gvfs-backends-1.42.2-150200.6.3.1 gvfs-backends-debuginfo-1.42.2-150200.6.3.1 gvfs-debuginfo-1.42.2-150200.6.3.1 gvfs-debugsource-1.42.2-150200.6.3.1 gvfs-devel-1.42.2-150200.6.3.1 gvfs-fuse-1.42.2-150200.6.3.1 gvfs-fuse-debuginfo-1.42.2-150200.6.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): gvfs-lang-1.42.2-150200.6.3.1 References: https://bugzilla.suse.com/1198718 From sle-updates at lists.suse.com Mon Aug 15 13:15:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Aug 2022 15:15:04 +0200 (CEST) Subject: SUSE-SU-2022:2806-1: important: Security update for open-iscsi Message-ID: <20220815131504.E1830FF0D@maintenance.suse.de> SUSE Security Update: Security update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2806-1 Rating: important References: #1179908 Cross-References: CVE-2020-13987 CVE-2020-13988 CVE-2020-17437 CVSS scores: CVE-2020-13987 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-13987 (SUSE): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2020-13988 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-13988 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-17437 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2020-17437 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for open-iscsi fixes the following issues: Fixed various vulnerabilities in the embedded TCP/IP stack (bsc#1179908): - CVE-2020-13987: Fixed an out of bounds memory access when calculating the checksums for IP packets. - CVE-2020-13988: Fixed an integer overflow when parsing TCP MSS options of IPv4 network packets. - CVE-2020-17437: Fixed an out of bounds memory access when the TCP urgent flag is set. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2806=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): iscsiuio-0.7.8.2-53.34.1 iscsiuio-debuginfo-0.7.8.2-53.34.1 libopeniscsiusr0_2_0-2.0.876-53.34.1 libopeniscsiusr0_2_0-debuginfo-2.0.876-53.34.1 open-iscsi-2.0.876-53.34.1 open-iscsi-debuginfo-2.0.876-53.34.1 open-iscsi-debugsource-2.0.876-53.34.1 References: https://www.suse.com/security/cve/CVE-2020-13987.html https://www.suse.com/security/cve/CVE-2020-13988.html https://www.suse.com/security/cve/CVE-2020-17437.html https://bugzilla.suse.com/1179908 From sle-updates at lists.suse.com Mon Aug 15 19:15:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 15 Aug 2022 21:15:25 +0200 (CEST) Subject: SUSE-SU-2022:2808-1: important: Security update for the Linux Kernel Message-ID: <20220815191525.35E51FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2808-1 Rating: important References: #1195775 #1195926 #1198484 #1198829 #1200442 #1201050 #1201635 #1201636 #1201926 #1201930 Cross-References: CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVSS scores: CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves four vulnerabilities and has 6 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kernel-binary.spec: Support radio selection for debuginfo. To disable debuginfo on 5.18 kernel a radio selection needs to be switched to a different selection. This requires disabling the currently active option and selecting NONE as debuginfo type. - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2808=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2808=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2808=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2808=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-2808=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2808=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.105.1 kernel-macros-4.12.14-95.105.1 kernel-source-4.12.14-95.105.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.105.1 kernel-default-base-4.12.14-95.105.1 kernel-default-base-debuginfo-4.12.14-95.105.1 kernel-default-debuginfo-4.12.14-95.105.1 kernel-default-debugsource-4.12.14-95.105.1 kernel-default-devel-4.12.14-95.105.1 kernel-default-devel-debuginfo-4.12.14-95.105.1 kernel-syms-4.12.14-95.105.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.105.1 kernel-default-base-4.12.14-95.105.1 kernel-default-base-debuginfo-4.12.14-95.105.1 kernel-default-debuginfo-4.12.14-95.105.1 kernel-default-debugsource-4.12.14-95.105.1 kernel-default-devel-4.12.14-95.105.1 kernel-default-devel-debuginfo-4.12.14-95.105.1 kernel-syms-4.12.14-95.105.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.105.1 kernel-macros-4.12.14-95.105.1 kernel-source-4.12.14-95.105.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.105.1 kernel-default-base-4.12.14-95.105.1 kernel-default-base-debuginfo-4.12.14-95.105.1 kernel-default-debuginfo-4.12.14-95.105.1 kernel-default-debugsource-4.12.14-95.105.1 kernel-default-devel-4.12.14-95.105.1 kernel-syms-4.12.14-95.105.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.105.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.105.1 kernel-macros-4.12.14-95.105.1 kernel-source-4.12.14-95.105.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.105.1 kernel-default-base-4.12.14-95.105.1 kernel-default-base-debuginfo-4.12.14-95.105.1 kernel-default-debuginfo-4.12.14-95.105.1 kernel-default-debugsource-4.12.14-95.105.1 kernel-default-devel-4.12.14-95.105.1 kernel-syms-4.12.14-95.105.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.105.1 kernel-macros-4.12.14-95.105.1 kernel-source-4.12.14-95.105.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.105.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.105.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.105.1 kernel-default-kgraft-devel-4.12.14-95.105.1 kgraft-patch-4_12_14-95_105-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.105.1 cluster-md-kmp-default-debuginfo-4.12.14-95.105.1 dlm-kmp-default-4.12.14-95.105.1 dlm-kmp-default-debuginfo-4.12.14-95.105.1 gfs2-kmp-default-4.12.14-95.105.1 gfs2-kmp-default-debuginfo-4.12.14-95.105.1 kernel-default-debuginfo-4.12.14-95.105.1 kernel-default-debugsource-4.12.14-95.105.1 ocfs2-kmp-default-4.12.14-95.105.1 ocfs2-kmp-default-debuginfo-4.12.14-95.105.1 References: https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2022-1462.html https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1198484 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201926 https://bugzilla.suse.com/1201930 From sle-updates at lists.suse.com Mon Aug 15 22:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 00:16:32 +0200 (CEST) Subject: SUSE-SU-2022:2809-1: important: Security update for the Linux Kernel Message-ID: <20220815221632.F4118FF0D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2809-1 Rating: important References: #1114648 #1194013 #1195478 #1195775 #1196472 #1196901 #1197362 #1198829 #1199487 #1199489 #1199647 #1199648 #1199657 #1200263 #1200442 #1200571 #1200599 #1200604 #1200605 #1200608 #1200619 #1200692 #1200762 #1200905 #1200910 #1201050 #1201080 #1201251 #1201429 #1201458 #1201635 #1201636 #1201644 #1201664 #1201672 #1201673 #1201676 #1201742 #1201752 #1201930 #1201940 Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-26341 CVE-2021-33655 CVE-2021-33656 CVE-2021-4157 CVE-2022-1116 CVE-2022-1462 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-29900 CVE-2022-29901 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33981 CVE-2022-36946 CVSS scores: CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2022-20141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20141 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 22 vulnerabilities and has 19 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2021-33655: Fixed memory out of bounds write by ioctl cmd FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem. This flaw allowed a local user to crash the system or read unauthorized random data from memory. (bnc#1198829) - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-21505: Fixed kexec lockdown bypass with ima policy (bsc#1201458). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - dma-mapping: add a dma_ops_bypass flag to struct device (bsc#1196472 ltc#192278). - dma-mapping: move the remaining DMA API calls out of line (bsc#1196472 ltc#192278). - dma: kABI: Add back removed exports (bsc#1196472 ltc#192278). - exec: Force single empty string when argv is empty (bsc#1200571). - fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478 bsc#1200905). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). - powerpc/pseries/iommu: Create defines for operations in ibm, ddw-applicable (bsc#1196472 ltc#192278). - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - powerpc/pseries/iommu: Update call to ibm, query-pe-dma-windows (bsc#1196472 ltc#192278). - powerpc: dma: kABI workaround for moving around dma_bypass bit (bsc#1196472 ltc#192278). - powerpc: use the generic dma_ops_bypass mode (bsc#1196472 ltc#192278). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - x86/bugs: Remove apostrophe typo (bsc#1114648). - x86/entry: Remove skip_r11rcx (bsc#1201644). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2809=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2809=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2809=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2809=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2809=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2809=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2809=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2809=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2809=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2809=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2809=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.126.1 kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-devel-5.3.18-150200.24.126.1 kernel-default-devel-debuginfo-5.3.18-150200.24.126.1 kernel-obs-build-5.3.18-150200.24.126.1 kernel-obs-build-debugsource-5.3.18-150200.24.126.1 kernel-syms-5.3.18-150200.24.126.1 reiserfs-kmp-default-5.3.18-150200.24.126.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.126.1 - SUSE Manager Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.126.1 kernel-docs-5.3.18-150200.24.126.1 kernel-macros-5.3.18-150200.24.126.1 kernel-source-5.3.18-150200.24.126.1 - SUSE Manager Server 4.1 (x86_64): kernel-preempt-5.3.18-150200.24.126.1 kernel-preempt-debuginfo-5.3.18-150200.24.126.1 kernel-preempt-debugsource-5.3.18-150200.24.126.1 kernel-preempt-devel-5.3.18-150200.24.126.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kernel-default-5.3.18-150200.24.126.1 kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-devel-5.3.18-150200.24.126.1 kernel-default-devel-debuginfo-5.3.18-150200.24.126.1 kernel-obs-build-5.3.18-150200.24.126.1 kernel-obs-build-debugsource-5.3.18-150200.24.126.1 kernel-preempt-5.3.18-150200.24.126.1 kernel-preempt-debuginfo-5.3.18-150200.24.126.1 kernel-preempt-debugsource-5.3.18-150200.24.126.1 kernel-preempt-devel-5.3.18-150200.24.126.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1 kernel-syms-5.3.18-150200.24.126.1 reiserfs-kmp-default-5.3.18-150200.24.126.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.126.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.126.1 kernel-docs-5.3.18-150200.24.126.1 kernel-macros-5.3.18-150200.24.126.1 kernel-source-5.3.18-150200.24.126.1 - SUSE Manager Proxy 4.1 (noarch): kernel-devel-5.3.18-150200.24.126.1 kernel-docs-5.3.18-150200.24.126.1 kernel-macros-5.3.18-150200.24.126.1 kernel-source-5.3.18-150200.24.126.1 - SUSE Manager Proxy 4.1 (x86_64): kernel-default-5.3.18-150200.24.126.1 kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-devel-5.3.18-150200.24.126.1 kernel-default-devel-debuginfo-5.3.18-150200.24.126.1 kernel-obs-build-5.3.18-150200.24.126.1 kernel-obs-build-debugsource-5.3.18-150200.24.126.1 kernel-preempt-5.3.18-150200.24.126.1 kernel-preempt-debuginfo-5.3.18-150200.24.126.1 kernel-preempt-debugsource-5.3.18-150200.24.126.1 kernel-preempt-devel-5.3.18-150200.24.126.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1 kernel-syms-5.3.18-150200.24.126.1 reiserfs-kmp-default-5.3.18-150200.24.126.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.126.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-150200.24.126.1 kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-devel-5.3.18-150200.24.126.1 kernel-default-devel-debuginfo-5.3.18-150200.24.126.1 kernel-obs-build-5.3.18-150200.24.126.1 kernel-obs-build-debugsource-5.3.18-150200.24.126.1 kernel-syms-5.3.18-150200.24.126.1 reiserfs-kmp-default-5.3.18-150200.24.126.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.126.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-150200.24.126.1 kernel-docs-5.3.18-150200.24.126.1 kernel-macros-5.3.18-150200.24.126.1 kernel-source-5.3.18-150200.24.126.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-150200.24.126.1 kernel-preempt-debuginfo-5.3.18-150200.24.126.1 kernel-preempt-debugsource-5.3.18-150200.24.126.1 kernel-preempt-devel-5.3.18-150200.24.126.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.126.1 kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-devel-5.3.18-150200.24.126.1 kernel-default-devel-debuginfo-5.3.18-150200.24.126.1 kernel-obs-build-5.3.18-150200.24.126.1 kernel-obs-build-debugsource-5.3.18-150200.24.126.1 kernel-syms-5.3.18-150200.24.126.1 reiserfs-kmp-default-5.3.18-150200.24.126.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.126.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150200.24.126.1 kernel-preempt-debuginfo-5.3.18-150200.24.126.1 kernel-preempt-debugsource-5.3.18-150200.24.126.1 kernel-preempt-devel-5.3.18-150200.24.126.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.126.1 kernel-docs-5.3.18-150200.24.126.1 kernel-macros-5.3.18-150200.24.126.1 kernel-source-5.3.18-150200.24.126.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-devel-5.3.18-150200.24.126.1 kernel-docs-5.3.18-150200.24.126.1 kernel-macros-5.3.18-150200.24.126.1 kernel-source-5.3.18-150200.24.126.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kernel-default-5.3.18-150200.24.126.1 kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-devel-5.3.18-150200.24.126.1 kernel-default-devel-debuginfo-5.3.18-150200.24.126.1 kernel-obs-build-5.3.18-150200.24.126.1 kernel-obs-build-debugsource-5.3.18-150200.24.126.1 kernel-preempt-5.3.18-150200.24.126.1 kernel-preempt-debuginfo-5.3.18-150200.24.126.1 kernel-preempt-debugsource-5.3.18-150200.24.126.1 kernel-preempt-devel-5.3.18-150200.24.126.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1 kernel-syms-5.3.18-150200.24.126.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-livepatch-5.3.18-150200.24.126.1 kernel-default-livepatch-devel-5.3.18-150200.24.126.1 kernel-livepatch-5_3_18-150200_24_126-default-1-150200.5.5.1 kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-1-150200.5.5.1 kernel-livepatch-SLE15-SP2_Update_29-debugsource-1-150200.5.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-150200.24.126.1 kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-devel-5.3.18-150200.24.126.1 kernel-default-devel-debuginfo-5.3.18-150200.24.126.1 kernel-obs-build-5.3.18-150200.24.126.1 kernel-obs-build-debugsource-5.3.18-150200.24.126.1 kernel-preempt-5.3.18-150200.24.126.1 kernel-preempt-debuginfo-5.3.18-150200.24.126.1 kernel-preempt-debugsource-5.3.18-150200.24.126.1 kernel-preempt-devel-5.3.18-150200.24.126.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1 kernel-syms-5.3.18-150200.24.126.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.126.1 kernel-docs-5.3.18-150200.24.126.1 kernel-macros-5.3.18-150200.24.126.1 kernel-source-5.3.18-150200.24.126.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150200.24.126.1 kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-devel-5.3.18-150200.24.126.1 kernel-default-devel-debuginfo-5.3.18-150200.24.126.1 kernel-obs-build-5.3.18-150200.24.126.1 kernel-obs-build-debugsource-5.3.18-150200.24.126.1 kernel-preempt-5.3.18-150200.24.126.1 kernel-preempt-debuginfo-5.3.18-150200.24.126.1 kernel-preempt-debugsource-5.3.18-150200.24.126.1 kernel-preempt-devel-5.3.18-150200.24.126.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1 kernel-syms-5.3.18-150200.24.126.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-devel-5.3.18-150200.24.126.1 kernel-docs-5.3.18-150200.24.126.1 kernel-macros-5.3.18-150200.24.126.1 kernel-source-5.3.18-150200.24.126.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150200.24.126.1 cluster-md-kmp-default-debuginfo-5.3.18-150200.24.126.1 dlm-kmp-default-5.3.18-150200.24.126.1 dlm-kmp-default-debuginfo-5.3.18-150200.24.126.1 gfs2-kmp-default-5.3.18-150200.24.126.1 gfs2-kmp-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 ocfs2-kmp-default-5.3.18-150200.24.126.1 ocfs2-kmp-default-debuginfo-5.3.18-150200.24.126.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-150200.24.126.1 kernel-default-base-5.3.18-150200.24.126.1.150200.9.59.2 kernel-default-debuginfo-5.3.18-150200.24.126.1 kernel-default-debugsource-5.3.18-150200.24.126.1 kernel-default-devel-5.3.18-150200.24.126.1 kernel-default-devel-debuginfo-5.3.18-150200.24.126.1 kernel-obs-build-5.3.18-150200.24.126.1 kernel-obs-build-debugsource-5.3.18-150200.24.126.1 kernel-preempt-5.3.18-150200.24.126.1 kernel-preempt-debuginfo-5.3.18-150200.24.126.1 kernel-preempt-debugsource-5.3.18-150200.24.126.1 kernel-preempt-devel-5.3.18-150200.24.126.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.126.1 kernel-syms-5.3.18-150200.24.126.1 reiserfs-kmp-default-5.3.18-150200.24.126.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.126.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-150200.24.126.1 kernel-docs-5.3.18-150200.24.126.1 kernel-macros-5.3.18-150200.24.126.1 kernel-source-5.3.18-150200.24.126.1 References: https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-26341.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2021-4157.html https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-20132.html https://www.suse.com/security/cve/CVE-2022-20141.html https://www.suse.com/security/cve/CVE-2022-20154.html https://www.suse.com/security/cve/CVE-2022-21505.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1194013 https://bugzilla.suse.com/1195478 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1196472 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1197362 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1199487 https://bugzilla.suse.com/1199489 https://bugzilla.suse.com/1199647 https://bugzilla.suse.com/1199648 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200263 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200571 https://bugzilla.suse.com/1200599 https://bugzilla.suse.com/1200604 https://bugzilla.suse.com/1200605 https://bugzilla.suse.com/1200608 https://bugzilla.suse.com/1200619 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200905 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201050 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201251 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201458 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201664 https://bugzilla.suse.com/1201672 https://bugzilla.suse.com/1201673 https://bugzilla.suse.com/1201676 https://bugzilla.suse.com/1201742 https://bugzilla.suse.com/1201752 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 From sle-updates at lists.suse.com Tue Aug 16 10:16:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 12:16:07 +0200 (CEST) Subject: SUSE-RU-2022:2810-1: moderate: Recommended update for python-kiwi Message-ID: <20220816101607.AFCB2FF0D@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2810-1 Rating: moderate References: #1194992 #1197616 #1197783 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python-kiwi fixes the following issues: - Preserve the LABEL= setting when the grub config file is re-generated. (bsc#1197616) - Add ensure empty tmpdirs option for OCI containers. (bsc#1197783) - Set /.snapshots subvolume to mode 0700 (bsc#1194992) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2810=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2810=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2810=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2810=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2810=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2810=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.36-150100.3.53.2 dracut-kiwi-live-9.24.36-150100.3.53.2 dracut-kiwi-oem-dump-9.24.36-150100.3.53.2 dracut-kiwi-oem-repart-9.24.36-150100.3.53.2 dracut-kiwi-overlay-9.24.36-150100.3.53.2 kiwi-man-pages-9.24.36-150100.3.53.2 kiwi-systemdeps-9.24.36-150100.3.53.2 kiwi-systemdeps-bootloaders-9.24.36-150100.3.53.2 kiwi-systemdeps-containers-9.24.36-150100.3.53.2 kiwi-systemdeps-core-9.24.36-150100.3.53.2 kiwi-systemdeps-disk-images-9.24.36-150100.3.53.2 kiwi-systemdeps-filesystems-9.24.36-150100.3.53.2 kiwi-systemdeps-image-validation-9.24.36-150100.3.53.2 kiwi-systemdeps-iso-media-9.24.36-150100.3.53.2 kiwi-tools-9.24.36-150100.3.53.2 kiwi-tools-debuginfo-9.24.36-150100.3.53.2 python-kiwi-debugsource-9.24.36-150100.3.53.2 python3-kiwi-9.24.36-150100.3.53.2 - openSUSE Leap 15.4 (x86_64): kiwi-pxeboot-9.24.36-150100.3.53.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.36-150100.3.53.2 dracut-kiwi-live-9.24.36-150100.3.53.2 dracut-kiwi-oem-dump-9.24.36-150100.3.53.2 dracut-kiwi-oem-repart-9.24.36-150100.3.53.2 dracut-kiwi-overlay-9.24.36-150100.3.53.2 kiwi-man-pages-9.24.36-150100.3.53.2 kiwi-systemdeps-9.24.36-150100.3.53.2 kiwi-systemdeps-bootloaders-9.24.36-150100.3.53.2 kiwi-systemdeps-containers-9.24.36-150100.3.53.2 kiwi-systemdeps-core-9.24.36-150100.3.53.2 kiwi-systemdeps-disk-images-9.24.36-150100.3.53.2 kiwi-systemdeps-filesystems-9.24.36-150100.3.53.2 kiwi-systemdeps-image-validation-9.24.36-150100.3.53.2 kiwi-systemdeps-iso-media-9.24.36-150100.3.53.2 kiwi-tools-9.24.36-150100.3.53.2 kiwi-tools-debuginfo-9.24.36-150100.3.53.2 python-kiwi-debugsource-9.24.36-150100.3.53.2 python3-kiwi-9.24.36-150100.3.53.2 - openSUSE Leap 15.3 (x86_64): kiwi-pxeboot-9.24.36-150100.3.53.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.36-150100.3.53.2 dracut-kiwi-live-9.24.36-150100.3.53.2 dracut-kiwi-oem-dump-9.24.36-150100.3.53.2 dracut-kiwi-oem-repart-9.24.36-150100.3.53.2 dracut-kiwi-overlay-9.24.36-150100.3.53.2 kiwi-man-pages-9.24.36-150100.3.53.2 kiwi-systemdeps-9.24.36-150100.3.53.2 kiwi-systemdeps-bootloaders-9.24.36-150100.3.53.2 kiwi-systemdeps-containers-9.24.36-150100.3.53.2 kiwi-systemdeps-core-9.24.36-150100.3.53.2 kiwi-systemdeps-disk-images-9.24.36-150100.3.53.2 kiwi-systemdeps-filesystems-9.24.36-150100.3.53.2 kiwi-systemdeps-image-validation-9.24.36-150100.3.53.2 kiwi-systemdeps-iso-media-9.24.36-150100.3.53.2 kiwi-tools-9.24.36-150100.3.53.2 kiwi-tools-debuginfo-9.24.36-150100.3.53.2 python-kiwi-debugsource-9.24.36-150100.3.53.2 python3-kiwi-9.24.36-150100.3.53.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): kiwi-pxeboot-9.24.36-150100.3.53.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.36-150100.3.53.2 dracut-kiwi-live-9.24.36-150100.3.53.2 dracut-kiwi-oem-dump-9.24.36-150100.3.53.2 dracut-kiwi-oem-repart-9.24.36-150100.3.53.2 dracut-kiwi-overlay-9.24.36-150100.3.53.2 kiwi-man-pages-9.24.36-150100.3.53.2 kiwi-systemdeps-9.24.36-150100.3.53.2 kiwi-systemdeps-bootloaders-9.24.36-150100.3.53.2 kiwi-systemdeps-containers-9.24.36-150100.3.53.2 kiwi-systemdeps-core-9.24.36-150100.3.53.2 kiwi-systemdeps-disk-images-9.24.36-150100.3.53.2 kiwi-systemdeps-filesystems-9.24.36-150100.3.53.2 kiwi-systemdeps-image-validation-9.24.36-150100.3.53.2 kiwi-systemdeps-iso-media-9.24.36-150100.3.53.2 kiwi-tools-9.24.36-150100.3.53.2 kiwi-tools-debuginfo-9.24.36-150100.3.53.2 python-kiwi-debugsource-9.24.36-150100.3.53.2 python3-kiwi-9.24.36-150100.3.53.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): kiwi-pxeboot-9.24.36-150100.3.53.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dracut-kiwi-lib-9.24.36-150100.3.53.2 dracut-kiwi-oem-dump-9.24.36-150100.3.53.2 dracut-kiwi-oem-repart-9.24.36-150100.3.53.2 python-kiwi-debugsource-9.24.36-150100.3.53.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dracut-kiwi-lib-9.24.36-150100.3.53.2 dracut-kiwi-oem-repart-9.24.36-150100.3.53.2 python-kiwi-debugsource-9.24.36-150100.3.53.2 References: https://bugzilla.suse.com/1194992 https://bugzilla.suse.com/1197616 https://bugzilla.suse.com/1197783 From sle-updates at lists.suse.com Tue Aug 16 13:16:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 15:16:28 +0200 (CEST) Subject: SUSE-SU-2022:2811-1: important: Security update for python-Twisted Message-ID: <20220816131628.EDBF7FF0F@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2811-1 Rating: important References: #1166457 #1166458 Cross-References: CVE-2020-10108 CVE-2020-10109 CVSS scores: CVE-2020-10108 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-10108 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2020-10109 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-10109 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2020-10108: Fixed an HTTP request smuggling issue (bsc#1166457). - CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2811=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2811=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2811=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-2811=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-2811=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-2811=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE OpenStack Cloud 9 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE OpenStack Cloud 8 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 - HPE Helion Openstack 8 (x86_64): python-Twisted-15.2.1-9.20.1 python-Twisted-debuginfo-15.2.1-9.20.1 python-Twisted-debugsource-15.2.1-9.20.1 References: https://www.suse.com/security/cve/CVE-2020-10108.html https://www.suse.com/security/cve/CVE-2020-10109.html https://bugzilla.suse.com/1166457 https://bugzilla.suse.com/1166458 From sle-updates at lists.suse.com Tue Aug 16 13:17:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 15:17:36 +0200 (CEST) Subject: SUSE-RU-2022:2812-1: moderate: Recommended update for resource-agents Message-ID: <20220816131736.48F96FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2812-1 Rating: moderate References: #1199766 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for resource-agents fixes the following issues: - RA aws-vpc-move-ip is lacking the possibility to assign a label to an interface (bsc#1199766) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-2812=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-2812=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.95.2 resource-agents-4.3.018.a7fb5035-3.95.2 resource-agents-debuginfo-4.3.018.a7fb5035-3.95.2 resource-agents-debugsource-4.3.018.a7fb5035-3.95.2 - SUSE Linux Enterprise High Availability 12-SP5 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.95.2 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ldirectord-4.3.018.a7fb5035-3.95.2 resource-agents-4.3.018.a7fb5035-3.95.2 resource-agents-debuginfo-4.3.018.a7fb5035-3.95.2 resource-agents-debugsource-4.3.018.a7fb5035-3.95.2 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): monitoring-plugins-metadata-4.3.018.a7fb5035-3.95.2 References: https://bugzilla.suse.com/1199766 From sle-updates at lists.suse.com Tue Aug 16 13:19:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 15:19:13 +0200 (CEST) Subject: SUSE-RU-2022:2816-1: important: Recommended update for s390-tools Message-ID: <20220816131913.436B1FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2816-1 Rating: important References: #1201412 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Increase update delay on first iteration. (bsc#1201412) * This change is needed because the initial iteration of `hyptop` can produce bloated values independent from the update delay set by the user. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2816=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2816=1 Package List: - openSUSE Leap 15.4 (s390x): libekmfweb1-2.19.0-150400.7.7.1 libekmfweb1-debuginfo-2.19.0-150400.7.7.1 libekmfweb1-devel-2.19.0-150400.7.7.1 libkmipclient1-2.19.0-150400.7.7.1 libkmipclient1-debuginfo-2.19.0-150400.7.7.1 libkmipclient1-devel-2.19.0-150400.7.7.1 osasnmpd-2.19.0-150400.7.7.1 osasnmpd-debuginfo-2.19.0-150400.7.7.1 s390-tools-2.19.0-150400.7.7.1 s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.7.1 s390-tools-debuginfo-2.19.0-150400.7.7.1 s390-tools-debugsource-2.19.0-150400.7.7.1 s390-tools-hmcdrvfs-2.19.0-150400.7.7.1 s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.7.1 s390-tools-zdsfs-2.19.0-150400.7.7.1 s390-tools-zdsfs-debuginfo-2.19.0-150400.7.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): libekmfweb1-2.19.0-150400.7.7.1 libekmfweb1-debuginfo-2.19.0-150400.7.7.1 libekmfweb1-devel-2.19.0-150400.7.7.1 libkmipclient1-2.19.0-150400.7.7.1 libkmipclient1-debuginfo-2.19.0-150400.7.7.1 osasnmpd-2.19.0-150400.7.7.1 osasnmpd-debuginfo-2.19.0-150400.7.7.1 s390-tools-2.19.0-150400.7.7.1 s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.7.1 s390-tools-debuginfo-2.19.0-150400.7.7.1 s390-tools-debugsource-2.19.0-150400.7.7.1 s390-tools-hmcdrvfs-2.19.0-150400.7.7.1 s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.7.1 s390-tools-zdsfs-2.19.0-150400.7.7.1 s390-tools-zdsfs-debuginfo-2.19.0-150400.7.7.1 References: https://bugzilla.suse.com/1201412 From sle-updates at lists.suse.com Tue Aug 16 13:19:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 15:19:46 +0200 (CEST) Subject: SUSE-RU-2022:2814-1: important: Recommended update for s390-tools Message-ID: <20220816131946.4FFF6FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2814-1 Rating: important References: #1201415 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Increase update delay on first iteration. (bsc#1201415) * This change is needed because the initial iteration of `hyptop` can produce bloated values independent from the update delay set by the user. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2814=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2814=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2814=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2814=1 Package List: - openSUSE Leap 15.3 (s390x): libekmfweb1-2.15.1-150300.8.27.1 libekmfweb1-debuginfo-2.15.1-150300.8.27.1 libekmfweb1-devel-2.15.1-150300.8.27.1 osasnmpd-2.15.1-150300.8.27.1 osasnmpd-debuginfo-2.15.1-150300.8.27.1 s390-tools-2.15.1-150300.8.27.1 s390-tools-debuginfo-2.15.1-150300.8.27.1 s390-tools-debugsource-2.15.1-150300.8.27.1 s390-tools-hmcdrvfs-2.15.1-150300.8.27.1 s390-tools-hmcdrvfs-debuginfo-2.15.1-150300.8.27.1 s390-tools-zdsfs-2.15.1-150300.8.27.1 s390-tools-zdsfs-debuginfo-2.15.1-150300.8.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): libekmfweb1-2.15.1-150300.8.27.1 libekmfweb1-debuginfo-2.15.1-150300.8.27.1 libekmfweb1-devel-2.15.1-150300.8.27.1 osasnmpd-2.15.1-150300.8.27.1 osasnmpd-debuginfo-2.15.1-150300.8.27.1 s390-tools-2.15.1-150300.8.27.1 s390-tools-debuginfo-2.15.1-150300.8.27.1 s390-tools-debugsource-2.15.1-150300.8.27.1 s390-tools-hmcdrvfs-2.15.1-150300.8.27.1 s390-tools-hmcdrvfs-debuginfo-2.15.1-150300.8.27.1 s390-tools-zdsfs-2.15.1-150300.8.27.1 s390-tools-zdsfs-debuginfo-2.15.1-150300.8.27.1 - SUSE Linux Enterprise Micro 5.2 (s390x): libekmfweb1-2.15.1-150300.8.27.1 libekmfweb1-debuginfo-2.15.1-150300.8.27.1 s390-tools-2.15.1-150300.8.27.1 s390-tools-debuginfo-2.15.1-150300.8.27.1 s390-tools-debugsource-2.15.1-150300.8.27.1 - SUSE Linux Enterprise Micro 5.1 (s390x): libekmfweb1-2.15.1-150300.8.27.1 libekmfweb1-debuginfo-2.15.1-150300.8.27.1 s390-tools-2.15.1-150300.8.27.1 s390-tools-debuginfo-2.15.1-150300.8.27.1 s390-tools-debugsource-2.15.1-150300.8.27.1 References: https://bugzilla.suse.com/1201415 From sle-updates at lists.suse.com Tue Aug 16 13:20:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 15:20:21 +0200 (CEST) Subject: SUSE-SU-2022:2813-1: important: Security update for curl Message-ID: <20220816132021.7B3F4FF0F@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2813-1 Rating: important References: #1199223 #1199224 #1200735 #1200737 Cross-References: CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 CVSS scores: CVE-2022-27781 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27781 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-27782 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-27782 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-32206 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-32206 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-32208 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-32208 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2813=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2813=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2813=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2813=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): curl-7.60.0-4.38.1 curl-debuginfo-7.60.0-4.38.1 curl-debugsource-7.60.0-4.38.1 libcurl4-32bit-7.60.0-4.38.1 libcurl4-7.60.0-4.38.1 libcurl4-debuginfo-32bit-7.60.0-4.38.1 libcurl4-debuginfo-7.60.0-4.38.1 - SUSE OpenStack Cloud 9 (x86_64): curl-7.60.0-4.38.1 curl-debuginfo-7.60.0-4.38.1 curl-debugsource-7.60.0-4.38.1 libcurl4-32bit-7.60.0-4.38.1 libcurl4-7.60.0-4.38.1 libcurl4-debuginfo-32bit-7.60.0-4.38.1 libcurl4-debuginfo-7.60.0-4.38.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): curl-7.60.0-4.38.1 curl-debuginfo-7.60.0-4.38.1 curl-debugsource-7.60.0-4.38.1 libcurl4-7.60.0-4.38.1 libcurl4-debuginfo-7.60.0-4.38.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libcurl4-32bit-7.60.0-4.38.1 libcurl4-debuginfo-32bit-7.60.0-4.38.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-4.38.1 curl-debuginfo-7.60.0-4.38.1 curl-debugsource-7.60.0-4.38.1 libcurl4-7.60.0-4.38.1 libcurl4-debuginfo-7.60.0-4.38.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libcurl4-32bit-7.60.0-4.38.1 libcurl4-debuginfo-32bit-7.60.0-4.38.1 References: https://www.suse.com/security/cve/CVE-2022-27781.html https://www.suse.com/security/cve/CVE-2022-27782.html https://www.suse.com/security/cve/CVE-2022-32206.html https://www.suse.com/security/cve/CVE-2022-32208.html https://bugzilla.suse.com/1199223 https://bugzilla.suse.com/1199224 https://bugzilla.suse.com/1200735 https://bugzilla.suse.com/1200737 From sle-updates at lists.suse.com Tue Aug 16 13:22:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 15:22:19 +0200 (CEST) Subject: SUSE-RU-2022:2815-1: important: Recommended update for s390-tools Message-ID: <20220816132219.5C6D2FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2815-1 Rating: important References: #1201416 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Increase update delay on first iteration. (bsc#1201416) * This change is needed because the initial iteration of `hyptop` can produce bloated values independent from the update delay set by the user. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2815=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (s390x): osasnmpd-2.1.0-18.44.1 osasnmpd-debuginfo-2.1.0-18.44.1 s390-tools-2.1.0-18.44.1 s390-tools-debuginfo-2.1.0-18.44.1 s390-tools-debugsource-2.1.0-18.44.1 s390-tools-hmcdrvfs-2.1.0-18.44.1 s390-tools-hmcdrvfs-debuginfo-2.1.0-18.44.1 s390-tools-zdsfs-2.1.0-18.44.1 s390-tools-zdsfs-debuginfo-2.1.0-18.44.1 References: https://bugzilla.suse.com/1201416 From sle-updates at lists.suse.com Tue Aug 16 13:22:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 15:22:51 +0200 (CEST) Subject: SUSE-SU-2022:2817-1: important: Security update for ceph Message-ID: <20220816132251.036F1FF0F@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2817-1 Rating: important References: #1194131 #1194875 #1195359 #1196044 #1196733 #1196785 #1200064 #1200553 SES-2515 Cross-References: CVE-2021-3979 CVSS scores: CVE-2021-3979 (SUSE): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 7 fixes is now available. Description: This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10 - Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths - Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit - Update to 16.2.7-969-g6195a460d89 + (jsc#SES-2515) High-availability NFS export - Update to v16.2.7-654-gd5a90ff46f0 + (bsc#1196733) remove build directory during %clean - Update to v16.2.7-652-gf5dc462fdb5 + (bsc#1194875) [SES7P] include/buffer: include memory Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-2817=1 Package List: - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ceph-base-16.2.9.536+g41a9f9a5573-150300.3.3.1 ceph-base-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 ceph-common-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.3.3.1 libcephfs2-16.2.9.536+g41a9f9a5573-150300.3.3.1 libcephfs2-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 librados2-16.2.9.536+g41a9f9a5573-150300.3.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.3.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 librgw2-16.2.9.536+g41a9f9a5573-150300.3.3.1 librgw2-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-cephfs-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-cephfs-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-rados-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-rados-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-rbd-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-rbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-rgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 python3-rgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 rbd-nbd-16.2.9.536+g41a9f9a5573-150300.3.3.1 rbd-nbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.3.3.1 - SUSE Enterprise Storage 7.1 (noarch): cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3979.html https://bugzilla.suse.com/1194131 https://bugzilla.suse.com/1194875 https://bugzilla.suse.com/1195359 https://bugzilla.suse.com/1196044 https://bugzilla.suse.com/1196733 https://bugzilla.suse.com/1196785 https://bugzilla.suse.com/1200064 https://bugzilla.suse.com/1200553 From sle-updates at lists.suse.com Tue Aug 16 16:18:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 18:18:04 +0200 (CEST) Subject: SUSE-SU-2022:2818-1: important: Security update for ceph Message-ID: <20220816161804.55A9DFF0F@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2818-1 Rating: important References: #1194131 #1195359 #1196044 #1196785 #1200064 #1200553 SES-2515 Cross-References: CVE-2021-3979 CVSS scores: CVE-2021-3979 (SUSE): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 5 fixes is now available. Description: This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10 - Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths - Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit - Update to 16.2.7-969-g6195a460d89 + (jsc#SES-2515) High-availability NFS export Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2818=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2818=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ceph-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-base-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-base-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-common-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-common-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-debugsource-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-fuse-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-fuse-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-immutable-object-cache-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-immutable-object-cache-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mds-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mds-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mgr-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mgr-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mon-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mon-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-osd-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-osd-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-radosgw-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-radosgw-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 cephfs-mirror-16.2.9.536+g41a9f9a5573-150400.3.3.1 cephfs-mirror-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 cephfs-shell-16.2.9.536+g41a9f9a5573-150400.3.3.1 libcephfs-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 libcephfs2-16.2.9.536+g41a9f9a5573-150400.3.3.1 libcephfs2-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 libcephsqlite-16.2.9.536+g41a9f9a5573-150400.3.3.1 libcephsqlite-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 libcephsqlite-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 librados-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 librados-devel-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 librados2-16.2.9.536+g41a9f9a5573-150400.3.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 libradospp-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 librbd-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 librbd1-16.2.9.536+g41a9f9a5573-150400.3.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 librgw-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 librgw2-16.2.9.536+g41a9f9a5573-150400.3.3.1 librgw2-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-ceph-common-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-cephfs-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-cephfs-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rados-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rados-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rbd-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rbd-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rgw-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rgw-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 rados-objclass-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 rbd-fuse-16.2.9.536+g41a9f9a5573-150400.3.3.1 rbd-fuse-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 rbd-mirror-16.2.9.536+g41a9f9a5573-150400.3.3.1 rbd-mirror-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 rbd-nbd-16.2.9.536+g41a9f9a5573-150400.3.3.1 rbd-nbd-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): ceph-test-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-test-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-test-debugsource-16.2.9.536+g41a9f9a5573-150400.3.3.1 - openSUSE Leap 15.4 (noarch): ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mgr-diskprediction-local-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mgr-k8sevents-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150400.3.3.1 cephadm-16.2.9.536+g41a9f9a5573-150400.3.3.1 cephfs-top-16.2.9.536+g41a9f9a5573-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): ceph-common-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-common-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 ceph-debugsource-16.2.9.536+g41a9f9a5573-150400.3.3.1 libcephfs-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 libcephfs2-16.2.9.536+g41a9f9a5573-150400.3.3.1 libcephfs2-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 librados-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 librados-devel-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 librados2-16.2.9.536+g41a9f9a5573-150400.3.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 libradospp-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 librbd-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 librbd1-16.2.9.536+g41a9f9a5573-150400.3.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 librgw-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 librgw2-16.2.9.536+g41a9f9a5573-150400.3.3.1 librgw2-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-ceph-common-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-cephfs-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-cephfs-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rados-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rados-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rbd-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rbd-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rgw-16.2.9.536+g41a9f9a5573-150400.3.3.1 python3-rgw-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 rados-objclass-devel-16.2.9.536+g41a9f9a5573-150400.3.3.1 rbd-nbd-16.2.9.536+g41a9f9a5573-150400.3.3.1 rbd-nbd-debuginfo-16.2.9.536+g41a9f9a5573-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3979.html https://bugzilla.suse.com/1194131 https://bugzilla.suse.com/1195359 https://bugzilla.suse.com/1196044 https://bugzilla.suse.com/1196785 https://bugzilla.suse.com/1200064 https://bugzilla.suse.com/1200553 From sle-updates at lists.suse.com Tue Aug 16 16:19:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 18:19:05 +0200 (CEST) Subject: SUSE-SU-2022:2821-1: important: Security update for webkit2gtk3 Message-ID: <20220816161905.5E531FF0F@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2821-1 Rating: important References: #1201980 Cross-References: CVE-2022-32792 CVE-2022-32816 CVSS scores: CVE-2022-32792 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2022-32816 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2821=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2821=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2821=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2821=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2821=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2821=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2821=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2821=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2821=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2821=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.36.5-150000.3.109.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150000.3.109.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-2.36.5-150000.3.109.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150000.3.109.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2-4_0-2.36.5-150000.3.109.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-2.36.5-150000.3.109.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150000.3.109.1 webkit2gtk3-debugsource-2.36.5-150000.3.109.1 webkit2gtk3-devel-2.36.5-150000.3.109.1 References: https://www.suse.com/security/cve/CVE-2022-32792.html https://www.suse.com/security/cve/CVE-2022-32816.html https://bugzilla.suse.com/1201980 From sle-updates at lists.suse.com Tue Aug 16 16:19:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 18:19:46 +0200 (CEST) Subject: SUSE-SU-2022:2819-1: important: Security update for java-1_8_0-openjdk Message-ID: <20220816161946.2093AFF0F@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2819-1 Rating: important References: #1195163 #1201684 #1201692 #1201694 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-34169 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684). - Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2819=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2819=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2819=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2819=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2819=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2819=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2819=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.345-27.78.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-debugsource-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-27.78.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.345-27.78.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-debugsource-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-27.78.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.345-27.78.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-debugsource-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-27.78.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.345-27.78.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-debugsource-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-27.78.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.345-27.78.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-debugsource-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-27.78.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.345-27.78.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-debugsource-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-27.78.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.345-27.78.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-debugsource-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-1.8.0.345-27.78.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-1.8.0.345-27.78.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-1.8.0.345-27.78.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-27.78.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-34169.html https://bugzilla.suse.com/1195163 https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 From sle-updates at lists.suse.com Tue Aug 16 16:20:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 18:20:44 +0200 (CEST) Subject: SUSE-SU-2022:2822-1: important: Security update for python-Twisted Message-ID: <20220816162044.535ECFF0F@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2822-1 Rating: important References: #1166458 Cross-References: CVE-2020-10109 CVSS scores: CVE-2020-10109 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-10109 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2822=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2822=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2822=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2822=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2822=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2822=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2822=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2822=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2822=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2822=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2822=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2822=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2822=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.15.1 python-Twisted-debugsource-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.15.1 python-Twisted-debugsource-19.10.0-150200.3.15.1 python-Twisted-doc-19.10.0-150200.3.15.1 python2-Twisted-19.10.0-150200.3.15.1 python2-Twisted-debuginfo-19.10.0-150200.3.15.1 python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Manager Proxy 4.1 (x86_64): python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.15.1 python-Twisted-debugsource-19.10.0-150200.3.15.1 python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debugsource-19.10.0-150200.3.15.1 python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-Twisted-19.10.0-150200.3.15.1 python3-Twisted-debuginfo-19.10.0-150200.3.15.1 References: https://www.suse.com/security/cve/CVE-2020-10109.html https://bugzilla.suse.com/1166458 From sle-updates at lists.suse.com Tue Aug 16 16:21:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 18:21:33 +0200 (CEST) Subject: SUSE-SU-2022:2820-1: important: Security update for webkit2gtk3 Message-ID: <20220816162133.7EEB2FF0F@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2820-1 Rating: important References: #1201980 Cross-References: CVE-2022-32792 CVE-2022-32816 CVSS scores: CVE-2022-32792 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2022-32816 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2820=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2820=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2820=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2820=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2820=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2820=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2820=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2820=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2820=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2820=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2820=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2820=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2820=1 Package List: - openSUSE Leap 15.4 (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit-jsc-4-2.36.5-150200.41.1 webkit-jsc-4-debuginfo-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 webkit2gtk3-minibrowser-2.36.5-150200.41.1 webkit2gtk3-minibrowser-debuginfo-2.36.5-150200.41.1 - openSUSE Leap 15.3 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-32bit-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.5-150200.41.1 - openSUSE Leap 15.3 (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Manager Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Manager Retail Branch Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Manager Proxy 4.1 (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Manager Proxy 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150200.41.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-2.36.5-150200.41.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150200.41.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2-4_0-2.36.5-150200.41.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-2.36.5-150200.41.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150200.41.1 webkit2gtk3-debugsource-2.36.5-150200.41.1 webkit2gtk3-devel-2.36.5-150200.41.1 - SUSE Enterprise Storage 7 (noarch): libwebkit2gtk3-lang-2.36.5-150200.41.1 References: https://www.suse.com/security/cve/CVE-2022-32792.html https://www.suse.com/security/cve/CVE-2022-32816.html https://bugzilla.suse.com/1201980 From sle-updates at lists.suse.com Tue Aug 16 19:15:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 21:15:44 +0200 (CEST) Subject: SUSE-SU-2022:2827-1: important: Security update for the Linux Kernel Message-ID: <20220816191544.F37CFFF0D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2827-1 Rating: important References: #1195775 #1195926 #1198484 #1198829 #1200442 #1200598 #1200910 #1201429 #1201635 #1201636 #1201644 #1201926 #1201930 #1201940 Cross-References: CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-20166 CVE-2022-36946 CVSS scores: CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - cifs: On cifs_reconnect, resolve the hostname again (bsc#1201926). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1201926). - cifs: To match file servers, make sure the server hostname matches (bsc#1201926). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1201926). - cifs: set a minimum of 120s for next dns resolution (bsc#1201926). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1201926). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - rpm/*.spec.in: remove backtick usage - rpm/constraints.in: skip SLOW_DISK workers for kernel-source - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) - x86/entry: Remove skip_r11rcx (bsc#1201644). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2827=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2827=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2827=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2827=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2827=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-2827=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2827=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2827=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2827=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2827=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.120.1 kernel-vanilla-4.12.14-150100.197.120.1 kernel-vanilla-base-4.12.14-150100.197.120.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.120.1 kernel-vanilla-debuginfo-4.12.14-150100.197.120.1 kernel-vanilla-debugsource-4.12.14-150100.197.120.1 kernel-vanilla-devel-4.12.14-150100.197.120.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.120.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.120.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.120.1 kernel-debug-base-debuginfo-4.12.14-150100.197.120.1 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.120.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.120.1 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.120.1 kernel-zfcpdump-man-4.12.14-150100.197.120.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.120.1 kernel-vanilla-4.12.14-150100.197.120.1 kernel-vanilla-base-4.12.14-150100.197.120.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.120.1 kernel-vanilla-debuginfo-4.12.14-150100.197.120.1 kernel-vanilla-debugsource-4.12.14-150100.197.120.1 kernel-vanilla-devel-4.12.14-150100.197.120.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.120.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.120.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.120.1 kernel-debug-base-debuginfo-4.12.14-150100.197.120.1 - openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.120.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.120.1 - openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-150100.197.120.1 kernel-zfcpdump-man-4.12.14-150100.197.120.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.120.1 kernel-default-base-4.12.14-150100.197.120.1 kernel-default-base-debuginfo-4.12.14-150100.197.120.1 kernel-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debugsource-4.12.14-150100.197.120.1 kernel-default-devel-4.12.14-150100.197.120.1 kernel-default-devel-debuginfo-4.12.14-150100.197.120.1 kernel-obs-build-4.12.14-150100.197.120.1 kernel-obs-build-debugsource-4.12.14-150100.197.120.1 kernel-syms-4.12.14-150100.197.120.1 reiserfs-kmp-default-4.12.14-150100.197.120.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.120.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.120.1 kernel-docs-4.12.14-150100.197.120.2 kernel-macros-4.12.14-150100.197.120.1 kernel-source-4.12.14-150100.197.120.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.120.1 kernel-default-base-4.12.14-150100.197.120.1 kernel-default-base-debuginfo-4.12.14-150100.197.120.1 kernel-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debugsource-4.12.14-150100.197.120.1 kernel-default-devel-4.12.14-150100.197.120.1 kernel-default-devel-debuginfo-4.12.14-150100.197.120.1 kernel-obs-build-4.12.14-150100.197.120.1 kernel-obs-build-debugsource-4.12.14-150100.197.120.1 kernel-syms-4.12.14-150100.197.120.1 reiserfs-kmp-default-4.12.14-150100.197.120.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.120.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.120.1 kernel-docs-4.12.14-150100.197.120.2 kernel-macros-4.12.14-150100.197.120.1 kernel-source-4.12.14-150100.197.120.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.120.1 kernel-zfcpdump-debuginfo-4.12.14-150100.197.120.1 kernel-zfcpdump-debugsource-4.12.14-150100.197.120.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-150100.197.120.1 kernel-docs-4.12.14-150100.197.120.2 kernel-macros-4.12.14-150100.197.120.1 kernel-source-4.12.14-150100.197.120.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-150100.197.120.1 kernel-default-base-4.12.14-150100.197.120.1 kernel-default-base-debuginfo-4.12.14-150100.197.120.1 kernel-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debugsource-4.12.14-150100.197.120.1 kernel-default-devel-4.12.14-150100.197.120.1 kernel-default-devel-debuginfo-4.12.14-150100.197.120.1 kernel-obs-build-4.12.14-150100.197.120.1 kernel-obs-build-debugsource-4.12.14-150100.197.120.1 kernel-syms-4.12.14-150100.197.120.1 reiserfs-kmp-default-4.12.14-150100.197.120.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.120.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debugsource-4.12.14-150100.197.120.1 kernel-default-livepatch-4.12.14-150100.197.120.1 kernel-default-livepatch-devel-4.12.14-150100.197.120.1 kernel-livepatch-4_12_14-150100_197_120-default-1-150100.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.120.1 kernel-default-base-4.12.14-150100.197.120.1 kernel-default-base-debuginfo-4.12.14-150100.197.120.1 kernel-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debugsource-4.12.14-150100.197.120.1 kernel-default-devel-4.12.14-150100.197.120.1 kernel-default-devel-debuginfo-4.12.14-150100.197.120.1 kernel-obs-build-4.12.14-150100.197.120.1 kernel-obs-build-debugsource-4.12.14-150100.197.120.1 kernel-syms-4.12.14-150100.197.120.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.120.1 kernel-docs-4.12.14-150100.197.120.2 kernel-macros-4.12.14-150100.197.120.1 kernel-source-4.12.14-150100.197.120.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150100.197.120.1 kernel-default-base-4.12.14-150100.197.120.1 kernel-default-base-debuginfo-4.12.14-150100.197.120.1 kernel-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debugsource-4.12.14-150100.197.120.1 kernel-default-devel-4.12.14-150100.197.120.1 kernel-default-devel-debuginfo-4.12.14-150100.197.120.1 kernel-obs-build-4.12.14-150100.197.120.1 kernel-obs-build-debugsource-4.12.14-150100.197.120.1 kernel-syms-4.12.14-150100.197.120.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-150100.197.120.1 kernel-docs-4.12.14-150100.197.120.2 kernel-macros-4.12.14-150100.197.120.1 kernel-source-4.12.14-150100.197.120.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.120.1 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.120.1 dlm-kmp-default-4.12.14-150100.197.120.1 dlm-kmp-default-debuginfo-4.12.14-150100.197.120.1 gfs2-kmp-default-4.12.14-150100.197.120.1 gfs2-kmp-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debugsource-4.12.14-150100.197.120.1 ocfs2-kmp-default-4.12.14-150100.197.120.1 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.120.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-150100.197.120.1 kernel-default-base-4.12.14-150100.197.120.1 kernel-default-base-debuginfo-4.12.14-150100.197.120.1 kernel-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debugsource-4.12.14-150100.197.120.1 kernel-default-devel-4.12.14-150100.197.120.1 kernel-default-devel-debuginfo-4.12.14-150100.197.120.1 kernel-obs-build-4.12.14-150100.197.120.1 kernel-obs-build-debugsource-4.12.14-150100.197.120.1 kernel-syms-4.12.14-150100.197.120.1 reiserfs-kmp-default-4.12.14-150100.197.120.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.120.1 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-150100.197.120.1 kernel-docs-4.12.14-150100.197.120.2 kernel-macros-4.12.14-150100.197.120.1 kernel-source-4.12.14-150100.197.120.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.120.1 kernel-default-base-4.12.14-150100.197.120.1 kernel-default-base-debuginfo-4.12.14-150100.197.120.1 kernel-default-debuginfo-4.12.14-150100.197.120.1 kernel-default-debugsource-4.12.14-150100.197.120.1 kernel-default-devel-4.12.14-150100.197.120.1 kernel-default-devel-debuginfo-4.12.14-150100.197.120.1 kernel-obs-build-4.12.14-150100.197.120.1 kernel-obs-build-debugsource-4.12.14-150100.197.120.1 kernel-syms-4.12.14-150100.197.120.1 reiserfs-kmp-default-4.12.14-150100.197.120.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.120.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.120.1 kernel-docs-4.12.14-150100.197.120.2 kernel-macros-4.12.14-150100.197.120.1 kernel-source-4.12.14-150100.197.120.1 References: https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1198484 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201926 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 From sle-updates at lists.suse.com Tue Aug 16 19:17:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 21:17:33 +0200 (CEST) Subject: SUSE-SU-2022:2824-1: important: Security update for compat-openssl098 Message-ID: <20220816191733.CFE4EFF0D@maintenance.suse.de> SUSE Security Update: Security update for compat-openssl098 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2824-1 Rating: important References: #1201283 Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 12 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 SUSE Linux Enterprise Server for SAP Applications ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for compat-openssl098 fixes the following issues: - Fixed a regression caused by unknown option passed to 'openssl x509' from c_rehash Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-2824=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2824=1 - SUSE Linux Enterprise Module for Legacy Software 12: zypper in -t patch SUSE-SLE-Module-Legacy-12-2022-2824=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (x86_64): compat-openssl098-debugsource-0.9.8j-106.39.1 libopenssl0_9_8-0.9.8j-106.39.1 libopenssl0_9_8-debuginfo-0.9.8j-106.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): compat-openssl098-debugsource-0.9.8j-106.39.1 libopenssl0_9_8-0.9.8j-106.39.1 libopenssl0_9_8-debuginfo-0.9.8j-106.39.1 - SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64): compat-openssl098-debugsource-0.9.8j-106.39.1 libopenssl0_9_8-0.9.8j-106.39.1 libopenssl0_9_8-32bit-0.9.8j-106.39.1 libopenssl0_9_8-debuginfo-0.9.8j-106.39.1 libopenssl0_9_8-debuginfo-32bit-0.9.8j-106.39.1 References: https://bugzilla.suse.com/1201283 From sle-updates at lists.suse.com Tue Aug 16 19:18:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 21:18:14 +0200 (CEST) Subject: SUSE-SU-2022:2826-1: important: Security update for webkit2gtk3 Message-ID: <20220816191815.00B7EFF0D@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2826-1 Rating: important References: #1201980 Cross-References: CVE-2022-32792 CVE-2022-32816 CVSS scores: CVE-2022-32792 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2022-32816 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2826=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2826=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2826=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2826=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150400.4.9.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150400.4.9.1 libjavascriptcoregtk-4_1-0-2.36.5-150400.4.9.1 libjavascriptcoregtk-4_1-0-debuginfo-2.36.5-150400.4.9.1 libjavascriptcoregtk-5_0-0-2.36.5-150400.4.9.1 libjavascriptcoregtk-5_0-0-debuginfo-2.36.5-150400.4.9.1 libwebkit2gtk-4_0-37-2.36.5-150400.4.9.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150400.4.9.1 libwebkit2gtk-4_1-0-2.36.5-150400.4.9.1 libwebkit2gtk-4_1-0-debuginfo-2.36.5-150400.4.9.1 libwebkit2gtk-5_0-0-2.36.5-150400.4.9.1 libwebkit2gtk-5_0-0-debuginfo-2.36.5-150400.4.9.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150400.4.9.1 typelib-1_0-JavaScriptCore-4_1-2.36.5-150400.4.9.1 typelib-1_0-JavaScriptCore-5_0-2.36.5-150400.4.9.1 typelib-1_0-WebKit2-4_0-2.36.5-150400.4.9.1 typelib-1_0-WebKit2-4_1-2.36.5-150400.4.9.1 typelib-1_0-WebKit2-5_0-2.36.5-150400.4.9.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150400.4.9.1 typelib-1_0-WebKit2WebExtension-4_1-2.36.5-150400.4.9.1 typelib-1_0-WebKit2WebExtension-5_0-2.36.5-150400.4.9.1 webkit-jsc-4-2.36.5-150400.4.9.1 webkit-jsc-4-debuginfo-2.36.5-150400.4.9.1 webkit-jsc-4.1-2.36.5-150400.4.9.1 webkit-jsc-4.1-debuginfo-2.36.5-150400.4.9.1 webkit-jsc-5.0-2.36.5-150400.4.9.1 webkit-jsc-5.0-debuginfo-2.36.5-150400.4.9.1 webkit2gtk-4_0-injected-bundles-2.36.5-150400.4.9.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150400.4.9.1 webkit2gtk-4_1-injected-bundles-2.36.5-150400.4.9.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.5-150400.4.9.1 webkit2gtk-5_0-injected-bundles-2.36.5-150400.4.9.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.5-150400.4.9.1 webkit2gtk3-debugsource-2.36.5-150400.4.9.1 webkit2gtk3-devel-2.36.5-150400.4.9.1 webkit2gtk3-minibrowser-2.36.5-150400.4.9.1 webkit2gtk3-minibrowser-debuginfo-2.36.5-150400.4.9.1 webkit2gtk3-soup2-debugsource-2.36.5-150400.4.9.1 webkit2gtk3-soup2-devel-2.36.5-150400.4.9.1 webkit2gtk3-soup2-minibrowser-2.36.5-150400.4.9.1 webkit2gtk3-soup2-minibrowser-debuginfo-2.36.5-150400.4.9.1 webkit2gtk4-debugsource-2.36.5-150400.4.9.1 webkit2gtk4-devel-2.36.5-150400.4.9.1 webkit2gtk4-minibrowser-2.36.5-150400.4.9.1 webkit2gtk4-minibrowser-debuginfo-2.36.5-150400.4.9.1 - openSUSE Leap 15.4 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.5-150400.4.9.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.5-150400.4.9.1 libjavascriptcoregtk-4_1-0-32bit-2.36.5-150400.4.9.1 libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.5-150400.4.9.1 libwebkit2gtk-4_0-37-32bit-2.36.5-150400.4.9.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.5-150400.4.9.1 libwebkit2gtk-4_1-0-32bit-2.36.5-150400.4.9.1 libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.5-150400.4.9.1 - openSUSE Leap 15.4 (noarch): WebKit2GTK-4.0-lang-2.36.5-150400.4.9.1 WebKit2GTK-4.1-lang-2.36.5-150400.4.9.1 WebKit2GTK-5.0-lang-2.36.5-150400.4.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-5_0-0-2.36.5-150400.4.9.1 libjavascriptcoregtk-5_0-0-debuginfo-2.36.5-150400.4.9.1 libwebkit2gtk-5_0-0-2.36.5-150400.4.9.1 libwebkit2gtk-5_0-0-debuginfo-2.36.5-150400.4.9.1 typelib-1_0-JavaScriptCore-5_0-2.36.5-150400.4.9.1 typelib-1_0-WebKit2-5_0-2.36.5-150400.4.9.1 webkit2gtk-5_0-injected-bundles-2.36.5-150400.4.9.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.36.5-150400.4.9.1 webkit2gtk4-debugsource-2.36.5-150400.4.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_1-0-2.36.5-150400.4.9.1 libjavascriptcoregtk-4_1-0-debuginfo-2.36.5-150400.4.9.1 libwebkit2gtk-4_1-0-2.36.5-150400.4.9.1 libwebkit2gtk-4_1-0-debuginfo-2.36.5-150400.4.9.1 typelib-1_0-JavaScriptCore-4_1-2.36.5-150400.4.9.1 typelib-1_0-WebKit2-4_1-2.36.5-150400.4.9.1 typelib-1_0-WebKit2WebExtension-4_1-2.36.5-150400.4.9.1 webkit2gtk-4_1-injected-bundles-2.36.5-150400.4.9.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.36.5-150400.4.9.1 webkit2gtk3-debugsource-2.36.5-150400.4.9.1 webkit2gtk3-devel-2.36.5-150400.4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.5-150400.4.9.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-150400.4.9.1 libwebkit2gtk-4_0-37-2.36.5-150400.4.9.1 libwebkit2gtk-4_0-37-debuginfo-2.36.5-150400.4.9.1 typelib-1_0-JavaScriptCore-4_0-2.36.5-150400.4.9.1 typelib-1_0-WebKit2-4_0-2.36.5-150400.4.9.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-150400.4.9.1 webkit2gtk-4_0-injected-bundles-2.36.5-150400.4.9.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-150400.4.9.1 webkit2gtk3-soup2-debugsource-2.36.5-150400.4.9.1 webkit2gtk3-soup2-devel-2.36.5-150400.4.9.1 References: https://www.suse.com/security/cve/CVE-2022-32792.html https://www.suse.com/security/cve/CVE-2022-32816.html https://bugzilla.suse.com/1201980 From sle-updates at lists.suse.com Tue Aug 16 19:18:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 16 Aug 2022 21:18:55 +0200 (CEST) Subject: SUSE-SU-2022:2825-1: important: Security update for rsync Message-ID: <20220816191855.0D058FF0D@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2825-1 Rating: important References: #1201840 Cross-References: CVE-2022-29154 CVSS scores: CVE-2022-29154 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-29154 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write when connecting to a malicious server (bsc#1201840). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2825=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2825=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rsync-3.2.3-150400.3.3.1 rsync-debuginfo-3.2.3-150400.3.3.1 rsync-debugsource-3.2.3-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): rsync-3.2.3-150400.3.3.1 rsync-debuginfo-3.2.3-150400.3.3.1 rsync-debugsource-3.2.3-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-29154.html https://bugzilla.suse.com/1201840 From sle-updates at lists.suse.com Wed Aug 17 07:27:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2022 09:27:01 +0200 (CEST) Subject: SUSE-CU-2022:1845-1: Security update of suse/sles12sp4 Message-ID: <20220817072701.2C1C7FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1845-1 Container Tags : suse/sles12sp4:26.489 , suse/sles12sp4:latest Container Release : 26.489 Severity : important Type : security References : 1199223 1199224 1200735 1200737 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2813-1 Released: Tue Aug 16 10:42:09 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). The following package changes have been done: - base-container-licenses-3.0-1.307 updated - container-suseconnect-2.0.0-1.195 updated - libcurl4-7.60.0-4.38.1 updated From sle-updates at lists.suse.com Wed Aug 17 16:16:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2022 18:16:22 +0200 (CEST) Subject: SUSE-SU-2022:2831-1: moderate: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Message-ID: <20220817161622.B47D1FF0F@maintenance.suse.de> SUSE Security Update: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2831-1 Rating: moderate References: #1195916 #1196696 SLE-23972 Cross-References: CVE-2020-29651 CVSS scores: CVE-2020-29651 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29651 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2831=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2831=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2831=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2831=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2831=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2831=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2831=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2831=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2831=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2831=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2831=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2831=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2831=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2831=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2831=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-coverage-debuginfo-4.5.4-150000.3.3.2 python-coverage-debugsource-4.5.4-150000.3.3.2 python3-coverage-4.5.4-150000.3.3.2 python3-coverage-debuginfo-4.5.4-150000.3.3.2 - openSUSE Leap 15.4 (noarch): python-atomicwrites-doc-1.1.5-150000.3.2.1 python3-apipkg-1.4-150000.3.2.1 python3-atomicwrites-1.1.5-150000.3.2.1 python3-py-1.10.0-150000.5.9.2 python3-pycodestyle-2.5.0-150000.3.2.2 python3-pyflakes-2.1.1-150000.3.2.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-coverage-debuginfo-4.5.4-150000.3.3.2 python-coverage-debugsource-4.5.4-150000.3.3.2 python2-coverage-4.5.4-150000.3.3.2 python2-coverage-debuginfo-4.5.4-150000.3.3.2 python3-coverage-4.5.4-150000.3.3.2 python3-coverage-debuginfo-4.5.4-150000.3.3.2 - openSUSE Leap 15.3 (noarch): python-atomicwrites-doc-1.1.5-150000.3.2.1 python2-apipkg-1.4-150000.3.2.1 python2-atomicwrites-1.1.5-150000.3.2.1 python2-py-1.10.0-150000.5.9.2 python2-pycodestyle-2.5.0-150000.3.2.2 python2-pyflakes-2.1.1-150000.3.2.2 python3-apipkg-1.4-150000.3.2.1 python3-atomicwrites-1.1.5-150000.3.2.1 python3-py-1.10.0-150000.5.9.2 python3-pycodestyle-2.5.0-150000.3.2.2 python3-pyflakes-2.1.1-150000.3.2.2 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-apipkg-1.4-150000.3.2.1 python2-iniconfig-1.1.1-150000.1.3.1 python2-py-1.10.0-150000.5.9.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): python3-atomicwrites-1.1.5-150000.3.2.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-atomicwrites-1.1.5-150000.3.2.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-atomicwrites-1.1.5-150000.3.2.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-atomicwrites-1.1.5-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): python-coverage-debuginfo-4.5.4-150000.3.3.2 python-coverage-debugsource-4.5.4-150000.3.3.2 python2-coverage-4.5.4-150000.3.3.2 python2-coverage-debuginfo-4.5.4-150000.3.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-atomicwrites-1.1.5-150000.3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-coverage-debuginfo-4.5.4-150000.3.3.2 python-coverage-debugsource-4.5.4-150000.3.3.2 python2-coverage-4.5.4-150000.3.3.2 python2-coverage-debuginfo-4.5.4-150000.3.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-atomicwrites-1.1.5-150000.3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): python-coverage-debuginfo-4.5.4-150000.3.3.2 python-coverage-debugsource-4.5.4-150000.3.3.2 python3-coverage-4.5.4-150000.3.3.2 python3-coverage-debuginfo-4.5.4-150000.3.3.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python-coverage-debuginfo-4.5.4-150000.3.3.2 python-coverage-debugsource-4.5.4-150000.3.3.2 python3-coverage-4.5.4-150000.3.3.2 python3-coverage-debuginfo-4.5.4-150000.3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-apipkg-1.4-150000.3.2.1 python3-iniconfig-1.1.1-150000.1.3.1 python3-py-1.10.0-150000.5.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-apipkg-1.4-150000.3.2.1 python3-iniconfig-1.1.1-150000.1.3.1 python3-py-1.10.0-150000.5.9.2 - SUSE Linux Enterprise Micro 5.2 (noarch): python3-py-1.10.0-150000.5.9.2 - SUSE Linux Enterprise Micro 5.1 (noarch): python3-py-1.10.0-150000.5.9.2 References: https://www.suse.com/security/cve/CVE-2020-29651.html https://bugzilla.suse.com/1195916 https://bugzilla.suse.com/1196696 From sle-updates at lists.suse.com Wed Aug 17 16:17:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2022 18:17:11 +0200 (CEST) Subject: SUSE-SU-2022:2833-1: moderate: Security update for ucode-intel Message-ID: <20220817161711.974A6FF0F@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2833-1 Rating: moderate References: #1201727 Cross-References: CVE-2022-21233 CVSS scores: CVE-2022-21233 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0 0657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scala ble-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2833=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2833=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2833=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): ucode-intel-20220809-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): ucode-intel-20220809-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): ucode-intel-20220809-150000.3.78.1 References: https://www.suse.com/security/cve/CVE-2022-21233.html https://bugzilla.suse.com/1201727 From sle-updates at lists.suse.com Wed Aug 17 16:17:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2022 18:17:50 +0200 (CEST) Subject: SUSE-SU-2022:2830-1: important: Security update for gnutls Message-ID: <20220817161750.42D48FF0F@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2830-1 Rating: important References: #1196167 #1202020 Cross-References: CVE-2021-4209 CVE-2022-2509 CVSS scores: CVE-2021-4209 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2509 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2509 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2830=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2830=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2830=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2830=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2830=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2830=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2830=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2830=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2830=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2830=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 - SUSE Enterprise Storage 6 (x86_64): libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 - SUSE CaaS Platform 4.0 (x86_64): gnutls-3.6.7-150000.6.45.2 gnutls-debuginfo-3.6.7-150000.6.45.2 gnutls-debugsource-3.6.7-150000.6.45.2 libgnutls-devel-3.6.7-150000.6.45.2 libgnutls30-3.6.7-150000.6.45.2 libgnutls30-32bit-3.6.7-150000.6.45.2 libgnutls30-32bit-debuginfo-3.6.7-150000.6.45.2 libgnutls30-debuginfo-3.6.7-150000.6.45.2 libgnutls30-hmac-3.6.7-150000.6.45.2 libgnutls30-hmac-32bit-3.6.7-150000.6.45.2 libgnutlsxx-devel-3.6.7-150000.6.45.2 libgnutlsxx28-3.6.7-150000.6.45.2 libgnutlsxx28-debuginfo-3.6.7-150000.6.45.2 References: https://www.suse.com/security/cve/CVE-2021-4209.html https://www.suse.com/security/cve/CVE-2022-2509.html https://bugzilla.suse.com/1196167 https://bugzilla.suse.com/1202020 From sle-updates at lists.suse.com Wed Aug 17 16:18:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2022 18:18:40 +0200 (CEST) Subject: SUSE-SU-2022:2829-1: important: Security update for curl Message-ID: <20220817161840.6EB12FF0F@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2829-1 Rating: important References: #1199223 #1199224 #1200735 #1200737 Cross-References: CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 CVSS scores: CVE-2022-27781 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27781 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-27782 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-27782 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-32206 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-32206 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-32208 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-32208 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2829=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2829=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2829=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2829=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2829=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2829=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2829=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2829=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2829=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2829=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 - SUSE Enterprise Storage 6 (x86_64): libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 - SUSE CaaS Platform 4.0 (x86_64): curl-7.60.0-150000.33.1 curl-debuginfo-7.60.0-150000.33.1 curl-debugsource-7.60.0-150000.33.1 libcurl-devel-7.60.0-150000.33.1 libcurl4-32bit-7.60.0-150000.33.1 libcurl4-32bit-debuginfo-7.60.0-150000.33.1 libcurl4-7.60.0-150000.33.1 libcurl4-debuginfo-7.60.0-150000.33.1 References: https://www.suse.com/security/cve/CVE-2022-27781.html https://www.suse.com/security/cve/CVE-2022-27782.html https://www.suse.com/security/cve/CVE-2022-32206.html https://www.suse.com/security/cve/CVE-2022-32208.html https://bugzilla.suse.com/1199223 https://bugzilla.suse.com/1199224 https://bugzilla.suse.com/1200735 https://bugzilla.suse.com/1200737 From sle-updates at lists.suse.com Wed Aug 17 16:19:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2022 18:19:34 +0200 (CEST) Subject: SUSE-SU-2022:2832-1: moderate: Security update for ucode-intel Message-ID: <20220817161934.6C330FF0F@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2832-1 Rating: moderate References: #1201727 Cross-References: CVE-2022-21233 CVSS scores: CVE-2022-21233 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0 0657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scala ble-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2832=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2832=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2832=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2832=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2832=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2832=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): ucode-intel-20220809-150100.3.214.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): ucode-intel-20220809-150100.3.214.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): ucode-intel-20220809-150100.3.214.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): ucode-intel-20220809-150100.3.214.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): ucode-intel-20220809-150100.3.214.1 - SUSE Enterprise Storage 6 (x86_64): ucode-intel-20220809-150100.3.214.1 - SUSE CaaS Platform 4.0 (x86_64): ucode-intel-20220809-150100.3.214.1 References: https://www.suse.com/security/cve/CVE-2022-21233.html https://bugzilla.suse.com/1201727 From sle-updates at lists.suse.com Wed Aug 17 19:15:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2022 21:15:18 +0200 (CEST) Subject: SUSE-SU-2022:2835-1: important: Security update for ntfs-3g_ntfsprogs Message-ID: <20220817191518.C8709FF0F@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2835-1 Rating: important References: #1199978 Cross-References: CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 CVSS scores: CVE-2021-46790 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-46790 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L CVE-2022-30783 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30783 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30784 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30784 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30785 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30785 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30786 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30786 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30787 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30787 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30788 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30788 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30789 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30789 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Updated to version 2022.5.17 (bsc#1199978): - CVE-2022-30783: Fixed an issue where messages between NTFS-3G and the kernel could be intercepted when using libfuse-lite. - CVE-2022-30784: Fixed a memory exhaustion issue when opening a crafted NTFS image. - CVE-2022-30785: Fixed a bug where arbitrary memory read and write operations could be achieved whe using libfuse-lite. - CVE-2022-30786: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30787: Fixed an integer underflow which enabled arbitrary memory read operations when using libfuse-lite. - CVE-2022-30788: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30789: Fixed a memory corruption issue when opening a crafted NTFS image. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2835=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2835=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2835=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2835=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2022.5.17-150000.3.11.1 libntfs-3g87-2022.5.17-150000.3.11.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g-2022.5.17-150000.3.11.1 ntfs-3g-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.11.1 ntfsprogs-2022.5.17-150000.3.11.1 ntfsprogs-debuginfo-2022.5.17-150000.3.11.1 ntfsprogs-extra-2022.5.17-150000.3.11.1 ntfsprogs-extra-debuginfo-2022.5.17-150000.3.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2022.5.17-150000.3.11.1 libntfs-3g87-2022.5.17-150000.3.11.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g-2022.5.17-150000.3.11.1 ntfs-3g-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.11.1 ntfsprogs-2022.5.17-150000.3.11.1 ntfsprogs-debuginfo-2022.5.17-150000.3.11.1 ntfsprogs-extra-2022.5.17-150000.3.11.1 ntfsprogs-extra-debuginfo-2022.5.17-150000.3.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libntfs-3g-devel-2022.5.17-150000.3.11.1 libntfs-3g87-2022.5.17-150000.3.11.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g-2022.5.17-150000.3.11.1 ntfs-3g-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.11.1 ntfsprogs-2022.5.17-150000.3.11.1 ntfsprogs-debuginfo-2022.5.17-150000.3.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libntfs-3g-devel-2022.5.17-150000.3.11.1 libntfs-3g87-2022.5.17-150000.3.11.1 libntfs-3g87-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g-2022.5.17-150000.3.11.1 ntfs-3g-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g_ntfsprogs-debuginfo-2022.5.17-150000.3.11.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-150000.3.11.1 ntfsprogs-2022.5.17-150000.3.11.1 ntfsprogs-debuginfo-2022.5.17-150000.3.11.1 References: https://www.suse.com/security/cve/CVE-2021-46790.html https://www.suse.com/security/cve/CVE-2022-30783.html https://www.suse.com/security/cve/CVE-2022-30784.html https://www.suse.com/security/cve/CVE-2022-30785.html https://www.suse.com/security/cve/CVE-2022-30786.html https://www.suse.com/security/cve/CVE-2022-30787.html https://www.suse.com/security/cve/CVE-2022-30788.html https://www.suse.com/security/cve/CVE-2022-30789.html https://bugzilla.suse.com/1199978 From sle-updates at lists.suse.com Wed Aug 17 19:15:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2022 21:15:58 +0200 (CEST) Subject: SUSE-SU-2022:2836-1: important: Security update for ntfs-3g_ntfsprogs Message-ID: <20220817191558.8FD14FF0F@maintenance.suse.de> SUSE Security Update: Security update for ntfs-3g_ntfsprogs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2836-1 Rating: important References: #1199978 Cross-References: CVE-2021-46790 CVE-2022-30783 CVE-2022-30784 CVE-2022-30785 CVE-2022-30786 CVE-2022-30787 CVE-2022-30788 CVE-2022-30789 CVSS scores: CVE-2021-46790 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-46790 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L CVE-2022-30783 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30783 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30784 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30784 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30785 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30785 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30786 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30786 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30787 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30787 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30788 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30788 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-30789 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-30789 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for ntfs-3g_ntfsprogs fixes the following issues: Updated to version 2022.5.17 (bsc#1199978): - CVE-2022-30783: Fixed an issue where messages between NTFS-3G and the kernel could be intercepted when using libfuse-lite. - CVE-2022-30784: Fixed a memory exhaustion issue when opening a crafted NTFS image. - CVE-2022-30785: Fixed a bug where arbitrary memory read and write operations could be achieved when using libfuse-lite. - CVE-2022-30786: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30787: Fixed an integer underflow which enabled arbitrary memory read operations when using libfuse-lite. - CVE-2022-30788: Fixed a memory corruption issue when opening a crafted NTFS image. - CVE-2022-30789: Fixed a memory corruption issue when opening a crafted NTFS image. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2836=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2836=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libntfs-3g84-2022.5.17-5.12.1 libntfs-3g84-debuginfo-2022.5.17-5.12.1 ntfs-3g-2022.5.17-5.12.1 ntfs-3g-debuginfo-2022.5.17-5.12.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-5.12.1 ntfsprogs-2022.5.17-5.12.1 ntfsprogs-debuginfo-2022.5.17-5.12.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libntfs-3g-devel-2022.5.17-5.12.1 libntfs-3g84-2022.5.17-5.12.1 libntfs-3g84-debuginfo-2022.5.17-5.12.1 ntfs-3g_ntfsprogs-debugsource-2022.5.17-5.12.1 References: https://www.suse.com/security/cve/CVE-2021-46790.html https://www.suse.com/security/cve/CVE-2022-30783.html https://www.suse.com/security/cve/CVE-2022-30784.html https://www.suse.com/security/cve/CVE-2022-30785.html https://www.suse.com/security/cve/CVE-2022-30786.html https://www.suse.com/security/cve/CVE-2022-30787.html https://www.suse.com/security/cve/CVE-2022-30788.html https://www.suse.com/security/cve/CVE-2022-30789.html https://bugzilla.suse.com/1199978 From sle-updates at lists.suse.com Wed Aug 17 19:16:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 17 Aug 2022 21:16:42 +0200 (CEST) Subject: SUSE-SU-2022:2834-1: important: Security update for podman Message-ID: <20220817191642.BC37FFF0F@maintenance.suse.de> SUSE Security Update: Security update for podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2834-1 Rating: important References: #1182428 #1196338 #1197284 Cross-References: CVE-2022-1227 CVE-2022-21698 CVE-2022-27191 CVSS scores: CVE-2022-1227 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1227 (SUSE): 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2834=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-2834=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): podman-3.4.7-150400.4.3.1 podman-debuginfo-3.4.7-150400.4.3.1 podman-remote-3.4.7-150400.4.3.1 podman-remote-debuginfo-3.4.7-150400.4.3.1 - openSUSE Leap 15.4 (noarch): podman-cni-config-3.4.7-150400.4.3.1 podman-docker-3.4.7-150400.4.3.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): podman-3.4.7-150400.4.3.1 podman-debuginfo-3.4.7-150400.4.3.1 podman-remote-3.4.7-150400.4.3.1 podman-remote-debuginfo-3.4.7-150400.4.3.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): podman-cni-config-3.4.7-150400.4.3.1 podman-docker-3.4.7-150400.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-1227.html https://www.suse.com/security/cve/CVE-2022-21698.html https://www.suse.com/security/cve/CVE-2022-27191.html https://bugzilla.suse.com/1182428 https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1197284 From sle-updates at lists.suse.com Thu Aug 18 07:15:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 09:15:30 +0200 (CEST) Subject: SUSE-CU-2022:1852-1: Security update of ses/7.1/ceph/ceph Message-ID: <20220818071530.64597FF0F@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1852-1 Container Tags : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.184 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific Container Release : 3.2.184 Severity : critical Type : security References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1121227 1121230 1122004 1122021 1123685 1125007 1137373 1164384 1177460 1180065 1181658 1183533 1184501 1185637 1191157 1191502 1191908 1192449 1192951 1193086 1193489 1193659 1194131 1194172 1194550 1194642 1194708 1194848 1194875 1194883 1195157 1195231 1195247 1195251 1195258 1195283 1195359 1195463 1195529 1195628 1195836 1195899 1195999 1196044 1196061 1196093 1196107 1196125 1196317 1196368 1196490 1196514 1196567 1196647 1196733 1196785 1196787 1196850 1196861 1196925 1196939 1197004 1197024 1197065 1197134 1197297 1197443 1197459 1197570 1197684 1197718 1197742 1197743 1197771 1197788 1197790 1197794 1197846 1198062 1198062 1198090 1198114 1198176 1198237 1198422 1198435 1198446 1198458 1198507 1198511 1198614 1198627 1198723 1198732 1198751 1198766 1198922 1199042 1199090 1199132 1199140 1199166 1199223 1199224 1199232 1199232 1199235 1199240 1199756 1200064 1200170 1200278 1200334 1200550 1200553 1200735 1200737 1200802 1200855 1200855 1201099 1201225 1201560 1201640 CVE-2015-20107 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-20454 CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-29362 CVE-2021-22570 CVE-2021-28153 CVE-2021-3979 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29217 CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 ----------------------------------------------------------------- The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1145-1 Released: Mon Apr 11 14:59:54 2022 Summary: Recommended update for tcmu-runner Type: recommended Severity: moderate References: 1196787 This update for tcmu-runner fixes the following issues: - fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed. (bsc#1196787) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1422-1 Released: Wed Apr 27 09:24:27 2022 Summary: Recommended update for glib2-branding Type: recommended Severity: moderate References: 1195836 This update for glib2-branding fixes the following issues: - Change the default `LibreOffice Startcenter` entry to `libreoffice-startcenter.desktop` and provide the missing favorite link. (bsc#1195836) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1491-1 Released: Tue May 3 07:09:44 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Add a fallback if the system call name_to_handle_at() is not supported by the used file system. - Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from pthreads(7) (bsc#1194172) - Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1625-1 Released: Tue May 10 15:54:43 2022 Summary: Recommended update for python-python3-saml Type: recommended Severity: moderate References: 1197846 This update for python-python3-saml fixes the following issues: - Update expiry dates for responses. (bsc#1197846) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1626-1 Released: Tue May 10 15:55:13 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1198090,1198114 This update for systemd fixes the following issues: - tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090) - journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114) - tmpfiles: constify item_compatible() parameters - test tmpfiles: add a test for 'w+' - test: add test checking tmpfiles conf file precedence - journald: make use of CLAMP() in cache_space_refresh() - journal-file: port journal_file_open() to openat_report_new() - fs-util: make sure openat_report_new() initializes return param also on shortcut - fs-util: fix typos in comments - fs-util: add openat_report_new() wrapper around openat() ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1657-1 Released: Fri May 13 15:39:07 2022 Summary: Security update for curl Type: security Severity: moderate References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776 This update for curl fixes the following issues: - CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766) - CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723) - CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate References: 1197443 This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1709-1 Released: Tue May 17 17:35:47 2022 Summary: Recommended update for libcbor Type: recommended Severity: important References: 1197743 This update for libcbor fixes the following issues: - Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1720-1 Released: Tue May 17 17:46:03 2022 Summary: Recommended update for python-rtslib-fb Type: recommended Severity: important References: 1199090 This update for python-rtslib-fb fixes the following issues: - Update parameters description. - Enable the 'disable_emulate_legacy_capacity' parameter. (bsc#1199090) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1828-1 Released: Tue May 24 10:47:38 2022 Summary: Recommended update for oath-toolkit Type: recommended Severity: important References: 1197790 This update for oath-toolkit fixes the following issues: - Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197790) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1864-1 Released: Fri May 27 09:07:30 2022 Summary: Recommended update for leveldb Type: recommended Severity: low References: 1197742 This update for leveldb fixes the following issue: - fix tests (bsc#1197742) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1870-1 Released: Fri May 27 10:03:40 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782 This update for curl fixes the following issues: - CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223) - CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1883-1 Released: Mon May 30 12:41:35 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2049-1 Released: Mon Jun 13 09:23:52 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1191908,1198422 This update for binutils fixes the following issues: - Revert back to old behaviour of not ignoring the in-section content of to be relocated fields on x86-64, even though that's a RELA architecture. Compatibility with buggy object files generated by old tools. [bsc#1198422] - Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2149-1 Released: Wed Jun 22 08:17:38 2022 Summary: Recommended update for ceph-iscsi Type: recommended Severity: moderate References: 1198435 This update for ceph-iscsi fixes the following issues: - Update to 3.5+1655410541.gf482c7a. + Improve werkzeug version checking (bsc#1198435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2157-1 Released: Wed Jun 22 17:11:25 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198458 This update for binutils fixes the following issues: - For building the shim 15.6~rc1 and later versions aarch64 image, objcopy needs to support efi-app-aarch64 target. (bsc#1198458) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2251-1 Released: Mon Jul 4 09:52:25 2022 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2323-1 Released: Thu Jul 7 12:16:58 2022 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: low References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2327-1 Released: Thu Jul 7 15:06:13 2022 Summary: Security update for curl Type: security Severity: important References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2328-1 Released: Thu Jul 7 15:07:35 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201099,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2357-1 Released: Mon Jul 11 20:34:20 2022 Summary: Security update for python3 Type: security Severity: important References: 1198511,CVE-2015-20107 This update for python3 fixes the following issues: - CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2402-1 Released: Thu Jul 14 16:58:22 2022 Summary: Security update for python-PyJWT Type: security Severity: important References: 1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2547-1 Released: Mon Jul 25 19:57:38 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1200278,1200802 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1195463,1196850 This update for apparmor fixes the following issues: - Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2817-1 Released: Tue Aug 16 12:03:46 2022 Summary: Security update for ceph Type: security Severity: important References: 1194131,1194875,1195359,1196044,1196733,1196785,1200064,1200553,CVE-2021-3979 This update for ceph fixes the following issues: - Update to 16.2.9-536-g41a9f9a5573: + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) - Update to 16.2.9-158-gd93952c7eea: + cmake: check for python(\d)\.(\d+) when building boost + make-dist: patch boost source to support python 3.10 - Update to ceph-16.2.9-58-ge2e5cb80063: + (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths - Update to 16.2.9.50-g7d9f12156fb: + (jsc#SES-2515) High-availability NFS export + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit - Update to 16.2.7-969-g6195a460d89 + (jsc#SES-2515) High-availability NFS export - Update to v16.2.7-654-gd5a90ff46f0 + (bsc#1196733) remove build directory during %clean - Update to v16.2.7-652-gf5dc462fdb5 + (bsc#1194875) [SES7P] include/buffer: include memory The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - binutils-2.37-150100.7.37.1 updated - ceph-base-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-iscsi-3.5+1655410541.gf482c7a-150300.3.3.1 updated - ceph-mds-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-mgr-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-mon-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-osd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - ceph-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - device-mapper-1.02.163-8.42.1 updated - e2fsprogs-1.43.8-150000.4.33.1 updated - gio-branding-SLE-15-150300.19.3.1 updated - glib2-tools-2.62.6-150200.3.9.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - grep-3.1-150000.4.6.1 updated - gzip-1.10-150200.10.1 updated - libapparmor1-2.13.6-150300.3.15.1 updated - libaugeas0-1.10.1-150000.3.12.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libcbor0-0.5.0-150100.4.6.1 updated - libcephfs2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - libcephsqlite-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - libcom_err2-1.43.8-150000.4.33.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libctf-nobfd0-2.37-150100.7.37.1 updated - libctf0-2.37-150100.7.37.1 updated - libcurl4-7.66.0-150200.4.36.1 updated - libdevmapper-event1_03-1.02.163-8.42.1 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libext2fs2-1.43.8-150000.4.33.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libgcc_s1-11.3.0+git1637-150000.1.9.1 updated - libgio-2_0-0-2.62.6-150200.3.9.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libgmodule-2_0-0-2.62.6-150200.3.9.1 updated - libgobject-2_0-0-2.62.6-150200.3.9.1 updated - libldap-2_4-2-2.4.46-150200.14.8.1 updated - libldap-data-2.4.46-150200.14.8.1 updated - libleveldb1-1.18-150000.3.3.1 updated - liblvm2cmd2_03-2.03.05-8.42.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libncurses6-6.1-150000.5.12.1 updated - liboath0-2.6.2-150000.3.3.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated - libopenssl1_1-1.1.1d-150200.11.51.1 updated - libp11-kit0-0.23.2-150000.4.16.1 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.31-150000.3.12.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libpython3_6m1_0-3.6.15-150300.10.27.1 updated - librados2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - librbd1-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - librgw2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.3.0+git1637-150000.1.9.1 updated - libsystemd0-246.16-150300.7.48.1 updated - libtcmu2-1.5.2-150200.2.7.1 updated - libtirpc-netconfig-1.2.6-150300.3.6.1 updated - libtirpc3-1.2.6-150300.3.6.1 updated - libudev1-246.16-150300.7.48.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libxml2-2-2.9.7-150000.3.46.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.30.2-150200.39.1 updated - logrotate-3.13.0-150000.4.7.1 updated - lvm2-2.03.05-8.42.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - nfs-kernel-server-2.1.1-150100.10.24.1 updated - oath-toolkit-xml-2.6.2-150000.3.3.1 updated - openssl-1_1-1.1.1d-150200.11.51.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 updated - p11-kit-0.23.2-150000.4.16.1 updated - pam-1.3.0-150000.6.58.3 updated - perl-base-5.26.1-150300.17.3.1 updated - psmisc-23.0-150000.6.22.1 updated - python-rtslib-fb-common-2.1.74-150300.3.3.1 updated - python3-PyJWT-1.7.1-150200.3.3.1 updated - python3-base-3.6.15-150300.10.27.1 updated - python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - python3-cephfs-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - python3-cssselect-1.0.3-150000.3.3.1 updated - python3-curses-3.6.15-150300.10.27.1 updated - python3-python3-saml-1.7.0-150200.3.3.2 updated - python3-rados-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - python3-rbd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - python3-rgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - python3-rtslib-fb-2.1.74-150300.3.3.1 updated - python3-3.6.15-150300.10.27.1 updated - rbd-mirror-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated - systemd-presets-branding-SLE-15.1-150100.20.11.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - systemd-246.16-150300.7.48.1 updated - tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 updated - tcmu-runner-1.5.2-150200.2.7.1 updated - terminfo-base-6.1-150000.5.12.1 updated - timezone-2022a-150000.75.7.1 updated - udev-246.16-150300.7.48.1 updated - util-linux-systemd-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.53-150200.33.1 updated - container:sles15-image-15.0.0-17.20.14 updated From sle-updates at lists.suse.com Thu Aug 18 07:15:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 09:15:51 +0200 (CEST) Subject: SUSE-CU-2022:1853-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20220818071551.55863FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1853-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-4.2.10 , suse/sle-micro/5.3/toolbox:latest Container Release : 4.2.10 Severity : moderate Type : recommended References : 1200657 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) The following package changes have been done: - tar-1.34-150000.3.15.1 updated From sle-updates at lists.suse.com Thu Aug 18 07:40:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 09:40:33 +0200 (CEST) Subject: SUSE-CU-2022:1854-1: Security update of suse/sle15 Message-ID: <20220818074033.05243FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1854-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.595 Container Release : 4.22.595 Severity : important Type : security References : 1196167 1199223 1199224 1200735 1200737 1202020 CVE-2021-4209 CVE-2022-2509 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2829-1 Released: Wed Aug 17 13:33:11 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2830-1 Released: Wed Aug 17 14:36:26 2022 Summary: Security update for gnutls Type: security Severity: important References: 1196167,1202020,CVE-2021-4209,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). The following package changes have been done: - libcurl4-7.60.0-150000.33.1 updated - libgnutls30-3.6.7-150000.6.45.2 updated From sle-updates at lists.suse.com Thu Aug 18 08:01:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 10:01:09 +0200 (CEST) Subject: SUSE-CU-2022:1855-1: Security update of suse/sle15 Message-ID: <20220818080109.6EE87FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1855-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.656 Container Release : 6.2.656 Severity : important Type : security References : 1196167 1199223 1199224 1200735 1200737 1202020 CVE-2021-4209 CVE-2022-2509 CVE-2022-27781 CVE-2022-27782 CVE-2022-32206 CVE-2022-32208 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2829-1 Released: Wed Aug 17 13:33:11 2022 Summary: Security update for curl Type: security Severity: important References: 1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2830-1 Released: Wed Aug 17 14:36:26 2022 Summary: Security update for gnutls Type: security Severity: important References: 1196167,1202020,CVE-2021-4209,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). The following package changes have been done: - libcurl4-7.60.0-150000.33.1 updated - libgnutls30-3.6.7-150000.6.45.2 updated From sle-updates at lists.suse.com Thu Aug 18 08:10:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 10:10:56 +0200 (CEST) Subject: SUSE-CU-2022:1860-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20220818081056.EC6F9FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1860-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.79 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.79 Severity : moderate Type : recommended References : 1200657 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) The following package changes have been done: - tar-1.34-150000.3.15.1 updated From sle-updates at lists.suse.com Thu Aug 18 10:16:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 12:16:23 +0200 (CEST) Subject: SUSE-SU-2022:2838-1: moderate: Security update for ucode-intel Message-ID: <20220818101623.7E2C2FF0F@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2838-1 Rating: moderate References: #1201727 Cross-References: CVE-2022-21233 CVSS scores: CVE-2022-21233 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0 0657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scala ble-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2838=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2838=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2838=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2838=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2838=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2838=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ucode-intel-20220809-13.101.1 ucode-intel-debuginfo-20220809-13.101.1 ucode-intel-debugsource-20220809-13.101.1 - SUSE OpenStack Cloud 9 (x86_64): ucode-intel-20220809-13.101.1 ucode-intel-debuginfo-20220809-13.101.1 ucode-intel-debugsource-20220809-13.101.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): ucode-intel-20220809-13.101.1 ucode-intel-debuginfo-20220809-13.101.1 ucode-intel-debugsource-20220809-13.101.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): ucode-intel-20220809-13.101.1 ucode-intel-debuginfo-20220809-13.101.1 ucode-intel-debugsource-20220809-13.101.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): ucode-intel-20220809-13.101.1 ucode-intel-debuginfo-20220809-13.101.1 ucode-intel-debugsource-20220809-13.101.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): ucode-intel-20220809-13.101.1 ucode-intel-debuginfo-20220809-13.101.1 ucode-intel-debugsource-20220809-13.101.1 References: https://www.suse.com/security/cve/CVE-2022-21233.html https://bugzilla.suse.com/1201727 From sle-updates at lists.suse.com Thu Aug 18 10:17:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 12:17:01 +0200 (CEST) Subject: SUSE-SU-2022:2837-1: important: Security update for bluez Message-ID: <20220818101701.2EACAFF0F@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2837-1 Rating: important References: #1194704 Cross-References: CVE-2022-0204 CVSS scores: CVE-2022-0204 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0204 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bluez fixes the following issues: - CVE-2022-0204: Fixed a buffer overflow in the implementation of the gatt protocol (bsc#1194704). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2837=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2837=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2837=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2837=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2837=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2837=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2837=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2837=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2837=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2837=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 - SUSE CaaS Platform 4.0 (x86_64): bluez-5.48-150000.5.31.1 bluez-debuginfo-5.48-150000.5.31.1 bluez-debugsource-5.48-150000.5.31.1 bluez-devel-5.48-150000.5.31.1 libbluetooth3-5.48-150000.5.31.1 libbluetooth3-debuginfo-5.48-150000.5.31.1 References: https://www.suse.com/security/cve/CVE-2022-0204.html https://bugzilla.suse.com/1194704 From sle-updates at lists.suse.com Thu Aug 18 10:17:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 12:17:49 +0200 (CEST) Subject: SUSE-SU-2022:2839-1: important: Security update for podman Message-ID: <20220818101749.B759EFF0F@maintenance.suse.de> SUSE Security Update: Security update for podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2839-1 Rating: important References: #1182428 #1196338 #1197284 Cross-References: CVE-2022-1227 CVE-2022-21698 CVE-2022-27191 CVSS scores: CVE-2022-1227 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1227 (SUSE): 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for podman fixes the following issues: Updated to version 3.4.7: - CVE-2022-1227: Fixed an issue that could allow an attacker to publish a malicious image to a public registry and run arbitrary code in the victim's context via the 'podman top' command (bsc#1182428). - CVE-2022-27191: Fixed a potential crash via SSH under specific configurations (bsc#1197284). - CVE-2022-21698: Fixed a potential denial of service that affected servers that used Prometheus instrumentation (bsc#1196338). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2839=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-2839=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2839=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2839=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-2839=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): podman-3.4.7-150300.9.9.2 - openSUSE Leap 15.3 (noarch): podman-cni-config-3.4.7-150300.9.9.2 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): podman-3.4.7-150300.9.9.2 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): podman-cni-config-3.4.7-150300.9.9.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): podman-3.4.7-150300.9.9.2 podman-debuginfo-3.4.7-150300.9.9.2 - SUSE Linux Enterprise Micro 5.2 (noarch): podman-cni-config-3.4.7-150300.9.9.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): podman-3.4.7-150300.9.9.2 - SUSE Linux Enterprise Micro 5.1 (noarch): podman-cni-config-3.4.7-150300.9.9.2 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): podman-3.4.7-150300.9.9.2 podman-debuginfo-3.4.7-150300.9.9.2 References: https://www.suse.com/security/cve/CVE-2022-1227.html https://www.suse.com/security/cve/CVE-2022-21698.html https://www.suse.com/security/cve/CVE-2022-27191.html https://bugzilla.suse.com/1182428 https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1197284 From sle-updates at lists.suse.com Thu Aug 18 13:16:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 15:16:07 +0200 (CEST) Subject: SUSE-SU-2022:2840-1: important: Security update for the Linux Kernel Message-ID: <20220818131607.43DB4FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2840-1 Rating: important References: #1173514 #1196973 #1198829 #1200598 #1200762 #1200910 #1201251 #1201429 #1201635 #1201636 #1201930 #1201940 Cross-References: CVE-2020-15393 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2021-39713 CVE-2022-1462 CVE-2022-20166 CVE-2022-2318 CVE-2022-26365 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946 CVSS scores: CVE-2020-15393 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-15393 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-15393: CVE-2020-15393: Fixed a memory leak in usbtest_disconnect (bnc#1173514). - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2840=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.171.1 kernel-default-base-4.4.180-94.171.1 kernel-default-base-debuginfo-4.4.180-94.171.1 kernel-default-debuginfo-4.4.180-94.171.1 kernel-default-debugsource-4.4.180-94.171.1 kernel-default-devel-4.4.180-94.171.1 kernel-syms-4.4.180-94.171.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.171.1 kernel-macros-4.4.180-94.171.1 kernel-source-4.4.180-94.171.1 References: https://www.suse.com/security/cve/CVE-2020-15393.html https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1173514 https://bugzilla.suse.com/1196973 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201251 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 From sle-updates at lists.suse.com Thu Aug 18 16:16:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 18:16:42 +0200 (CEST) Subject: SUSE-SU-2022:2841-1: important: Security update for python-PyYAML Message-ID: <20220818161642.5EFC4FF0F@maintenance.suse.de> SUSE Security Update: Security update for python-PyYAML ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2841-1 Rating: important References: #1165439 #1174514 Cross-References: CVE-2020-14343 CVE-2020-1747 CVSS scores: CVE-2020-14343 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-14343 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-1747 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-1747 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution issue when parsing an untrusted YAML file with the default loader (bsc#1165439). - CVE-2020-14343: Completed the fix for CVE-2020-1747 (bsc#1174514). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2841=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2841=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-2841=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2841=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2841=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python-PyYAML-debuginfo-5.1.2-150000.3.6.1 python-PyYAML-debugsource-5.1.2-150000.3.6.1 python2-PyYAML-5.1.2-150000.3.6.1 python2-PyYAML-debuginfo-5.1.2-150000.3.6.1 python3-PyYAML-5.1.2-150000.3.6.1 python3-PyYAML-debuginfo-5.1.2-150000.3.6.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python-PyYAML-debuginfo-5.1.2-150000.3.6.1 python-PyYAML-debugsource-5.1.2-150000.3.6.1 python2-PyYAML-5.1.2-150000.3.6.1 python2-PyYAML-debuginfo-5.1.2-150000.3.6.1 python3-PyYAML-5.1.2-150000.3.6.1 python3-PyYAML-debuginfo-5.1.2-150000.3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): python3-PyYAML-5.1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python-PyYAML-debuginfo-5.1.2-150000.3.6.1 python-PyYAML-debugsource-5.1.2-150000.3.6.1 python2-PyYAML-5.1.2-150000.3.6.1 python2-PyYAML-debuginfo-5.1.2-150000.3.6.1 python3-PyYAML-5.1.2-150000.3.6.1 python3-PyYAML-debuginfo-5.1.2-150000.3.6.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python-PyYAML-debuginfo-5.1.2-150000.3.6.1 python-PyYAML-debugsource-5.1.2-150000.3.6.1 python2-PyYAML-5.1.2-150000.3.6.1 python2-PyYAML-debuginfo-5.1.2-150000.3.6.1 python3-PyYAML-5.1.2-150000.3.6.1 python3-PyYAML-debuginfo-5.1.2-150000.3.6.1 References: https://www.suse.com/security/cve/CVE-2020-14343.html https://www.suse.com/security/cve/CVE-2020-1747.html https://bugzilla.suse.com/1165439 https://bugzilla.suse.com/1174514 From sle-updates at lists.suse.com Thu Aug 18 16:17:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 18:17:30 +0200 (CEST) Subject: SUSE-RU-2022:2844-1: important: Recommended update for tar Message-ID: <20220818161730.33301FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2844-1 Rating: important References: #1202436 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2844=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2844=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2844=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2844=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2844=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2844=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.18.1 tar-debuginfo-1.34-150000.3.18.1 tar-debugsource-1.34-150000.3.18.1 tar-rmt-1.34-150000.3.18.1 tar-rmt-debuginfo-1.34-150000.3.18.1 tar-tests-1.34-150000.3.18.1 tar-tests-debuginfo-1.34-150000.3.18.1 - openSUSE Leap 15.4 (noarch): tar-backup-scripts-1.34-150000.3.18.1 tar-doc-1.34-150000.3.18.1 tar-lang-1.34-150000.3.18.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.18.1 tar-debuginfo-1.34-150000.3.18.1 tar-debugsource-1.34-150000.3.18.1 tar-rmt-1.34-150000.3.18.1 tar-rmt-debuginfo-1.34-150000.3.18.1 tar-tests-1.34-150000.3.18.1 tar-tests-debuginfo-1.34-150000.3.18.1 - openSUSE Leap 15.3 (noarch): tar-backup-scripts-1.34-150000.3.18.1 tar-doc-1.34-150000.3.18.1 tar-lang-1.34-150000.3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.18.1 tar-debuginfo-1.34-150000.3.18.1 tar-debugsource-1.34-150000.3.18.1 tar-rmt-1.34-150000.3.18.1 tar-rmt-debuginfo-1.34-150000.3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): tar-lang-1.34-150000.3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.18.1 tar-debuginfo-1.34-150000.3.18.1 tar-debugsource-1.34-150000.3.18.1 tar-rmt-1.34-150000.3.18.1 tar-rmt-debuginfo-1.34-150000.3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tar-lang-1.34-150000.3.18.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): tar-1.34-150000.3.18.1 tar-debuginfo-1.34-150000.3.18.1 tar-debugsource-1.34-150000.3.18.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): tar-1.34-150000.3.18.1 tar-debuginfo-1.34-150000.3.18.1 tar-debugsource-1.34-150000.3.18.1 References: https://bugzilla.suse.com/1202436 From sle-updates at lists.suse.com Thu Aug 18 16:18:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 18:18:08 +0200 (CEST) Subject: SUSE-SU-2022:2842-1: moderate: Security update for ucode-intel Message-ID: <20220818161808.4A67AFF0F@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2842-1 Rating: moderate References: #1201727 Cross-References: CVE-2022-21233 CVSS scores: CVE-2022-21233 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0 0657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scala ble-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2842=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): ucode-intel-20220809-3.46.1 ucode-intel-debuginfo-20220809-3.46.1 ucode-intel-debugsource-20220809-3.46.1 References: https://www.suse.com/security/cve/CVE-2022-21233.html https://bugzilla.suse.com/1201727 From sle-updates at lists.suse.com Thu Aug 18 19:16:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 21:16:10 +0200 (CEST) Subject: SUSE-SU-2022:2847-1: important: Security update for zlib Message-ID: <20220818191610.D9E29FF0F@maintenance.suse.de> SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2847-1 Rating: important References: #1202175 Cross-References: CVE-2022-37434 CVSS scores: CVE-2022-37434 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37434 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2847=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2847=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): zlib-debugsource-1.2.11-11.22.1 zlib-devel-1.2.11-11.22.1 zlib-devel-static-1.2.11-11.22.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): zlib-devel-32bit-1.2.11-11.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libz1-1.2.11-11.22.1 libz1-debuginfo-1.2.11-11.22.1 zlib-debugsource-1.2.11-11.22.1 zlib-devel-1.2.11-11.22.1 zlib-devel-static-1.2.11-11.22.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libz1-32bit-1.2.11-11.22.1 libz1-debuginfo-32bit-1.2.11-11.22.1 zlib-devel-32bit-1.2.11-11.22.1 References: https://www.suse.com/security/cve/CVE-2022-37434.html https://bugzilla.suse.com/1202175 From sle-updates at lists.suse.com Thu Aug 18 19:16:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 21:16:48 +0200 (CEST) Subject: SUSE-SU-2022:2845-1: important: Security update for zlib Message-ID: <20220818191648.17195FF0F@maintenance.suse.de> SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2845-1 Rating: important References: #1202175 Cross-References: CVE-2022-37434 CVSS scores: CVE-2022-37434 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37434 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2845=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2845=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libz1-1.2.8-12.9.1 libz1-32bit-1.2.8-12.9.1 libz1-debuginfo-1.2.8-12.9.1 libz1-debuginfo-32bit-1.2.8-12.9.1 zlib-debugsource-1.2.8-12.9.1 zlib-devel-1.2.8-12.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libz1-1.2.8-12.9.1 libz1-32bit-1.2.8-12.9.1 libz1-debuginfo-1.2.8-12.9.1 libz1-debuginfo-32bit-1.2.8-12.9.1 zlib-debugsource-1.2.8-12.9.1 zlib-devel-1.2.8-12.9.1 References: https://www.suse.com/security/cve/CVE-2022-37434.html https://bugzilla.suse.com/1202175 From sle-updates at lists.suse.com Thu Aug 18 19:17:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 18 Aug 2022 21:17:25 +0200 (CEST) Subject: SUSE-SU-2022:2846-1: important: Security update for zlib Message-ID: <20220818191725.7F228FF0F@maintenance.suse.de> SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2846-1 Rating: important References: #1202175 Cross-References: CVE-2022-37434 CVSS scores: CVE-2022-37434 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37434 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2846=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2846=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2846=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2846=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libz1-1.2.11-3.9.1 libz1-32bit-1.2.11-3.9.1 libz1-debuginfo-1.2.11-3.9.1 libz1-debuginfo-32bit-1.2.11-3.9.1 zlib-debugsource-1.2.11-3.9.1 zlib-devel-1.2.11-3.9.1 zlib-devel-32bit-1.2.11-3.9.1 zlib-devel-static-1.2.11-3.9.1 zlib-devel-static-32bit-1.2.11-3.9.1 - SUSE OpenStack Cloud 9 (x86_64): libz1-1.2.11-3.9.1 libz1-32bit-1.2.11-3.9.1 libz1-debuginfo-1.2.11-3.9.1 libz1-debuginfo-32bit-1.2.11-3.9.1 zlib-debugsource-1.2.11-3.9.1 zlib-devel-1.2.11-3.9.1 zlib-devel-32bit-1.2.11-3.9.1 zlib-devel-static-1.2.11-3.9.1 zlib-devel-static-32bit-1.2.11-3.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libz1-1.2.11-3.9.1 libz1-debuginfo-1.2.11-3.9.1 zlib-debugsource-1.2.11-3.9.1 zlib-devel-1.2.11-3.9.1 zlib-devel-static-1.2.11-3.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libz1-32bit-1.2.11-3.9.1 libz1-debuginfo-32bit-1.2.11-3.9.1 zlib-devel-32bit-1.2.11-3.9.1 zlib-devel-static-32bit-1.2.11-3.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libz1-1.2.11-3.9.1 libz1-debuginfo-1.2.11-3.9.1 zlib-debugsource-1.2.11-3.9.1 zlib-devel-1.2.11-3.9.1 zlib-devel-static-1.2.11-3.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libz1-32bit-1.2.11-3.9.1 libz1-debuginfo-32bit-1.2.11-3.9.1 zlib-devel-32bit-1.2.11-3.9.1 zlib-devel-static-32bit-1.2.11-3.9.1 References: https://www.suse.com/security/cve/CVE-2022-37434.html https://bugzilla.suse.com/1202175 From sle-updates at lists.suse.com Fri Aug 19 07:16:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 09:16:25 +0200 (CEST) Subject: SUSE-RU-2022:2849-1: moderate: Recommended update for at Message-ID: <20220819071625.2B39CFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for at ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2849-1 Rating: moderate References: #1196219 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for at fixes the following issues: - Fixes an issue when an error "Read-only file system" appears when writing to '/dev/kmsg'. (bsc#1196219) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2849=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2849=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): at-3.2.2-150400.4.3.10 at-debuginfo-3.2.2-150400.4.3.10 at-debugsource-3.2.2-150400.4.3.10 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): at-3.2.2-150400.4.3.10 at-debuginfo-3.2.2-150400.4.3.10 at-debugsource-3.2.2-150400.4.3.10 References: https://bugzilla.suse.com/1196219 From sle-updates at lists.suse.com Fri Aug 19 07:16:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 09:16:57 +0200 (CEST) Subject: SUSE-RU-2022:2848-1: important: Recommended update for gdm Message-ID: <20220819071657.47BF4FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2848-1 Rating: important References: #1200323 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gdm fixes the following issues: - Disable Wayland on aspeed chipsets because of performance issues (bsc#1200323) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2848=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2848=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gdm-41.3-150400.4.3.1 gdm-debuginfo-41.3-150400.4.3.1 gdm-debugsource-41.3-150400.4.3.1 gdm-devel-41.3-150400.4.3.1 libgdm1-41.3-150400.4.3.1 libgdm1-debuginfo-41.3-150400.4.3.1 typelib-1_0-Gdm-1_0-41.3-150400.4.3.1 - openSUSE Leap 15.4 (noarch): gdm-branding-upstream-41.3-150400.4.3.1 gdm-lang-41.3-150400.4.3.1 gdm-schema-41.3-150400.4.3.1 gdm-systemd-41.3-150400.4.3.1 gdmflexiserver-41.3-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gdm-41.3-150400.4.3.1 gdm-debuginfo-41.3-150400.4.3.1 gdm-debugsource-41.3-150400.4.3.1 gdm-devel-41.3-150400.4.3.1 libgdm1-41.3-150400.4.3.1 libgdm1-debuginfo-41.3-150400.4.3.1 typelib-1_0-Gdm-1_0-41.3-150400.4.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): gdm-lang-41.3-150400.4.3.1 gdm-schema-41.3-150400.4.3.1 gdm-systemd-41.3-150400.4.3.1 gdmflexiserver-41.3-150400.4.3.1 References: https://bugzilla.suse.com/1200323 From sle-updates at lists.suse.com Fri Aug 19 07:18:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 09:18:18 +0200 (CEST) Subject: SUSE-CU-2022:1862-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20220819071818.EB3A4FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1862-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-4.2.11 , suse/sle-micro/5.3/toolbox:latest Container Release : 4.2.11 Severity : important Type : recommended References : 1202436 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) The following package changes have been done: - tar-1.34-150000.3.18.1 updated From sle-updates at lists.suse.com Fri Aug 19 07:30:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 09:30:28 +0200 (CEST) Subject: SUSE-CU-2022:1863-1: Security update of suse/sles12sp4 Message-ID: <20220819073028.79E91FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1863-1 Container Tags : suse/sles12sp4:26.490 , suse/sles12sp4:latest Container Release : 26.490 Severity : important Type : security References : 1202175 CVE-2022-37434 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2846-1 Released: Thu Aug 18 16:30:17 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). The following package changes have been done: - base-container-licenses-3.0-1.308 updated - libz1-1.2.11-3.9.1 updated From sle-updates at lists.suse.com Fri Aug 19 07:40:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 09:40:59 +0200 (CEST) Subject: SUSE-CU-2022:1864-1: Security update of suse/sles12sp5 Message-ID: <20220819074059.B26A7FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1864-1 Container Tags : suse/sles12sp5:6.5.362 , suse/sles12sp5:latest Container Release : 6.5.362 Severity : important Type : security References : 1202175 CVE-2022-37434 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2847-1 Released: Thu Aug 18 16:30:39 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). The following package changes have been done: - libz1-1.2.11-11.22.1 updated From sle-updates at lists.suse.com Fri Aug 19 08:00:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 10:00:43 +0200 (CEST) Subject: SUSE-CU-2022:1875-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20220819080043.0C657FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1875-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.80 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.80 Severity : important Type : recommended References : 1202436 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) The following package changes have been done: - tar-1.34-150000.3.18.1 updated From sle-updates at lists.suse.com Fri Aug 19 13:15:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 15:15:43 +0200 (CEST) Subject: SUSE-RU-2022:2850-1: moderate: Recommended update for rustup Message-ID: <20220819131543.AB6EEFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for rustup ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2850-1 Rating: moderate References: #1200499 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rustup fixes the following issues: - added correct provides to the obsoletes of older rust subpackages, to get correct provides obsoletes pairs and allow better transition between RPMs. (bsc#1200499) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2850=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2850=1 Package List: - openSUSE Leap 15.3 (aarch64 x86_64): rustup-1.24.3~git1.0a74fef5-150300.7.10.1 rustup-debuginfo-1.24.3~git1.0a74fef5-150300.7.10.1 rustup-debugsource-1.24.3~git1.0a74fef5-150300.7.10.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): rustup-1.24.3~git1.0a74fef5-150300.7.10.1 rustup-debuginfo-1.24.3~git1.0a74fef5-150300.7.10.1 rustup-debugsource-1.24.3~git1.0a74fef5-150300.7.10.1 References: https://bugzilla.suse.com/1200499 From sle-updates at lists.suse.com Fri Aug 19 13:16:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 15:16:16 +0200 (CEST) Subject: SUSE-RU-2022:2851-1: moderate: Recommended update for rustup Message-ID: <20220819131616.38E99FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for rustup ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2851-1 Rating: moderate References: #1200499 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rustup fixes the following issues: - added correct provides to the obsoletes of older rust subpackages, to get correct provides obsoletes pairs and allow better transition between RPMs. (bsc#1200499) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2851=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2851=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): rustup-1.24.3~git1.0a74fef5-150400.3.4.1 rustup-debuginfo-1.24.3~git1.0a74fef5-150400.3.4.1 rustup-debugsource-1.24.3~git1.0a74fef5-150400.3.4.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): rustup-1.24.3~git1.0a74fef5-150400.3.4.1 rustup-debuginfo-1.24.3~git1.0a74fef5-150400.3.4.1 rustup-debugsource-1.24.3~git1.0a74fef5-150400.3.4.1 References: https://bugzilla.suse.com/1200499 From sle-updates at lists.suse.com Fri Aug 19 19:16:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 21:16:27 +0200 (CEST) Subject: SUSE-RU-2022:2852-1: moderate: Recommended update for SLES12-SP4-SLES15-Migration and suse-migration-sle15-activation Message-ID: <20220819191627.6C33AFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for SLES12-SP4-SLES15-Migration and suse-migration-sle15-activation ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2852-1 Rating: moderate References: #1199028 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for SLES12-SP4-SLES15-Migration and suse-migration-sle15-activation fixes the following issues: SLES12-SP4-SLES15-Migration: - Refreshed the migration image with the latest changes to suse-migration-sle15-activation suse-migration-sle15-activation: - Add an EnvironmentFile to 'suse-migration-prepare.service'. (bsc#1199028) - Enable prechecks for SLES15-Migration Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2852=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (x86_64): SLES15-Migration-2.0.33-6 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): suse-migration-pre-checks-2.0.33-6.6.1 suse-migration-sle15-activation-2.0.33-6.30.4 References: https://bugzilla.suse.com/1199028 From sle-updates at lists.suse.com Fri Aug 19 19:17:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 21:17:00 +0200 (CEST) Subject: SUSE-SU-2022:2854-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Message-ID: <20220819191700.CD054FF18@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2854-1 Rating: important References: #1199606 #1201080 #1201222 #1201517 #1201629 #1201656 #1201657 Cross-References: CVE-2022-1679 CVE-2022-1734 CVE-2022-26490 CVE-2022-28389 CVE-2022-28390 CVE-2022-33743 CVE-2022-34918 CVSS scores: CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33743 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33743 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2854=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_22-default-4-150400.4.9.3 kernel-livepatch-5_14_21-150400_22-default-debuginfo-4-150400.4.9.3 kernel-livepatch-SLE15-SP4_Update_0-debugsource-4-150400.4.9.3 References: https://www.suse.com/security/cve/CVE-2022-1679.html https://www.suse.com/security/cve/CVE-2022-1734.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-33743.html https://www.suse.com/security/cve/CVE-2022-34918.html https://bugzilla.suse.com/1199606 https://bugzilla.suse.com/1201080 https://bugzilla.suse.com/1201222 https://bugzilla.suse.com/1201517 https://bugzilla.suse.com/1201629 https://bugzilla.suse.com/1201656 https://bugzilla.suse.com/1201657 From sle-updates at lists.suse.com Fri Aug 19 19:18:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 21:18:11 +0200 (CEST) Subject: SUSE-RU-2022:2853-1: Recommended update for sle-module-legacy-release Message-ID: <20220819191811.F4138FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for sle-module-legacy-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2853-1 Rating: low References: #1202498 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-iniconfig provides the following fix: - Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2853=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2853=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2853=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2853=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2853=1 Package List: - openSUSE Leap 15.4 (noarch): python3-iniconfig-1.1.1-150000.1.5.1 - openSUSE Leap 15.3 (noarch): python3-iniconfig-1.1.1-150000.1.5.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-iniconfig-1.1.1-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-iniconfig-1.1.1-150000.1.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-iniconfig-1.1.1-150000.1.5.1 References: https://bugzilla.suse.com/1202498 From sle-updates at lists.suse.com Fri Aug 19 19:18:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 21:18:50 +0200 (CEST) Subject: SUSE-SU-2022:2858-1: important: Security update for rsync Message-ID: <20220819191850.7D1FDFF18@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2858-1 Rating: important References: #1201840 Cross-References: CVE-2022-29154 CVSS scores: CVE-2022-29154 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-29154 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2858=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-3.9.1 rsync-debuginfo-3.1.3-3.9.1 rsync-debugsource-3.1.3-3.9.1 References: https://www.suse.com/security/cve/CVE-2022-29154.html https://bugzilla.suse.com/1201840 From sle-updates at lists.suse.com Fri Aug 19 19:19:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 21:19:39 +0200 (CEST) Subject: SUSE-SU-2022:2856-1: important: Security update for java-1_8_0-openjdk Message-ID: <20220819191939.3AD79FF18@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2856-1 Rating: important References: #1195163 #1201684 #1201692 #1201694 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-34169 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-34169 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: - Updated to version jdk8u345 (icedtea-3.24.0) - CVE-2022-21540: Fixed a potential Java sandbox bypass (bsc#1201694). - CVE-2022-21541: Fixed a potential Java sandbox bypass (bsc#1201692). - CVE-2022-34169: Fixed an issue where arbitrary bytecode could be executed via a malicious stylesheet (bsc#1201684). - Non-security fixes: - Allowed for customization of PKCS12 keystores (bsc#1195163). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2856=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2856=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2856=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2856=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2856=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2856=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2856=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2856=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2856=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2856=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2856=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2856=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2856=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2856=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2856=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2856=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-accessibility-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-src-1.8.0.345-150000.3.70.1 - openSUSE Leap 15.4 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.345-150000.3.70.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-accessibility-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-src-1.8.0.345-150000.3.70.1 - openSUSE Leap 15.3 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.345-150000.3.70.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-debugsource-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-1.8.0.345-150000.3.70.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.345-150000.3.70.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-34169.html https://bugzilla.suse.com/1195163 https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 From sle-updates at lists.suse.com Fri Aug 19 19:20:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 21:20:45 +0200 (CEST) Subject: SUSE-SU-2022:2859-1: important: Security update for rsync Message-ID: <20220819192045.48F46FF18@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2859-1 Rating: important References: #1201840 Cross-References: CVE-2022-29154 CVSS scores: CVE-2022-29154 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-29154 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2859=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2859=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2859=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2859=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2859=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2859=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): rsync-3.1.0-13.19.1 rsync-debuginfo-3.1.0-13.19.1 rsync-debugsource-3.1.0-13.19.1 - SUSE OpenStack Cloud 9 (x86_64): rsync-3.1.0-13.19.1 rsync-debuginfo-3.1.0-13.19.1 rsync-debugsource-3.1.0-13.19.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): rsync-3.1.0-13.19.1 rsync-debuginfo-3.1.0-13.19.1 rsync-debugsource-3.1.0-13.19.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): rsync-3.1.0-13.19.1 rsync-debuginfo-3.1.0-13.19.1 rsync-debugsource-3.1.0-13.19.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): rsync-3.1.0-13.19.1 rsync-debuginfo-3.1.0-13.19.1 rsync-debugsource-3.1.0-13.19.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): rsync-3.1.0-13.19.1 rsync-debuginfo-3.1.0-13.19.1 rsync-debugsource-3.1.0-13.19.1 References: https://www.suse.com/security/cve/CVE-2022-29154.html https://bugzilla.suse.com/1201840 From sle-updates at lists.suse.com Fri Aug 19 19:21:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 19 Aug 2022 21:21:38 +0200 (CEST) Subject: SUSE-SU-2022:2855-1: important: Security update for nodejs10 Message-ID: <20220819192138.3A785FF18@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2855-1 Rating: important References: #1188917 #1189368 #1191601 #1191602 #1201325 #1201326 #1201327 #1201328 Cross-References: CVE-2021-22930 CVE-2021-22940 CVE-2021-22959 CVE-2021-22960 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVSS scores: CVE-2021-22930 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22940 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-22940 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-32212 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32212 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-32214 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32214 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-32215 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32215 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2021-22930, CVE-2021-22940: Fixed two memory corruption issues during HTTP/2 stream cancellation (bsc#1188917, bsc#1189368). - CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2021-22960, CVE-2021-22959: Fixed multiple HTTP request smuggling issues in the underlying HTTP parser (bsc#1201325, bsc#1201326, bsc#1201327, bsc#1191602, bsc#1191601). - CVE-2022-32212: Fixed a DNS rebinding issue caused by improper IPv4 validation (bsc#1201328). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2855=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2855=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2855=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2855=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2855=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2855=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2855=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2855=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2855=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2855=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2855=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2855=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2855=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2855=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2855=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2855=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2855=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2855=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2855=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2855=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2855=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Manager Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Manager Proxy 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Enterprise Storage 7 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE Enterprise Storage 6 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 - SUSE CaaS Platform 4.0 (x86_64): nodejs10-10.24.1-150000.1.47.1 nodejs10-debuginfo-10.24.1-150000.1.47.1 nodejs10-debugsource-10.24.1-150000.1.47.1 nodejs10-devel-10.24.1-150000.1.47.1 npm10-10.24.1-150000.1.47.1 - SUSE CaaS Platform 4.0 (noarch): nodejs10-docs-10.24.1-150000.1.47.1 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22940.html https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2022-32212.html https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-32214.html https://www.suse.com/security/cve/CVE-2022-32215.html https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189368 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1201326 https://bugzilla.suse.com/1201327 https://bugzilla.suse.com/1201328 From sle-updates at lists.suse.com Sat Aug 20 11:39:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Aug 2022 13:39:01 +0200 (CEST) Subject: SUSE-IU-2022:1047-1: Security update of suse-sles-15-sp3-chost-byos-v20220818-x86_64-gen2 Message-ID: <20220820113901.C7901FF0F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220818-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1047-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220818-x86_64-gen2:20220818 Image Release : Severity : important Type : security References : 1027519 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1065729 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 1137373 1164384 1177461 1179195 1180814 1181658 1184339 1184924 1184970 1185762 1192449 1192761 1192764 1193629 1194013 1194550 1194708 1195157 1195463 1195504 1195775 1195916 1196125 1196224 1196696 1196850 1196901 1197362 1197570 1197684 1197754 1198020 1198043 1198197 1198255 1198507 1198627 1198732 1198828 1198924 1198976 1199042 1199235 1199247 1199482 1199487 1199489 1199657 1199734 1199948 1199965 1199966 1200170 1200217 1200263 1200278 1200343 1200442 1200549 1200556 1200571 1200599 1200600 1200604 1200605 1200608 1200619 1200622 1200657 1200692 1200802 1200806 1200807 1200809 1200810 1200813 1200816 1200820 1200821 1200822 1200825 1200828 1200829 1200855 1200925 1200964 1201050 1201080 1201143 1201147 1201149 1201160 1201171 1201177 1201193 1201222 1201225 1201394 1201469 1201490 1201492 1201493 1201495 1201496 1201560 1201640 1201644 1201664 1201672 1201673 1201676 1202436 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-20454 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-29651 CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1587 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2031 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29458 CVE-2022-29869 CVE-2022-29900 CVE-2022-29900 CVE-2022-29901 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-33745 CVE-2022-33981 CVE-2022-34903 CVE-2022-34918 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220818-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2455-1 Released: Wed Jul 20 15:29:00 2022 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1192764,1198197,1198828 This update for perl-Bootloader fixes the following issues: - fix sysconfig parsing (bsc#1198828) - grub2/install: reset error code when passing through recover code (bsc#1198197) - grub2 install: Support secure boot on powerpc (bsc#1192764, jsc#SLE-18271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2547-1 Released: Mon Jul 25 19:57:38 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1200278,1200802 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2549-1 Released: Tue Jul 26 13:58:28 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,1201644,1201664,1201672,1201673,1201676,CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2586-1 Released: Fri Jul 29 12:01:06 2022 Summary: Security update for ldb, samba Type: security Severity: important References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2599-1 Released: Fri Jul 29 16:13:17 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,1200549,1201394,1201469,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-23816,CVE-2022-23825,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364,CVE-2022-29900,CVE-2022-33745 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1195463,1196850 This update for apparmor fixes the following issues: - Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2644-1 Released: Wed Aug 3 12:34:12 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1177461,1184970 This update for dracut fixes the following issues: - Fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - Fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2678-1 Released: Fri Aug 5 04:01:19 2022 Summary: Recommended update for hwinfo Type: recommended Severity: important References: 1184339,1198043,1199948 This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) - Fix bug in determining serial console device name (bsc#1198043) - Don't rely on select() updating its timeout argument (bsc#1184339) - Fix logic around CD-ROM detection - Prevent closing of the open CD-ROM tray after read - Always read numerical 32bit serial number from EDID header. Override this with ASCII serial number from display descriptor, if available. - Display numerical 32bit serial number for monitors without serial number display descriptor - Fix timezone issue in SOURCE_DATE_EPOCH code - Recognize loongarch64 architecture - Update PCI and USB ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2801-1 Released: Fri Aug 12 16:28:11 2022 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1198976,CVE-2022-29869 This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:04 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) The following package changes have been done: - apparmor-abstractions-2.13.6-150300.3.15.1 updated - apparmor-parser-2.13.6-150300.3.15.1 updated - cifs-utils-6.9-150100.5.18.1 updated - dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 updated - elfutils-0.177-150300.11.3.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - hwinfo-21.82-150300.3.3.1 updated - kernel-default-5.3.18-150300.59.87.1 updated - libapparmor1-2.13.6-150300.3.15.1 updated - libasm1-0.177-150300.11.3.1 updated - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libldb2-2.4.3-150300.3.20.1 updated - libncurses6-6.1-150000.5.12.1 updated - libpcre2-8-0-10.31-150000.3.12.1 updated - libsystemd0-246.16-150300.7.48.1 updated - libudev1-246.16-150300.7.48.1 updated - libzypp-17.30.2-150200.39.1 updated - logrotate-3.13.0-150000.4.7.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - perl-Bootloader-0.939-150300.3.6.1 updated - python3-apipkg-1.4-150000.3.2.1 added - python3-iniconfig-1.1.1-150000.1.3.1 added - python3-py-1.10.0-150000.5.9.2 updated - samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - systemd-sysvinit-246.16-150300.7.48.1 updated - systemd-246.16-150300.7.48.1 updated - tar-1.34-150000.3.18.1 updated - terminfo-base-6.1-150000.5.12.1 updated - terminfo-6.1-150000.5.12.1 updated - udev-246.16-150300.7.48.1 updated - xen-libs-4.14.5_04-150300.3.32.1 updated - zypper-1.14.53-150200.33.1 updated From sle-updates at lists.suse.com Sat Aug 20 11:42:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Aug 2022 13:42:09 +0200 (CEST) Subject: SUSE-IU-2022:1048-1: Security update of suse-sles-15-sp3-chost-byos-v20220818-hvm-ssd-x86_64 Message-ID: <20220820114209.036D4FF0F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220818-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1048-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220818-hvm-ssd-x86_64:20220818 Image Release : Severity : important Type : security References : 1027519 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1065729 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 1137373 1164384 1177461 1179195 1180814 1181658 1184339 1184924 1184970 1185762 1192449 1192761 1192764 1193629 1194013 1194550 1194708 1195157 1195463 1195504 1195775 1195916 1196125 1196224 1196696 1196850 1196901 1197362 1197570 1197684 1197754 1198020 1198043 1198197 1198255 1198507 1198627 1198732 1198828 1198924 1198976 1199042 1199235 1199247 1199482 1199487 1199489 1199657 1199734 1199948 1199965 1199966 1200170 1200217 1200263 1200278 1200343 1200442 1200549 1200556 1200571 1200599 1200600 1200604 1200605 1200608 1200619 1200622 1200657 1200692 1200802 1200806 1200807 1200809 1200810 1200813 1200816 1200820 1200821 1200822 1200825 1200828 1200829 1200855 1200925 1200964 1201050 1201080 1201143 1201147 1201149 1201160 1201171 1201177 1201193 1201222 1201225 1201394 1201469 1201490 1201492 1201493 1201495 1201496 1201560 1201640 1201644 1201664 1201672 1201673 1201676 1202436 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-20454 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2020-29651 CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1587 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2031 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29458 CVE-2022-29869 CVE-2022-29900 CVE-2022-29900 CVE-2022-29901 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-33745 CVE-2022-33981 CVE-2022-34903 CVE-2022-34918 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220818-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2455-1 Released: Wed Jul 20 15:29:00 2022 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1192764,1198197,1198828 This update for perl-Bootloader fixes the following issues: - fix sysconfig parsing (bsc#1198828) - grub2/install: reset error code when passing through recover code (bsc#1198197) - grub2 install: Support secure boot on powerpc (bsc#1192764, jsc#SLE-18271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2547-1 Released: Mon Jul 25 19:57:38 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1200278,1200802 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2549-1 Released: Tue Jul 26 13:58:28 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,1201644,1201664,1201672,1201673,1201676,CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2586-1 Released: Fri Jul 29 12:01:06 2022 Summary: Security update for ldb, samba Type: security Severity: important References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2599-1 Released: Fri Jul 29 16:13:17 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,1200549,1201394,1201469,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-23816,CVE-2022-23825,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364,CVE-2022-29900,CVE-2022-33745 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1195463,1196850 This update for apparmor fixes the following issues: - Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2644-1 Released: Wed Aug 3 12:34:12 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1177461,1184970 This update for dracut fixes the following issues: - Fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - Fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2678-1 Released: Fri Aug 5 04:01:19 2022 Summary: Recommended update for hwinfo Type: recommended Severity: important References: 1184339,1198043,1199948 This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) - Fix bug in determining serial console device name (bsc#1198043) - Don't rely on select() updating its timeout argument (bsc#1184339) - Fix logic around CD-ROM detection - Prevent closing of the open CD-ROM tray after read - Always read numerical 32bit serial number from EDID header. Override this with ASCII serial number from display descriptor, if available. - Display numerical 32bit serial number for monitors without serial number display descriptor - Fix timezone issue in SOURCE_DATE_EPOCH code - Recognize loongarch64 architecture - Update PCI and USB ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2801-1 Released: Fri Aug 12 16:28:11 2022 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1198976,CVE-2022-29869 This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:04 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) The following package changes have been done: - apparmor-abstractions-2.13.6-150300.3.15.1 updated - apparmor-parser-2.13.6-150300.3.15.1 updated - cifs-utils-6.9-150100.5.18.1 updated - dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 updated - elfutils-0.177-150300.11.3.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - hwinfo-21.82-150300.3.3.1 updated - kernel-default-5.3.18-150300.59.87.1 updated - libapparmor1-2.13.6-150300.3.15.1 updated - libasm1-0.177-150300.11.3.1 updated - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libldb2-2.4.3-150300.3.20.1 updated - libncurses6-6.1-150000.5.12.1 updated - libpcre2-8-0-10.31-150000.3.12.1 updated - libsystemd0-246.16-150300.7.48.1 updated - libudev1-246.16-150300.7.48.1 updated - libzypp-17.30.2-150200.39.1 updated - logrotate-3.13.0-150000.4.7.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - perl-Bootloader-0.939-150300.3.6.1 updated - python3-apipkg-1.4-150000.3.2.1 added - python3-iniconfig-1.1.1-150000.1.3.1 added - python3-py-1.10.0-150000.5.9.2 updated - samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - systemd-sysvinit-246.16-150300.7.48.1 updated - systemd-246.16-150300.7.48.1 updated - tar-1.34-150000.3.18.1 updated - terminfo-base-6.1-150000.5.12.1 updated - terminfo-6.1-150000.5.12.1 updated - udev-246.16-150300.7.48.1 updated - xen-libs-4.14.5_04-150300.3.32.1 updated - xen-tools-domU-4.14.5_04-150300.3.32.1 updated - zypper-1.14.53-150200.33.1 updated From sle-updates at lists.suse.com Sat Aug 20 11:44:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 20 Aug 2022 13:44:47 +0200 (CEST) Subject: SUSE-IU-2022:1049-1: Security update of sles-15-sp3-chost-byos-v20220818-x86-64 Message-ID: <20220820114447.E925CFF0F@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20220818-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1049-1 Image Tags : sles-15-sp3-chost-byos-v20220818-x86-64:20220818 Image Release : Severity : important Type : security References : 1027519 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1065729 1082318 1104264 1106390 1107066 1107067 1111973 1112723 1112726 1123685 1125007 1137373 1164384 1177461 1179195 1180814 1181658 1184339 1184924 1184970 1185762 1192449 1192761 1192764 1193629 1194013 1194550 1194708 1195157 1195463 1195504 1195775 1196125 1196224 1196850 1196901 1197362 1197570 1197684 1197754 1198020 1198043 1198197 1198255 1198507 1198627 1198732 1198828 1198924 1198976 1199042 1199235 1199247 1199482 1199487 1199489 1199657 1199734 1199948 1199965 1199966 1200170 1200217 1200263 1200278 1200343 1200442 1200549 1200556 1200571 1200599 1200600 1200604 1200605 1200608 1200619 1200622 1200657 1200692 1200802 1200806 1200807 1200809 1200810 1200813 1200816 1200820 1200821 1200822 1200825 1200828 1200829 1200855 1200925 1200964 1201050 1201080 1201143 1201147 1201149 1201160 1201171 1201177 1201193 1201222 1201225 1201394 1201469 1201490 1201492 1201493 1201495 1201496 1201560 1201640 1201644 1201664 1201672 1201673 1201676 1202436 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-20454 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-26341 CVE-2021-4157 CVE-2022-1012 CVE-2022-1587 CVE-2022-1679 CVE-2022-20132 CVE-2022-20141 CVE-2022-20154 CVE-2022-2031 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-29458 CVE-2022-29869 CVE-2022-29900 CVE-2022-29900 CVE-2022-29901 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-33745 CVE-2022-33981 CVE-2022-34903 CVE-2022-34918 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20220818-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2455-1 Released: Wed Jul 20 15:29:00 2022 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1192764,1198197,1198828 This update for perl-Bootloader fixes the following issues: - fix sysconfig parsing (bsc#1198828) - grub2/install: reset error code when passing through recover code (bsc#1198197) - grub2 install: Support secure boot on powerpc (bsc#1192764, jsc#SLE-18271) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2470-1 Released: Thu Jul 21 04:40:14 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170 This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - Call pam_loginuid when creating user at .service (bsc#1198507) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit - Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed' - basic/env-util: (mostly) follow POSIX for what variable names are allowed - basic/env-util: make function shorter - basic/escape: add mode where empty arguments are still shown as '' - basic/escape: always escape newlines in shell_escape() - basic/escape: escape control characters, but not utf-8, in shell quoting - basic/escape: use consistent location for '*' in function declarations - basic/string-util: inline iterator variable declarations - basic/string-util: simplify how str_realloc() is used - basic/string-util: split out helper function - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition - string-util: explicitly cast character to unsigned - string-util: fix build error on aarch64 - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2547-1 Released: Mon Jul 25 19:57:38 2022 Summary: Security update for logrotate Type: security Severity: important References: 1192449,1200278,1200802 This update for logrotate fixes the following issues: Security issues fixed: - Improved coredump handing for SUID binaries (bsc#1192449). Non-security issues fixed: - Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2549-1 Released: Tue Jul 26 13:58:28 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1179195,1180814,1184924,1185762,1192761,1193629,1194013,1195504,1195775,1196901,1197362,1197754,1198020,1198924,1199482,1199487,1199489,1199657,1200217,1200263,1200343,1200442,1200571,1200599,1200600,1200604,1200605,1200608,1200619,1200622,1200692,1200806,1200807,1200809,1200810,1200813,1200816,1200820,1200821,1200822,1200825,1200828,1200829,1200925,1201050,1201080,1201143,1201147,1201149,1201160,1201171,1201177,1201193,1201222,1201644,1201664,1201672,1201673,1201676,CVE-2021-26341,CVE-2021-4157,CVE-2022-1012,CVE-2022-1679,CVE-2022-20132,CVE-2022-20141,CVE-2022-20154,CVE-2022-29900,CVE-2022-29901,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619). - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604). - CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). The following non-security bugs were fixed: - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes) - arm64: ftrace: fix branch range checks (git-fixes) - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bio: fix page leak bio_add_hw_page failure (git-fixes). - blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762) - blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes). - block: advance iov_iter on bio_add_hw_page failure (git-fixes). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762). - block: Fix kABI in blk-merge.c (bsc#1198020). - block/keyslot-manager: prevent crash when num_slots=1 (git-fixes). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - ceph: add some lockdep assertions around snaprealm handling (bsc#1201147). - ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217). - cifs: avoid parallel session setups on same channel (bsc#1200217). - cifs: avoid race during socket reconnect between send and recv (bsc#1200217). - cifs: call cifs_reconnect when a connection is marked (bsc#1200217). - cifs: call helper functions for marking channels for reconnect (bsc#1200217). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217). - cifs: check for smb1 in open_cached_dir() (bsc#1200217). - cifs: check reconnects for channels of active tcons too (bsc#1200217). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217). - cifs: clean up an inconsistent indenting (bsc#1200217). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217). - cifs: do not build smb1ops if legacy support is disabled (bsc#1200217). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217). - cifs: do not use tcpStatus after negotiate completes (bsc#1200217). - cifs: do not use uninitialized data in the owner/group sid (bsc#1200217). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217). - cifs: fix handlecache and multiuser (bsc#1200217). - cifs: fix hang on cifs_get_next_mid() (bsc#1200217). - cifs: fix incorrect use of list iterator after the loop (bsc#1200217). - cifs: fix minor compile warning (bsc#1200217). - cifs: fix missed refcounting of ipc tcon (bsc#1200217). - cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217). - cifs: fix potential deadlock in direct reclaim (bsc#1200217). - cifs: fix potential double free during failed mount (bsc#1200217). - cifs: fix potential race with cifsd thread (bsc#1200217). - cifs: fix set of group SID via NTSD xattrs (bsc#1200217). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217). - cifs: fix the cifs_reconnect path for DFS (bsc#1200217). - cifs: fix the connection state transitions with multichannel (bsc#1200217). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217). - cifs: fix workstation_name for multiuser mounts (bsc#1200217). - cifs: force new session setup and tcon for dfs (bsc#1200217). - cifs: free ntlmsspblob allocated in negotiate (bsc#1200217). - cifs: ignore resource_id while getting fscache super cookie (bsc#1200217). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217). - cifs: make status checks in version independent callers (bsc#1200217). - cifs: mark sessions for reconnection in helper function (bsc#1200217). - cifs: modefromsids must add an ACE for authenticated users (bsc#1200217). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217). - cifs: move superblock magic defitions to magic.h (bsc#1200217). - cifs: potential buffer overflow in handling symlinks (bsc#1200217). - cifs: print TIDs as hex (bsc#1200217). - cifs: protect all accesses to chan_* with chan_lock (bsc#1200217). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217). - cifs: reconnect only the connection and not smb session where possible (bsc#1200217). - cifs: release cached dentries only if mount is complete (bsc#1200217). - cifs: remove check of list iterator against head past the loop body (bsc#1200217). - cifs: remove redundant assignment to pointer p (bsc#1200217). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217). - cifs: remove repeated state change in dfs tree connect (bsc#1200217). - cifs: remove unused variable ses_selected (bsc#1200217). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217). - cifs: return the more nuanced writeback error on close() (bsc#1200217). - cifs: sanitize multiple delimiters in prepath (bsc#1200217). - cifs: serialize all mount attempts (bsc#1200217). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217). - cifs: skip trailing separators of prefix paths (bsc#1200217). - cifs: smbd: fix typo in comment (bsc#1200217). - cifs: Split the smb3_add_credits tracepoint (bsc#1200217). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217). - cifs: track individual channel status using chans_need_reconnect (bsc#1200217). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217). - cifs: update internal module number (bsc#1193629). - cifs: update internal module number (bsc#1200217). - cifs: update tcpStatus during negotiate and sess setup (bsc#1200217). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217). - cifs: use correct lock type in cifs_reconnect() (bsc#1200217). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217). - cifs: use new enum for ses_status (bsc#1200217). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217). - cifs: wait for tcon resource_id before getting fscache super (bsc#1200217). - cifs: we do not need a spinlock around the tree access during umount (bsc#1200217). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - exec: Force single empty string when argv is empty (bsc#1200571). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gtp: use icmp_ndo_send helper (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - iomap: iomap_write_failed fix (bsc#1200829). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI fix of sysctl_run_estimation (git-fixes). - kabi: nvme workaround header include (bsc#1201193). - kabi/severities: ignore KABI for NVMe target (bsc#1192761) - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - move devm_allocate to end of structure for kABI (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: lantiq: Add locking for TX DMA channel (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: stmmac: reset Tx desc base address before restarting Tx (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nvdimm: Fix firmware activation deadlock scenarios (git-fixes). - nvdimm/region: Fix default alignment for small regions (git-fixes). - nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761). - nvme: Add connect option 'discovery' (bsc#1192761). - nvme: add new discovery log page entry definitions (bsc#1192761). - nvme: display correct subsystem NQN (bsc#1192761). - nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761). - nvme: kabi fix nvme subsystype change (bsc#1192761) - nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761). - nvmet: add nvmet_req_subsys() helper (bsc#1192761). - nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes). - nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761). - nvmet: fix freeing unallocated p2pmem (git-fixes). - nvmet: make discovery NQN configurable (bsc#1192761). - nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes). - nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes). - nvmet: register discovery subsystem as 'current' (bsc#1192761). - nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761). - nvmet: switch check for subsystem type (bsc#1192761). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - random: Add and use pr_fmt() (bsc#1184924). - random: remove unnecessary unlikely() (bsc#1184924). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes). - scsi: core: Show SCMD_LAST in text form (git-fixes). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes). - scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes). - scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes). - scsi: sd: Signal drive managed SMR disks (git-fixes). - scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes). - scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes). - scsi: sd_zbc: Improve zone revalidation (git-fixes). - scsi: sd_zbc: Remove unused inline functions (git-fixes). - scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes). - scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622). - smb3: add mount parm nosparse (bsc#1200217). - smb3: add trace point for lease not found issue (bsc#1200217). - smb3: add trace point for oplock not found (bsc#1200217). - smb3: check for null tcon (bsc#1200217). - smb3: cleanup and clarify status of tree connections (bsc#1200217). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). - smb3: fix snapshot mount option (bsc#1200217). - smb3 improve error message when mount options conflict with posix (bsc#1200217). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). - smb3: move more common protocol header definitions to smbfs_common (bsc#1200217). - smb3: send NTLMSSP version information (bsc#1200217). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - spi: Fix use-after-free with devm_spi_alloc_* (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - sunvnet: use icmp_ndo_send helper (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - vmxnet3: fix minimum vectors alloc issue (bsc#1199489). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - xhci: Add reset resume quirk for AMD xhci controller (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2572-1 Released: Thu Jul 28 04:22:33 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2586-1 Released: Fri Jul 29 12:01:06 2022 Summary: Security update for ldb, samba Type: security Severity: important References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2599-1 Released: Fri Jul 29 16:13:17 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,1200549,1201394,1201469,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-23816,CVE-2022-23825,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364,CVE-2022-29900,CVE-2022-33745 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2614-1 Released: Mon Aug 1 10:41:04 2022 Summary: Security update for dwarves and elfutils Type: security Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665 This update for dwarves and elfutils fixes the following issues: elfutils was updated to version 0.177 (jsc#SLE-24501): - elfclassify: New tool to analyze ELF objects. - readelf: Print DW_AT_data_member_location as decimal offset. Decode DW_AT_discr_list block attributes. - libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias. - libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only returns NULL when there is an error reading or decompressing a file. If the file is not an ELF file an ELF handle of type ELF_K_NONE is returned. - backends: Add support for C-SKY. Update to version 0.176: - build: Add new --enable-install-elfh option. Do NOT use this for system installs (it overrides glibc elf.h). - backends: riscv improved core file and return value location support. - Fixes: - CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007) Update to version 0.175: - readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU Property, NT_VERSION and GNU Build Attribute ELF Notes. - strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only option. Handle relocations against GNU compressed sections. - libdwelf: New function dwelf_elf_begin. - libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726) Update to version 0.174: - libelf, libdw and all tools now handle extended shnum and shstrndx correctly. - elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits (suid) on rewrite. - strip: Handle mixed (out of order) allocated/non-allocated sections. - unstrip: Handle SHT_GROUP sections. - backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. - Fixes: - CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf - CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067) - CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) Update to version 0.173: - More fixes for crashes and hangs found by afl-fuzz. In particular various functions now detect and break infinite loops caused by bad DIE tree cycles. - readelf: Will now lookup the size and signedness of constant value types to display them correctly (and not just how they were encoded). - libdw: New function dwarf_next_lines to read CU-less .debug_line data. dwarf_begin_elf now accepts ELF files containing just .debug_line or .debug_frame sections (which can be read without needing a DIE tree from the .debug_info section). Removed dwarf_getscn_info, which was never implemented. - backends: Handle BPF simple relocations. The RISCV backends now handles ABI specific CFI and knows about RISCV register types and names. Update to version 0.172: - Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data. Thanks to running the afl fuzzer on eu-readelf and various testcases. Update to version 0.171: - DWARF5 and split dwarf, including GNU DebugFission, are supported now. Data can be read from the new DWARF sections .debug_addr, .debug_line_str, .debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of the existing .debug sections. Also in split DWARF .dwo (DWARF object) files. This support is mostly handled by existing functions (dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.) now returning the data from the new sections and data formats. But some new functions have been added to more easily get information about skeleton and split compile units (dwarf_get_units and dwarf_cu_info), handle new attribute data (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies that might come from different sections or files (dwarf_die_addr_die). - Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary) files, the .debug_names index, the .debug_cu_index and .debug_tu_index sections. Only a single .debug_info (and .debug_types) section are currently handled. - readelf: Handle all new DWARF5 sections. --debug-dump=info+ will show split unit DIEs when found. --dwarf-skeleton can be used when inspecting a .dwo file. Recognizes GNU locviews with --debug-dump=loc. - libdw: New functions dwarf_die_addr_die, dwarf_get_units, dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to resolve the alt file on first use of an alt attribute FORM when not set yet with dwarf_set_alt. dwarf_aggregate_size() now works with multi-dimensional arrays. - libdwfl: Use process_vm_readv when available instead of ptrace. backends: Add a RISC-V backend. There were various improvements to build on Windows. The sha1 and md5 implementations have been removed, they weren't used. Update to version 0.170: - libdw: Added new DWARF5 attribute, tag, character encoding, language code, calling convention, defaulted member function and macro constants to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file. dwarf_peel_type now handles DWARF5 immutable, packed and shared tags. dwarf_getmacros now handles DWARF5 .debug_macro sections. - strip: Add -R, --remove-section=SECTION and --keep-section=SECTION. - backends: The bpf disassembler is now always build on all platforms. Update to version 0.169: - backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. - translations: Update Polish translation. - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088) - CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084) - CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085) - CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090) - CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089) - Don't make elfutils recommend elfutils-lang as elfutils-lang already supplements elfutils. dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2628-1 Released: Tue Aug 2 12:21:23 2022 Summary: Recommended update for apparmor Type: recommended Severity: important References: 1195463,1196850 This update for apparmor fixes the following issues: - Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850) - Add new rule to allow reading of openssl.cnf (bsc#1195463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2644-1 Released: Wed Aug 3 12:34:12 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1177461,1184970 This update for dracut fixes the following issues: - Fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - Fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2649-1 Released: Wed Aug 3 15:06:21 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384). - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2678-1 Released: Fri Aug 5 04:01:19 2022 Summary: Recommended update for hwinfo Type: recommended Severity: important References: 1184339,1198043,1199948 This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) - Fix bug in determining serial console device name (bsc#1198043) - Don't rely on select() updating its timeout argument (bsc#1184339) - Fix logic around CD-ROM detection - Prevent closing of the open CD-ROM tray after read - Always read numerical 32bit serial number from EDID header. Override this with ASCII serial number from display descriptor, if available. - Display numerical 32bit serial number for monitors without serial number display descriptor - Fix timezone issue in SOURCE_DATE_EPOCH code - Recognize loongarch64 architecture - Update PCI and USB ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2801-1 Released: Fri Aug 12 16:28:11 2022 Summary: Security update for cifs-utils Type: security Severity: moderate References: 1198976,CVE-2022-29869 This update for cifs-utils fixes the following issues: - CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) The following package changes have been done: - apparmor-abstractions-2.13.6-150300.3.15.1 updated - apparmor-parser-2.13.6-150300.3.15.1 updated - cifs-utils-6.9-150100.5.18.1 updated - dracut-049.1+suse.238.gd8dbb075-150200.3.60.1 updated - elfutils-0.177-150300.11.3.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - hwinfo-21.82-150300.3.3.1 updated - kernel-default-5.3.18-150300.59.87.1 updated - libapparmor1-2.13.6-150300.3.15.1 updated - libasm1-0.177-150300.11.3.1 updated - libdw1-0.177-150300.11.3.1 updated - libebl-plugins-0.177-150300.11.3.1 updated - libelf1-0.177-150300.11.3.1 updated - libldb2-2.4.3-150300.3.20.1 updated - libncurses6-6.1-150000.5.12.1 updated - libpcre2-8-0-10.31-150000.3.12.1 updated - libsystemd0-246.16-150300.7.48.1 updated - libudev1-246.16-150300.7.48.1 updated - libzypp-17.30.2-150200.39.1 updated - logrotate-3.13.0-150000.4.7.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - perl-Bootloader-0.939-150300.3.6.1 updated - samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 updated - systemd-sysvinit-246.16-150300.7.48.1 updated - systemd-246.16-150300.7.48.1 updated - tar-1.34-150000.3.18.1 updated - terminfo-base-6.1-150000.5.12.1 updated - terminfo-6.1-150000.5.12.1 updated - udev-246.16-150300.7.48.1 updated - xen-libs-4.14.5_04-150300.3.32.1 updated - zypper-1.14.53-150200.33.1 updated From sle-updates at lists.suse.com Mon Aug 22 07:15:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2022 09:15:37 +0200 (CEST) Subject: SUSE-RU-2022:2860-1: moderate: Recommended update for crmsh Message-ID: <20220822071537.BDC85FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2860-1 Rating: moderate References: #1199325 #1199412 #1199634 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix 'unexpected output' error when using `crmadmin -S` (bsc#1199412) - Stop and disable csync2.socket on removed node (bsc#1199325) - crm report: use sudo when under non root and hacluster user (bsc#1199634) - crm report: put info/warning/debug messages into stdout Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2860=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2860=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2860=1 Package List: - openSUSE Leap 15.3 (noarch): crmsh-4.3.1+20220610.733357e2-150200.5.83.1 crmsh-scripts-4.3.1+20220610.733357e2-150200.5.83.1 crmsh-test-4.3.1+20220610.733357e2-150200.5.83.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): crmsh-4.3.1+20220610.733357e2-150200.5.83.1 crmsh-scripts-4.3.1+20220610.733357e2-150200.5.83.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.3.1+20220610.733357e2-150200.5.83.1 crmsh-scripts-4.3.1+20220610.733357e2-150200.5.83.1 References: https://bugzilla.suse.com/1199325 https://bugzilla.suse.com/1199412 https://bugzilla.suse.com/1199634 From sle-updates at lists.suse.com Mon Aug 22 13:15:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2022 15:15:57 +0200 (CEST) Subject: SUSE-SU-2022:2861-1: important: Security update for open-iscsi Message-ID: <20220822131557.612C4FF0F@maintenance.suse.de> SUSE Security Update: Security update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2861-1 Rating: important References: #1058463 #1109477 #1179908 Cross-References: CVE-2020-17437 CVSS scores: CVE-2020-17437 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2020-17437 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for open-iscsi fixes the following issues: - CVE-2020-17437: Fixed an out of bounds memory access when the TCP urgent flag is set. (bsc#1179908). Non-security fixes: - Fix an issue with ARP booting when using different subnets (bsc#1058463). - Allow target discovery using "db" mode (bsc#1109477). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2861=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): iscsiuio-0.7.8.2-46.17.2 iscsiuio-debuginfo-0.7.8.2-46.17.2 open-iscsi-2.0.873-46.17.2 open-iscsi-debuginfo-2.0.873-46.17.2 open-iscsi-debugsource-2.0.873-46.17.2 open-isns-0.95-46.17.2 open-isns-debuginfo-0.95-46.17.2 References: https://www.suse.com/security/cve/CVE-2020-17437.html https://bugzilla.suse.com/1058463 https://bugzilla.suse.com/1109477 https://bugzilla.suse.com/1179908 From sle-updates at lists.suse.com Mon Aug 22 16:16:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2022 18:16:40 +0200 (CEST) Subject: SUSE-SU-2022:2864-1: important: Security update for bluez Message-ID: <20220822161640.0D148FF0F@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2864-1 Rating: important References: #1193227 Cross-References: CVE-2019-8922 CVSS scores: CVE-2019-8922 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-8922 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bluez fixes the following issues: - CVE-2019-8922: Fixed a buffer overflow in the implementation of the Service Discovery Protocol (bsc#1193227). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2864=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2864=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2864=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2864=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2864=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2864=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2864=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2864=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2864=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2864=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 - SUSE CaaS Platform 4.0 (x86_64): bluez-5.48-150000.5.34.1 bluez-debuginfo-5.48-150000.5.34.1 bluez-debugsource-5.48-150000.5.34.1 bluez-devel-5.48-150000.5.34.1 libbluetooth3-5.48-150000.5.34.1 libbluetooth3-debuginfo-5.48-150000.5.34.1 References: https://www.suse.com/security/cve/CVE-2019-8922.html https://bugzilla.suse.com/1193227 From sle-updates at lists.suse.com Mon Aug 22 19:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2022 21:16:06 +0200 (CEST) Subject: SUSE-SU-2022:2869-1: important: Security update for u-boot Message-ID: <20220822191606.98D73FF0F@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2869-1 Rating: important References: #1201213 Cross-References: CVE-2022-33103 CVSS scores: CVE-2022-33103 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33103 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-33103: Fixed a flaw in the squashfs subsystem that could lead to arbitrary code execution (bsc#1201213). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2869=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2869=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.10-150400.4.11.1 u-boot-tools-debuginfo-2021.10-150400.4.11.1 - openSUSE Leap 15.4 (aarch64): u-boot-avnetultra96rev1-2021.10-150400.4.11.1 u-boot-avnetultra96rev1-doc-2021.10-150400.4.11.1 u-boot-bananapim64-2021.10-150400.4.11.1 u-boot-bananapim64-doc-2021.10-150400.4.11.1 u-boot-dragonboard410c-2021.10-150400.4.11.1 u-boot-dragonboard410c-doc-2021.10-150400.4.11.1 u-boot-dragonboard820c-2021.10-150400.4.11.1 u-boot-dragonboard820c-doc-2021.10-150400.4.11.1 u-boot-evb-rk3399-2021.10-150400.4.11.1 u-boot-evb-rk3399-doc-2021.10-150400.4.11.1 u-boot-firefly-rk3399-2021.10-150400.4.11.1 u-boot-firefly-rk3399-doc-2021.10-150400.4.11.1 u-boot-geekbox-2021.10-150400.4.11.1 u-boot-geekbox-doc-2021.10-150400.4.11.1 u-boot-hikey-2021.10-150400.4.11.1 u-boot-hikey-doc-2021.10-150400.4.11.1 u-boot-khadas-vim-2021.10-150400.4.11.1 u-boot-khadas-vim-doc-2021.10-150400.4.11.1 u-boot-khadas-vim2-2021.10-150400.4.11.1 u-boot-khadas-vim2-doc-2021.10-150400.4.11.1 u-boot-libretech-ac-2021.10-150400.4.11.1 u-boot-libretech-ac-doc-2021.10-150400.4.11.1 u-boot-libretech-cc-2021.10-150400.4.11.1 u-boot-libretech-cc-doc-2021.10-150400.4.11.1 u-boot-ls1012afrdmqspi-2021.10-150400.4.11.1 u-boot-ls1012afrdmqspi-doc-2021.10-150400.4.11.1 u-boot-mvebudb-88f3720-2021.10-150400.4.11.1 u-boot-mvebudb-88f3720-doc-2021.10-150400.4.11.1 u-boot-mvebudbarmada8k-2021.10-150400.4.11.1 u-boot-mvebudbarmada8k-doc-2021.10-150400.4.11.1 u-boot-mvebuespressobin-88f3720-2021.10-150400.4.11.1 u-boot-mvebuespressobin-88f3720-doc-2021.10-150400.4.11.1 u-boot-mvebumcbin-88f8040-2021.10-150400.4.11.1 u-boot-mvebumcbin-88f8040-doc-2021.10-150400.4.11.1 u-boot-nanopia64-2021.10-150400.4.11.1 u-boot-nanopia64-doc-2021.10-150400.4.11.1 u-boot-odroid-c2-2021.10-150400.4.11.1 u-boot-odroid-c2-doc-2021.10-150400.4.11.1 u-boot-odroid-c4-2021.10-150400.4.11.1 u-boot-odroid-c4-doc-2021.10-150400.4.11.1 u-boot-odroid-n2-2021.10-150400.4.11.1 u-boot-odroid-n2-doc-2021.10-150400.4.11.1 u-boot-orangepipc2-2021.10-150400.4.11.1 u-boot-orangepipc2-doc-2021.10-150400.4.11.1 u-boot-p2371-2180-2021.10-150400.4.11.1 u-boot-p2371-2180-doc-2021.10-150400.4.11.1 u-boot-p2771-0000-500-2021.10-150400.4.11.1 u-boot-p2771-0000-500-doc-2021.10-150400.4.11.1 u-boot-p3450-0000-2021.10-150400.4.11.1 u-boot-p3450-0000-doc-2021.10-150400.4.11.1 u-boot-pine64plus-2021.10-150400.4.11.1 u-boot-pine64plus-doc-2021.10-150400.4.11.1 u-boot-pinebook-2021.10-150400.4.11.1 u-boot-pinebook-doc-2021.10-150400.4.11.1 u-boot-pinebook-pro-rk3399-2021.10-150400.4.11.1 u-boot-pinebook-pro-rk3399-doc-2021.10-150400.4.11.1 u-boot-pineh64-2021.10-150400.4.11.1 u-boot-pineh64-doc-2021.10-150400.4.11.1 u-boot-pinephone-2021.10-150400.4.11.1 u-boot-pinephone-doc-2021.10-150400.4.11.1 u-boot-poplar-2021.10-150400.4.11.1 u-boot-poplar-doc-2021.10-150400.4.11.1 u-boot-rock-pi-4-rk3399-2021.10-150400.4.11.1 u-boot-rock-pi-4-rk3399-doc-2021.10-150400.4.11.1 u-boot-rock-pi-n10-rk3399pro-2021.10-150400.4.11.1 u-boot-rock-pi-n10-rk3399pro-doc-2021.10-150400.4.11.1 u-boot-rock64-rk3328-2021.10-150400.4.11.1 u-boot-rock64-rk3328-doc-2021.10-150400.4.11.1 u-boot-rock960-rk3399-2021.10-150400.4.11.1 u-boot-rock960-rk3399-doc-2021.10-150400.4.11.1 u-boot-rockpro64-rk3399-2021.10-150400.4.11.1 u-boot-rockpro64-rk3399-doc-2021.10-150400.4.11.1 u-boot-rpi3-2021.10-150400.4.11.1 u-boot-rpi3-doc-2021.10-150400.4.11.1 u-boot-rpi4-2021.10-150400.4.11.1 u-boot-rpi4-doc-2021.10-150400.4.11.1 u-boot-rpiarm64-2021.10-150400.4.11.1 u-boot-rpiarm64-doc-2021.10-150400.4.11.1 u-boot-xilinxzynqmpvirt-2021.10-150400.4.11.1 u-boot-xilinxzynqmpvirt-doc-2021.10-150400.4.11.1 u-boot-xilinxzynqmpzcu102rev10-2021.10-150400.4.11.1 u-boot-xilinxzynqmpzcu102rev10-doc-2021.10-150400.4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.10-150400.4.11.1 u-boot-tools-debuginfo-2021.10-150400.4.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): u-boot-rpiarm64-2021.10-150400.4.11.1 u-boot-rpiarm64-doc-2021.10-150400.4.11.1 References: https://www.suse.com/security/cve/CVE-2022-33103.html https://bugzilla.suse.com/1201213 From sle-updates at lists.suse.com Mon Aug 22 19:16:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2022 21:16:44 +0200 (CEST) Subject: SUSE-SU-2022:2867-1: moderate: Security update for gimp Message-ID: <20220822191644.5AC38FF0F@maintenance.suse.de> SUSE Security Update: Security update for gimp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2867-1 Rating: moderate References: #1201192 Cross-References: CVE-2022-32990 CVSS scores: CVE-2022-32990 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-32990 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gimp fixes the following issues: - CVE-2022-32990: Fixed an unhandled exception which may lead to denial of service (bsc#1201192). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2867=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2867=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): gimp-2.8.18-9.24.1 gimp-debuginfo-2.8.18-9.24.1 gimp-debugsource-2.8.18-9.24.1 gimp-plugins-python-2.8.18-9.24.1 gimp-plugins-python-debuginfo-2.8.18-9.24.1 libgimp-2_0-0-2.8.18-9.24.1 libgimp-2_0-0-debuginfo-2.8.18-9.24.1 libgimpui-2_0-0-2.8.18-9.24.1 libgimpui-2_0-0-debuginfo-2.8.18-9.24.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): gimp-lang-2.8.18-9.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): gimp-debuginfo-2.8.18-9.24.1 gimp-debugsource-2.8.18-9.24.1 gimp-devel-2.8.18-9.24.1 gimp-devel-debuginfo-2.8.18-9.24.1 libgimp-2_0-0-2.8.18-9.24.1 libgimp-2_0-0-debuginfo-2.8.18-9.24.1 libgimpui-2_0-0-2.8.18-9.24.1 libgimpui-2_0-0-debuginfo-2.8.18-9.24.1 References: https://www.suse.com/security/cve/CVE-2022-32990.html https://bugzilla.suse.com/1201192 From sle-updates at lists.suse.com Mon Aug 22 19:17:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2022 21:17:20 +0200 (CEST) Subject: SUSE-SU-2022:2868-1: important: Security update for u-boot Message-ID: <20220822191720.2F9EFFF0F@maintenance.suse.de> SUSE Security Update: Security update for u-boot ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2868-1 Rating: important References: #1201213 Cross-References: CVE-2022-33103 CVSS scores: CVE-2022-33103 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33103 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for u-boot fixes the following issues: - CVE-2022-33103: Fixed a flaw in the squashfs subsystem that could lead to arbitrary code execution (bsc#1201213). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2868=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2868=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.18.1 u-boot-tools-debuginfo-2021.01-150300.7.18.1 - openSUSE Leap 15.3 (aarch64): u-boot-avnetultra96rev1-2021.01-150300.7.18.1 u-boot-avnetultra96rev1-doc-2021.01-150300.7.18.1 u-boot-bananapim64-2021.01-150300.7.18.1 u-boot-bananapim64-doc-2021.01-150300.7.18.1 u-boot-dragonboard410c-2021.01-150300.7.18.1 u-boot-dragonboard410c-doc-2021.01-150300.7.18.1 u-boot-dragonboard820c-2021.01-150300.7.18.1 u-boot-dragonboard820c-doc-2021.01-150300.7.18.1 u-boot-evb-rk3399-2021.01-150300.7.18.1 u-boot-evb-rk3399-doc-2021.01-150300.7.18.1 u-boot-firefly-rk3399-2021.01-150300.7.18.1 u-boot-firefly-rk3399-doc-2021.01-150300.7.18.1 u-boot-geekbox-2021.01-150300.7.18.1 u-boot-geekbox-doc-2021.01-150300.7.18.1 u-boot-hikey-2021.01-150300.7.18.1 u-boot-hikey-doc-2021.01-150300.7.18.1 u-boot-khadas-vim-2021.01-150300.7.18.1 u-boot-khadas-vim-doc-2021.01-150300.7.18.1 u-boot-khadas-vim2-2021.01-150300.7.18.1 u-boot-khadas-vim2-doc-2021.01-150300.7.18.1 u-boot-libretech-ac-2021.01-150300.7.18.1 u-boot-libretech-ac-doc-2021.01-150300.7.18.1 u-boot-libretech-cc-2021.01-150300.7.18.1 u-boot-libretech-cc-doc-2021.01-150300.7.18.1 u-boot-ls1012afrdmqspi-2021.01-150300.7.18.1 u-boot-ls1012afrdmqspi-doc-2021.01-150300.7.18.1 u-boot-mvebudb-88f3720-2021.01-150300.7.18.1 u-boot-mvebudb-88f3720-doc-2021.01-150300.7.18.1 u-boot-mvebudbarmada8k-2021.01-150300.7.18.1 u-boot-mvebudbarmada8k-doc-2021.01-150300.7.18.1 u-boot-mvebuespressobin-88f3720-2021.01-150300.7.18.1 u-boot-mvebuespressobin-88f3720-doc-2021.01-150300.7.18.1 u-boot-mvebumcbin-88f8040-2021.01-150300.7.18.1 u-boot-mvebumcbin-88f8040-doc-2021.01-150300.7.18.1 u-boot-nanopia64-2021.01-150300.7.18.1 u-boot-nanopia64-doc-2021.01-150300.7.18.1 u-boot-odroid-c2-2021.01-150300.7.18.1 u-boot-odroid-c2-doc-2021.01-150300.7.18.1 u-boot-odroid-c4-2021.01-150300.7.18.1 u-boot-odroid-c4-doc-2021.01-150300.7.18.1 u-boot-odroid-n2-2021.01-150300.7.18.1 u-boot-odroid-n2-doc-2021.01-150300.7.18.1 u-boot-orangepipc2-2021.01-150300.7.18.1 u-boot-orangepipc2-doc-2021.01-150300.7.18.1 u-boot-p2371-2180-2021.01-150300.7.18.1 u-boot-p2371-2180-doc-2021.01-150300.7.18.1 u-boot-p2771-0000-500-2021.01-150300.7.18.1 u-boot-p2771-0000-500-doc-2021.01-150300.7.18.1 u-boot-p3450-0000-2021.01-150300.7.18.1 u-boot-p3450-0000-doc-2021.01-150300.7.18.1 u-boot-pine64plus-2021.01-150300.7.18.1 u-boot-pine64plus-doc-2021.01-150300.7.18.1 u-boot-pinebook-2021.01-150300.7.18.1 u-boot-pinebook-doc-2021.01-150300.7.18.1 u-boot-pinebook-pro-rk3399-2021.01-150300.7.18.1 u-boot-pinebook-pro-rk3399-doc-2021.01-150300.7.18.1 u-boot-pineh64-2021.01-150300.7.18.1 u-boot-pineh64-doc-2021.01-150300.7.18.1 u-boot-pinephone-2021.01-150300.7.18.1 u-boot-pinephone-doc-2021.01-150300.7.18.1 u-boot-poplar-2021.01-150300.7.18.1 u-boot-poplar-doc-2021.01-150300.7.18.1 u-boot-rock-pi-4-rk3399-2021.01-150300.7.18.1 u-boot-rock-pi-4-rk3399-doc-2021.01-150300.7.18.1 u-boot-rock64-rk3328-2021.01-150300.7.18.1 u-boot-rock64-rk3328-doc-2021.01-150300.7.18.1 u-boot-rock960-rk3399-2021.01-150300.7.18.1 u-boot-rock960-rk3399-doc-2021.01-150300.7.18.1 u-boot-rockpro64-rk3399-2021.01-150300.7.18.1 u-boot-rockpro64-rk3399-doc-2021.01-150300.7.18.1 u-boot-rpi3-2021.01-150300.7.18.1 u-boot-rpi3-doc-2021.01-150300.7.18.1 u-boot-rpi4-2021.01-150300.7.18.1 u-boot-rpi4-doc-2021.01-150300.7.18.1 u-boot-rpiarm64-2021.01-150300.7.18.1 u-boot-rpiarm64-doc-2021.01-150300.7.18.1 u-boot-xilinxzynqmpvirt-2021.01-150300.7.18.1 u-boot-xilinxzynqmpvirt-doc-2021.01-150300.7.18.1 u-boot-xilinxzynqmpzcu102rev10-2021.01-150300.7.18.1 u-boot-xilinxzynqmpzcu102rev10-doc-2021.01-150300.7.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): u-boot-tools-2021.01-150300.7.18.1 u-boot-tools-debuginfo-2021.01-150300.7.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): u-boot-rpiarm64-2021.01-150300.7.18.1 u-boot-rpiarm64-doc-2021.01-150300.7.18.1 References: https://www.suse.com/security/cve/CVE-2022-33103.html https://bugzilla.suse.com/1201213 From sle-updates at lists.suse.com Mon Aug 22 19:17:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 22 Aug 2022 21:17:59 +0200 (CEST) Subject: SUSE-SU-2022:2866-1: moderate: Security update for systemd-presets-common-SUSE Message-ID: <20220822191759.215C6FF0F@maintenance.suse.de> SUSE Security Update: Security update for systemd-presets-common-SUSE ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2866-1 Rating: moderate References: #1199524 #1200485 Cross-References: CVE-2022-1706 CVSS scores: CVE-2022-1706 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1706 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter "user", the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2866=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2866=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2866=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2866=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2866=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2866=1 Package List: - openSUSE Leap 15.4 (noarch): systemd-presets-common-SUSE-15-150100.8.17.1 - openSUSE Leap 15.3 (noarch): systemd-presets-common-SUSE-15-150100.8.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-presets-common-SUSE-15-150100.8.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-presets-common-SUSE-15-150100.8.17.1 - SUSE Linux Enterprise Micro 5.2 (noarch): systemd-presets-common-SUSE-15-150100.8.17.1 - SUSE Linux Enterprise Micro 5.1 (noarch): systemd-presets-common-SUSE-15-150100.8.17.1 References: https://www.suse.com/security/cve/CVE-2022-1706.html https://bugzilla.suse.com/1199524 https://bugzilla.suse.com/1200485 From sle-updates at lists.suse.com Tue Aug 23 01:16:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 03:16:41 +0200 (CEST) Subject: SUSE-SU-2022:2870-1: moderate: Security update for rubygem-rails-html-sanitizer Message-ID: <20220823011641.34052FF0F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rails-html-sanitizer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2870-1 Rating: moderate References: #1201183 Cross-References: CVE-2022-32209 CVSS scores: CVE-2022-32209 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-32209 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-32209: Fixed a potential content injection under specific configurations (bsc#1201183). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2870=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2870=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-2870=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2870=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2870=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2870=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-2870=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 ruby2.5-rubygem-rails-html-sanitizer-doc-1.0.4-150000.4.3.1 ruby2.5-rubygem-rails-html-sanitizer-testsuite-1.0.4-150000.4.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 ruby2.5-rubygem-rails-html-sanitizer-doc-1.0.4-150000.4.3.1 ruby2.5-rubygem-rails-html-sanitizer-testsuite-1.0.4-150000.4.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-rails-html-sanitizer-1.0.4-150000.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-32209.html https://bugzilla.suse.com/1201183 From sle-updates at lists.suse.com Tue Aug 23 07:22:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 09:22:27 +0200 (CEST) Subject: SUSE-CU-2022:1876-1: Security update of bci/bci-init Message-ID: <20220823072227.B293FFF0F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1876-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.18.5 Container Release : 18.5 Severity : moderate Type : security References : 1199524 1200485 CVE-2022-1706 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) The following package changes have been done: - systemd-presets-common-SUSE-15-150100.8.17.1 updated From sle-updates at lists.suse.com Tue Aug 23 07:23:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 09:23:23 +0200 (CEST) Subject: SUSE-CU-2022:1877-1: Security update of bci/bci-init Message-ID: <20220823072323.CA951FF0F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1877-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.21.3 , bci/bci-init:latest Container Release : 21.3 Severity : moderate Type : security References : 1199524 1200485 CVE-2022-1706 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) The following package changes have been done: - systemd-presets-common-SUSE-15-150100.8.17.1 updated From sle-updates at lists.suse.com Tue Aug 23 07:24:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 09:24:21 +0200 (CEST) Subject: SUSE-CU-2022:1878-1: Security update of suse/pcp Message-ID: <20220823072421.A1CD0FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1878-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-9.9 , suse/pcp:latest Container Release : 9.9 Severity : moderate Type : security References : 1199524 1200485 CVE-2022-1706 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) The following package changes have been done: - systemd-presets-common-SUSE-15-150100.8.17.1 updated - container:bci-bci-init-15.4-15.4-21.3 updated From sle-updates at lists.suse.com Tue Aug 23 07:24:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 09:24:46 +0200 (CEST) Subject: SUSE-CU-2022:1879-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20220823072446.D2EC0FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1879-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.260 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.260 Severity : important Type : recommended References : 1200657 1202436 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) The following package changes have been done: - tar-1.34-150000.3.18.1 updated From sle-updates at lists.suse.com Tue Aug 23 07:24:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 09:24:54 +0200 (CEST) Subject: SUSE-CU-2022:1880-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20220823072454.1381FFF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1880-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.261 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.261 Severity : moderate Type : security References : 1199524 1200485 CVE-2022-1706 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) The following package changes have been done: - systemd-presets-common-SUSE-15-150100.8.17.1 updated From sle-updates at lists.suse.com Tue Aug 23 07:28:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 09:28:05 +0200 (CEST) Subject: SUSE-CU-2022:1882-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20220823072805.83B0FFF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1882-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.81 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.81 Severity : moderate Type : security References : 1199524 1200485 CVE-2022-1706 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2866-1 Released: Mon Aug 22 15:36:30 2022 Summary: Security update for systemd-presets-common-SUSE Type: security Severity: moderate References: 1199524,1200485,CVE-2022-1706 This update for systemd-presets-common-SUSE fixes the following issues: - CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524). The following non-security bugs were fixed: - Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485) - Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485) The following package changes have been done: - systemd-presets-common-SUSE-15-150100.8.17.1 updated From sle-updates at lists.suse.com Tue Aug 23 13:16:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 15:16:40 +0200 (CEST) Subject: SUSE-SU-2022:2874-1: moderate: Security update for perl-HTTP-Daemon Message-ID: <20220823131640.A697EFF0F@maintenance.suse.de> SUSE Security Update: Security update for perl-HTTP-Daemon ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2874-1 Rating: moderate References: #1201157 Cross-References: CVE-2022-31081 CVSS scores: CVE-2022-31081 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-31081 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-HTTP-Daemon fixes the following issues: - CVE-2022-31081: Fixed request smuggling in HTTP::Daemon (bsc#1201157). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2874=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2874=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2874=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2874=1 Package List: - openSUSE Leap 15.4 (noarch): perl-HTTP-Daemon-6.01-150000.3.5.1 - openSUSE Leap 15.3 (noarch): perl-HTTP-Daemon-6.01-150000.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): perl-HTTP-Daemon-6.01-150000.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): perl-HTTP-Daemon-6.01-150000.3.5.1 References: https://www.suse.com/security/cve/CVE-2022-31081.html https://bugzilla.suse.com/1201157 From sle-updates at lists.suse.com Tue Aug 23 13:17:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 15:17:15 +0200 (CEST) Subject: SUSE-SU-2022:2872-1: moderate: Security update for perl-HTTP-Daemon Message-ID: <20220823131715.8BA67FF0F@maintenance.suse.de> SUSE Security Update: Security update for perl-HTTP-Daemon ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2872-1 Rating: moderate References: #1201157 Cross-References: CVE-2022-31081 CVSS scores: CVE-2022-31081 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-31081 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for perl-HTTP-Daemon fixes the following issues: - CVE-2022-31081: Fixed request smuggling in HTTP::Daemon (bsc#1201157). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2872=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): perl-HTTP-Daemon-6.01-9.5.1 References: https://www.suse.com/security/cve/CVE-2022-31081.html https://bugzilla.suse.com/1201157 From sle-updates at lists.suse.com Tue Aug 23 13:17:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 15:17:51 +0200 (CEST) Subject: SUSE-SU-2022:2871-1: moderate: Security update for p11-kit Message-ID: <20220823131751.3A2C0FF0F@maintenance.suse.de> SUSE Security Update: Security update for p11-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2871-1 Rating: moderate References: #1180065 Cross-References: CVE-2020-29362 CVSS scores: CVE-2020-29362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-29362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread that could lead to crashes (bsc#1180065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2871=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2871=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): p11-kit-debuginfo-0.23.2-8.10.1 p11-kit-debugsource-0.23.2-8.10.1 p11-kit-devel-0.23.2-8.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libp11-kit0-0.23.2-8.10.1 libp11-kit0-debuginfo-0.23.2-8.10.1 p11-kit-0.23.2-8.10.1 p11-kit-debuginfo-0.23.2-8.10.1 p11-kit-debugsource-0.23.2-8.10.1 p11-kit-nss-trust-0.23.2-8.10.1 p11-kit-tools-0.23.2-8.10.1 p11-kit-tools-debuginfo-0.23.2-8.10.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libp11-kit0-32bit-0.23.2-8.10.1 libp11-kit0-debuginfo-32bit-0.23.2-8.10.1 p11-kit-32bit-0.23.2-8.10.1 p11-kit-debuginfo-32bit-0.23.2-8.10.1 References: https://www.suse.com/security/cve/CVE-2020-29362.html https://bugzilla.suse.com/1180065 From sle-updates at lists.suse.com Tue Aug 23 16:16:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 18:16:12 +0200 (CEST) Subject: SUSE-SU-2022:2878-1: important: Security update for python-lxml Message-ID: <20220823161612.BF1FBFF0F@maintenance.suse.de> SUSE Security Update: Security update for python-lxml ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2878-1 Rating: important References: #1201253 Cross-References: CVE-2022-2309 CVSS scores: CVE-2022-2309 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2309 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2878=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): python3-lxml-4.7.1-150100.6.6.1 python3-lxml-devel-4.7.1-150100.6.6.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): python3-lxml-doc-4.7.1-150100.6.6.1 References: https://www.suse.com/security/cve/CVE-2022-2309.html https://bugzilla.suse.com/1201253 From sle-updates at lists.suse.com Tue Aug 23 16:16:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 18:16:59 +0200 (CEST) Subject: SUSE-RU-2022:2879-1: moderate: Recommended update for scap-security-guide Message-ID: <20220823161659.EDFC7FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2879-1 Rating: moderate References: #1200122 #1200149 #1200163 ECO-3319 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.63 (jsc#ECO-3319): - multiple bugfixes in SUSE profiles - Expand project guidelines - Add Draft OCP4 STIG profile - Add anssi_bp28_intermediary profile - add products/uos20 to support UnionTech OS Server 20 - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles - Remove WRLinux Products - Update CIS RHEL8 Benchmark for v2.0.0 SUSE specific issues fixed: - stig: /etc/shadow group owner should not be root but shadow (bsc#1200149) - sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163) - SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2879=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2879=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2879=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2879=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2879=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2879=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2879=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2879=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2879=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2879=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2879=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2879=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2879=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2879=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2879=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2879=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2879=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2879=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2879=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2879=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2879=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2879=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2879=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - openSUSE Leap 15.3 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Manager Server 4.1 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Manager Retail Branch Server 4.1 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Manager Proxy 4.1 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Enterprise Storage 7 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE Enterprise Storage 6 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 - SUSE CaaS Platform 4.0 (noarch): scap-security-guide-0.1.63-150000.1.45.1 scap-security-guide-debian-0.1.63-150000.1.45.1 scap-security-guide-redhat-0.1.63-150000.1.45.1 scap-security-guide-ubuntu-0.1.63-150000.1.45.1 References: https://bugzilla.suse.com/1200122 https://bugzilla.suse.com/1200149 https://bugzilla.suse.com/1200163 From sle-updates at lists.suse.com Tue Aug 23 16:17:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 18:17:55 +0200 (CEST) Subject: SUSE-SU-2022:2877-1: important: Security update for cosign Message-ID: <20220823161755.BDEAFFF0F@maintenance.suse.de> SUSE Security Update: Security update for cosign ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2877-1 Rating: important References: #1202157 SLE-23879 Cross-References: CVE-2022-35929 CVSS scores: CVE-2022-35929 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-35929 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for cosign fixes the following issues: - Updated to 1.10.1 (jsc#SLE-23879): - CVE-2022-35929: Fixed an issue where cosign verify-attestation --type could report false positives when there was at least one attestation with a valid signature and there were no attestations of the type being verified (bsc#1202157). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2877=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2877=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cosign-1.10.1-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): cosign-1.10.1-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-35929.html https://bugzilla.suse.com/1202157 From sle-updates at lists.suse.com Tue Aug 23 16:18:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 18:18:30 +0200 (CEST) Subject: SUSE-SU-2022:2876-1: important: Security update for gfbgraph Message-ID: <20220823161830.0385AFF0F@maintenance.suse.de> SUSE Security Update: Security update for gfbgraph ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2876-1 Rating: important References: #1189850 Cross-References: CVE-2021-39358 CVSS scores: CVE-2021-39358 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-39358 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gfbgraph fixes the following issues: - CVE-2021-39358: Fixed missing TLS certificate verification (bsc#1189850). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2876=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2876=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2876=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gfbgraph-debugsource-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-debuginfo-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gfbgraph-debugsource-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-debuginfo-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): gfbgraph-debugsource-0.2.3-150000.3.5.1 gfbgraph-devel-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-0.2.3-150000.3.5.1 libgfbgraph-0_2-0-debuginfo-0.2.3-150000.3.5.1 typelib-1_0-GFBGraph-0_2-0.2.3-150000.3.5.1 References: https://www.suse.com/security/cve/CVE-2021-39358.html https://bugzilla.suse.com/1189850 From sle-updates at lists.suse.com Tue Aug 23 16:19:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 18:19:36 +0200 (CEST) Subject: SUSE-SU-2022:2875-1: important: Security update for the Linux Kernel Message-ID: <20220823161936.173B4FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2875-1 Rating: important References: #1178134 #1196616 #1198829 #1199364 #1199647 #1199665 #1199670 #1200015 #1200521 #1200598 #1200644 #1200651 #1200762 #1200910 #1201196 #1201206 #1201251 #1201381 #1201429 #1201442 #1201458 #1201635 #1201636 #1201644 #1201645 #1201664 #1201672 #1201673 #1201676 #1201846 #1201930 #1201940 #1201954 #1201956 #1201958 #1202154 SLE-24559 Cross-References: CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1116 CVE-2022-1462 CVE-2022-20166 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-2639 CVE-2022-29581 CVE-2022-32250 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946 CVSS scores: CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 18 vulnerabilities, contains one feature and has 18 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429). - CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598) - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015). - CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940). The following non-security bugs were fixed: - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676). - Fixed battery detection problem on macbooks (bnc#1201206). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - Sort in RETbleed backport into the sorted section Now that it is upstream.. - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - amd-xgbe: Update DMA coherency values (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559). - bpf: Add in-kernel split BTF support (jsc#SLE-24559). - bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559). - bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559). - bpf: Load and verify kernel module BTFs (jsc#SLE-24559). - bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559). - bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules. - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable "recalculate" feature (git-fixes). - dm integrity: fix a crash if "recalculate" used without "internal_hash" (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kabi: create module private struct to hold btf size/data (jsc#SLE-24559). - kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559). - kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559). - kbuild: add marker for build log of *.mod.o (jsc#SLE-24559). - kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559). - kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559). - kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559). - kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules. - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scripts: dummy-tools, add pahole (jsc#SLE-24559). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2875=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2875=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2875=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2875=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2875=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2875=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2875=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2875=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2875=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2875=1 Package List: - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.90.1 dtb-zte-5.3.18-150300.59.90.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.90.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.90.1 dlm-kmp-default-5.3.18-150300.59.90.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.90.1 gfs2-kmp-default-5.3.18-150300.59.90.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-5.3.18-150300.59.90.1 kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1 kernel-default-base-rebuild-5.3.18-150300.59.90.1.150300.18.52.1 kernel-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-debugsource-5.3.18-150300.59.90.1 kernel-default-devel-5.3.18-150300.59.90.1 kernel-default-devel-debuginfo-5.3.18-150300.59.90.1 kernel-default-extra-5.3.18-150300.59.90.1 kernel-default-extra-debuginfo-5.3.18-150300.59.90.1 kernel-default-livepatch-5.3.18-150300.59.90.1 kernel-default-livepatch-devel-5.3.18-150300.59.90.1 kernel-default-optional-5.3.18-150300.59.90.1 kernel-default-optional-debuginfo-5.3.18-150300.59.90.1 kernel-obs-build-5.3.18-150300.59.90.1 kernel-obs-build-debugsource-5.3.18-150300.59.90.1 kernel-obs-qa-5.3.18-150300.59.90.1 kernel-syms-5.3.18-150300.59.90.1 kselftests-kmp-default-5.3.18-150300.59.90.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.90.1 ocfs2-kmp-default-5.3.18-150300.59.90.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.90.1 reiserfs-kmp-default-5.3.18-150300.59.90.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.90.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.90.1 kernel-debug-debuginfo-5.3.18-150300.59.90.1 kernel-debug-debugsource-5.3.18-150300.59.90.1 kernel-debug-devel-5.3.18-150300.59.90.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.90.1 kernel-debug-livepatch-devel-5.3.18-150300.59.90.1 kernel-kvmsmall-5.3.18-150300.59.90.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.90.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.90.1 kernel-kvmsmall-devel-5.3.18-150300.59.90.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.90.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.90.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.90.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.90.1 dlm-kmp-preempt-5.3.18-150300.59.90.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.90.1 gfs2-kmp-preempt-5.3.18-150300.59.90.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.90.1 kernel-preempt-5.3.18-150300.59.90.1 kernel-preempt-debuginfo-5.3.18-150300.59.90.1 kernel-preempt-debugsource-5.3.18-150300.59.90.1 kernel-preempt-devel-5.3.18-150300.59.90.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.90.1 kernel-preempt-extra-5.3.18-150300.59.90.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.90.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.90.1 kernel-preempt-optional-5.3.18-150300.59.90.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.90.1 kselftests-kmp-preempt-5.3.18-150300.59.90.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.90.1 ocfs2-kmp-preempt-5.3.18-150300.59.90.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.90.1 reiserfs-kmp-preempt-5.3.18-150300.59.90.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.90.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.90.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.90.1 dlm-kmp-64kb-5.3.18-150300.59.90.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.90.1 dtb-al-5.3.18-150300.59.90.1 dtb-allwinner-5.3.18-150300.59.90.1 dtb-altera-5.3.18-150300.59.90.1 dtb-amd-5.3.18-150300.59.90.1 dtb-amlogic-5.3.18-150300.59.90.1 dtb-apm-5.3.18-150300.59.90.1 dtb-arm-5.3.18-150300.59.90.1 dtb-broadcom-5.3.18-150300.59.90.1 dtb-cavium-5.3.18-150300.59.90.1 dtb-exynos-5.3.18-150300.59.90.1 dtb-freescale-5.3.18-150300.59.90.1 dtb-hisilicon-5.3.18-150300.59.90.1 dtb-lg-5.3.18-150300.59.90.1 dtb-marvell-5.3.18-150300.59.90.1 dtb-mediatek-5.3.18-150300.59.90.1 dtb-nvidia-5.3.18-150300.59.90.1 dtb-qcom-5.3.18-150300.59.90.1 dtb-renesas-5.3.18-150300.59.90.1 dtb-rockchip-5.3.18-150300.59.90.1 dtb-socionext-5.3.18-150300.59.90.1 dtb-sprd-5.3.18-150300.59.90.1 dtb-xilinx-5.3.18-150300.59.90.1 dtb-zte-5.3.18-150300.59.90.1 gfs2-kmp-64kb-5.3.18-150300.59.90.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.90.1 kernel-64kb-5.3.18-150300.59.90.1 kernel-64kb-debuginfo-5.3.18-150300.59.90.1 kernel-64kb-debugsource-5.3.18-150300.59.90.1 kernel-64kb-devel-5.3.18-150300.59.90.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.90.1 kernel-64kb-extra-5.3.18-150300.59.90.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.90.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.90.1 kernel-64kb-optional-5.3.18-150300.59.90.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.90.1 kselftests-kmp-64kb-5.3.18-150300.59.90.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.90.1 ocfs2-kmp-64kb-5.3.18-150300.59.90.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.90.1 reiserfs-kmp-64kb-5.3.18-150300.59.90.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.90.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.90.1 kernel-docs-5.3.18-150300.59.90.1 kernel-docs-html-5.3.18-150300.59.90.1 kernel-macros-5.3.18-150300.59.90.1 kernel-source-5.3.18-150300.59.90.1 kernel-source-vanilla-5.3.18-150300.59.90.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.90.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.90.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-debugsource-5.3.18-150300.59.90.1 kernel-default-extra-5.3.18-150300.59.90.1 kernel-default-extra-debuginfo-5.3.18-150300.59.90.1 kernel-preempt-debuginfo-5.3.18-150300.59.90.1 kernel-preempt-debugsource-5.3.18-150300.59.90.1 kernel-preempt-extra-5.3.18-150300.59.90.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-debugsource-5.3.18-150300.59.90.1 kernel-default-livepatch-5.3.18-150300.59.90.1 kernel-default-livepatch-devel-5.3.18-150300.59.90.1 kernel-livepatch-5_3_18-150300_59_90-default-1-150300.7.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-debugsource-5.3.18-150300.59.90.1 reiserfs-kmp-default-5.3.18-150300.59.90.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.90.1 kernel-obs-build-debugsource-5.3.18-150300.59.90.1 kernel-syms-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.90.1 kernel-preempt-debugsource-5.3.18-150300.59.90.1 kernel-preempt-devel-5.3.18-150300.59.90.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.90.1 kernel-source-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.90.1 kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1 kernel-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-debugsource-5.3.18-150300.59.90.1 kernel-default-devel-5.3.18-150300.59.90.1 kernel-default-devel-debuginfo-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.90.1 kernel-preempt-debuginfo-5.3.18-150300.59.90.1 kernel-preempt-debugsource-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.90.1 kernel-64kb-debuginfo-5.3.18-150300.59.90.1 kernel-64kb-debugsource-5.3.18-150300.59.90.1 kernel-64kb-devel-5.3.18-150300.59.90.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.90.1 kernel-macros-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.90.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.90.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.90.1 kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1 kernel-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-debugsource-5.3.18-150300.59.90.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.90.1 kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1 kernel-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-debugsource-5.3.18-150300.59.90.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.90.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.90.1 dlm-kmp-default-5.3.18-150300.59.90.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.90.1 gfs2-kmp-default-5.3.18-150300.59.90.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-debuginfo-5.3.18-150300.59.90.1 kernel-default-debugsource-5.3.18-150300.59.90.1 ocfs2-kmp-default-5.3.18-150300.59.90.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.90.1 References: https://www.suse.com/security/cve/CVE-2020-36516.html https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-21505.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-2639.html https://www.suse.com/security/cve/CVE-2022-29581.html https://www.suse.com/security/cve/CVE-2022-32250.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1196616 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1199364 https://bugzilla.suse.com/1199647 https://bugzilla.suse.com/1199665 https://bugzilla.suse.com/1199670 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200521 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200644 https://bugzilla.suse.com/1200651 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201196 https://bugzilla.suse.com/1201206 https://bugzilla.suse.com/1201251 https://bugzilla.suse.com/1201381 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201442 https://bugzilla.suse.com/1201458 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201645 https://bugzilla.suse.com/1201664 https://bugzilla.suse.com/1201672 https://bugzilla.suse.com/1201673 https://bugzilla.suse.com/1201676 https://bugzilla.suse.com/1201846 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 https://bugzilla.suse.com/1201954 https://bugzilla.suse.com/1201956 https://bugzilla.suse.com/1201958 https://bugzilla.suse.com/1202154 From sle-updates at lists.suse.com Tue Aug 23 19:16:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 23 Aug 2022 21:16:19 +0200 (CEST) Subject: SUSE-SU-2022:2880-1: important: Security update for dpdk Message-ID: <20220823191619.AE22BFF0F@maintenance.suse.de> SUSE Security Update: Security update for dpdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2880-1 Rating: important References: #1195172 #1198581 #1198873 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update of dpdk fixes the following issue: - Fix to read PCI device name as UTF strings (bsc#1198873) - Allow configuring thread granularity of Kernel NIC Interface (bsc#1195172) - Rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2880=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2880=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): dpdk-19.11.10-150400.4.4.1 dpdk-debuginfo-19.11.10-150400.4.4.1 dpdk-debugsource-19.11.10-150400.4.4.1 dpdk-devel-19.11.10-150400.4.4.1 dpdk-devel-debuginfo-19.11.10-150400.4.4.1 dpdk-examples-19.11.10-150400.4.4.1 dpdk-examples-debuginfo-19.11.10-150400.4.4.1 dpdk-kmp-default-19.11.10_k5.14.21_150400.24.11-150400.4.4.1 dpdk-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.11-150400.4.4.1 dpdk-tools-19.11.10-150400.4.4.1 dpdk-tools-debuginfo-19.11.10-150400.4.4.1 libdpdk-20_0-19.11.10-150400.4.4.1 libdpdk-20_0-debuginfo-19.11.10-150400.4.4.1 - openSUSE Leap 15.4 (aarch64): dpdk-thunderx-19.11.10-150400.4.4.1 dpdk-thunderx-debuginfo-19.11.10-150400.4.4.1 dpdk-thunderx-debugsource-19.11.10-150400.4.4.1 dpdk-thunderx-devel-19.11.10-150400.4.4.1 dpdk-thunderx-devel-debuginfo-19.11.10-150400.4.4.1 dpdk-thunderx-examples-19.11.10-150400.4.4.1 dpdk-thunderx-examples-debuginfo-19.11.10-150400.4.4.1 dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.11-150400.4.4.1 dpdk-thunderx-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.11-150400.4.4.1 dpdk-thunderx-tools-19.11.10-150400.4.4.1 dpdk-thunderx-tools-debuginfo-19.11.10-150400.4.4.1 - openSUSE Leap 15.4 (noarch): dpdk-doc-19.11.10-150400.4.4.1 dpdk-thunderx-doc-19.11.10-150400.4.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le x86_64): dpdk-19.11.10-150400.4.4.1 dpdk-debuginfo-19.11.10-150400.4.4.1 dpdk-debugsource-19.11.10-150400.4.4.1 dpdk-devel-19.11.10-150400.4.4.1 dpdk-devel-debuginfo-19.11.10-150400.4.4.1 dpdk-kmp-default-19.11.10_k5.14.21_150400.24.11-150400.4.4.1 dpdk-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.11-150400.4.4.1 dpdk-tools-19.11.10-150400.4.4.1 dpdk-tools-debuginfo-19.11.10-150400.4.4.1 libdpdk-20_0-19.11.10-150400.4.4.1 libdpdk-20_0-debuginfo-19.11.10-150400.4.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64): dpdk-thunderx-19.11.10-150400.4.4.1 dpdk-thunderx-debuginfo-19.11.10-150400.4.4.1 dpdk-thunderx-debugsource-19.11.10-150400.4.4.1 dpdk-thunderx-devel-19.11.10-150400.4.4.1 dpdk-thunderx-devel-debuginfo-19.11.10-150400.4.4.1 dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.11-150400.4.4.1 dpdk-thunderx-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.11-150400.4.4.1 References: https://bugzilla.suse.com/1195172 https://bugzilla.suse.com/1198581 https://bugzilla.suse.com/1198873 From sle-updates at lists.suse.com Wed Aug 24 07:01:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2022 09:01:55 +0200 (CEST) Subject: SUSE-IU-2022:1061-1: Security update of suse-sles-15-sp4-chost-byos-v20220819-x86_64-gen2 Message-ID: <20220824070155.614F5FF0F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20220819-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1061-1 Image Tags : suse-sles-15-sp4-chost-byos-v20220819-x86_64-gen2:20220819 Image Release : Severity : important Type : security References : 1027519 1055117 1061840 1065729 1071995 1089644 1103269 1118212 1121726 1137373 1137728 1156395 1157038 1157923 1160171 1175667 1177461 1178331 1178332 1179439 1179639 1180814 1181658 1183682 1183872 1184318 1184924 1184970 1187654 1187716 1188885 1189998 1190137 1190208 1190256 1190336 1190497 1190497 1190768 1190786 1190812 1191271 1191663 1192146 1192483 1193064 1193277 1193282 1193289 1193431 1193556 1193629 1193640 1193787 1193823 1193852 1194086 1194111 1194191 1194409 1194501 1194523 1194526 1194550 1194583 1194585 1194586 1194625 1194708 1194765 1194826 1194869 1195047 1195099 1195157 1195287 1195478 1195482 1195504 1195508 1195604 1195651 1195668 1195669 1195775 1195823 1195826 1195913 1195915 1195916 1195926 1195944 1195957 1195987 1196079 1196114 1196125 1196130 1196213 1196224 1196267 1196306 1196367 1196400 1196426 1196478 1196490 1196514 1196570 1196696 1196723 1196779 1196830 1196836 1196866 1196868 1196869 1196901 1196930 1196942 1196960 1197016 1197135 1197136 1197157 1197227 1197243 1197292 1197302 1197303 1197304 1197362 1197386 1197501 1197570 1197601 1197635 1197661 1197675 1197684 1197761 1197817 1197819 1197820 1197888 1197889 1197894 1197915 1197917 1197918 1197920 1197921 1197922 1197926 1197967 1198009 1198010 1198012 1198013 1198014 1198015 1198016 1198017 1198018 1198019 1198020 1198021 1198022 1198023 1198024 1198027 1198030 1198034 1198058 1198217 1198255 1198379 1198400 1198402 1198410 1198412 1198413 1198438 1198484 1198577 1198585 1198627 1198660 1198720 1198732 1198802 1198803 1198806 1198811 1198826 1198829 1198835 1198968 1198971 1199011 1199024 1199035 1199042 1199044 1199046 1199052 1199063 1199132 1199163 1199173 1199235 1199247 1199260 1199291 1199314 1199356 1199390 1199426 1199433 1199439 1199482 1199487 1199505 1199507 1199605 1199611 1199626 1199631 1199650 1199657 1199665 1199674 1199734 1199736 1199793 1199839 1199875 1199909 1199948 1199965 1199966 1200015 1200019 1200045 1200046 1200144 1200170 1200205 1200211 1200236 1200251 1200259 1200263 1200284 1200315 1200343 1200360 1200420 1200442 1200475 1200502 1200549 1200556 1200567 1200569 1200571 1200599 1200600 1200608 1200611 1200619 1200624 1200657 1200685 1200692 1200747 1200762 1200763 1200806 1200807 1200808 1200809 1200810 1200812 1200813 1200815 1200816 1200820 1200821 1200822 1200824 1200825 1200827 1200828 1200829 1200830 1200845 1200855 1200882 1200925 1200964 1201050 1201080 1201160 1201171 1201177 1201193 1201196 1201218 1201222 1201225 1201228 1201251 1201258 1201276 1201323 1201381 1201385 1201391 1201394 1201458 1201469 1201471 1201490 1201492 1201493 1201495 1201496 1201524 1201560 1201592 1201593 1201595 1201596 1201635 1201640 1201651 1201691 1201705 1201726 1201846 1201930 1202094 1202436 1202498 CVE-2020-29651 CVE-2021-25219 CVE-2021-25220 CVE-2021-26341 CVE-2021-33061 CVE-2021-33655 CVE-2021-4204 CVE-2021-44879 CVE-2021-45402 CVE-2022-0264 CVE-2022-0396 CVE-2022-0494 CVE-2022-0617 CVE-2022-1012 CVE-2022-1016 CVE-2022-1184 CVE-2022-1198 CVE-2022-1205 CVE-2022-1462 CVE-2022-1508 CVE-2022-1587 CVE-2022-1651 CVE-2022-1652 CVE-2022-1671 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1998 CVE-2022-20132 CVE-2022-20154 CVE-2022-2031 CVE-2022-21123 CVE-2022-21123 CVE-2022-21125 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-21505 CVE-2022-2318 CVE-2022-23222 CVE-2022-23308 CVE-2022-23816 CVE-2022-23825 CVE-2022-2585 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-26365 CVE-2022-26373 CVE-2022-26490 CVE-2022-29458 CVE-2022-29581 CVE-2022-29582 CVE-2022-29824 CVE-2022-29900 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33745 CVE-2022-33981 CVE-2022-34903 CVE-2022-34918 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20220819-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2520-1 Released: Thu Jul 21 18:34:49 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1 197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198410,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198829,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200813,1200815,1200816,1200820,1200821,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201080,1201160,1201171,1201177,120119 3,1201196,1201218,1201222,1201228,1201251,1201381,1201471,1201524,CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1462,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bnc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bnc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-1998: Fixed a use after free in the file system notify functionality (bnc#1200284). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875) - CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674) - CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968) - CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439) - CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433) - CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811) - CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386) - CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111) - CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765) - CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: PM: Revert 'Only mark EC GPE for wakeup on Intel systems' (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913). - ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - amd/display: set backlight only if required (git-fixes). - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - arm64: Add support for user sub-page fault probing (git-fixes) - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - arm64: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - arm64: fix types in copy_highpage() (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: mm: fix p?d_leaf() (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: socfpga: change qspi to 'intel,socfpga-qspi' (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: fix co-processor register typo (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277). - ARM: mediatek: select arch timer for mt7629 (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13' (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: soc-ops: fix error handling (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath11k: Do not check arvif->is_started before sending management frames (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - audit: improve audit queue handling when 'audit=1' on cmdline (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Do not let waker requests skip proper accounting (bsc#1184318). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Limit waker detection in time (bsc#1184318). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Relax waker detection for shared queues (bsc#1184318). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - bitfield: add explicit inclusions to the example (git-fixes). - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blktrace: fix use after free for struct blk_trace (bsc#1198017). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - block: do not delete queue kobject before its children (bsc#1198019). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - block: Fix up kabi after blkcg merge fix (bsc#1198020). - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - block: limit request dispatch loop duration (bsc#1198022). - block/mq-deadline: Improve request accounting further (bsc#1198009). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Add check_func_arg_reg_off function (git-fixes). - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#1198585). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes). - bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - cifs: avoid parallel session setups on same channel (bsc#1193629). - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - cifs: check reconnects for channels of active tcons too (bsc#1193629). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - cifs: clean up an inconsistent indenting (bsc#1193629). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - cifs: fix bad fids sent over wire (bsc#1197157). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - cifs: fix handlecache and multiuser (bsc#1193629). - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - cifs: fix minor compile warning (bsc#1193629). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - cifs: fix potential double free during failed mount (bsc#1193629). - cifs: fix potential race with cifsd thread (bsc#1193629). - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - cifs: fix the connection state transitions with multichannel (bsc#1193629). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - cifs: force new session setup and tcon for dfs (bsc#1193629). - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - cifs: make status checks in version independent callers (bsc#1193629). - cifs: mark sessions for reconnection in helper function (bsc#1193629). - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - cifs: move superblock magic defitions to magic.h (bsc#1193629). - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - cifs: print TIDs as hex (bsc#1193629). - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - cifs: release cached dentries only if mount is complete (bsc#1193629). - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - cifs: remove redundant assignment to pointer p (bsc#1193629). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - cifs: remove unused variable ses_selected (bsc#1193629). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - cifs: return the more nuanced writeback error on close() (bsc#1193629). - cifs: serialize all mount attempts (bsc#1193629). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - cifs: skip trailing separators of prefix paths (bsc#1193629). - cifs: smbd: fix typo in comment (bsc#1193629). - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - cifs: use new enum for ses_status (bsc#1193629). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - cifs: writeback fix (bsc#1193629). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: amlogic - call finalize with bh disabled (git-fixes). - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - dim: initialize all struct fields (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - Documentation: update stable tree link (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - driver base: fix compaction sysfs file leak (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - driver core: dd: fix return value of __setup handler (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - driver: hv: Rename 'alloced' to 'allocated' (git-fixes). - driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - driver: hv: vmbus: Fix potential crash on module unload (git-fixes). - driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - driver: net: xgene: Fix regression in CRC stripping (git-fixes). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15' Apple Retina panels (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - drm/amdgpu: do not do resets on APUs which do not support it (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: do not use BACO for reset in S3 (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes). - drm/amdkfd: Fix GWS queue count (bsc#1190786) - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/amdkfd: remove unused function (git-fixes). - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - drm/ast: Create threshold values for AST2600 (bsc#1190786) - drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - drm: bridge: icn6211: Fix register layout (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/connector: Fix typo in output format (bsc#1190786) - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - drm/edid: Always set RGB444 (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/i915/gem: add missing else (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - drm/i915/ttm: ensure we unmap when purging (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Widen the QGV point mask (git-fixes). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dp: remove fail safe mode related code (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm/dsi: Use 'ref' fw clock instead of global name for VCO parent (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm: properly add and remove internal bridges (bsc#1190768) - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/simpledrm: Add 'panel orientation' property on non-upright mounted LCD panels (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1190786) - drm/vmwgfx: validate the screen formats (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported 'bus-frequency' (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - EDAC/altera: Fix deferred probing (bsc#1190497). - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - EDAC/xgene: Fix deferred probing (bsc#1190497). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - epic100: fix use after free on rmmod (git-fixes). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - exec: Force single empty string when argv is empty (bsc#1200571). - ext2: correct max file size computing (bsc#1197820). - ext4: avoid trim error on fs with small groups (bsc#1191271). - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix ext4_fc_stats trace point (git-fixes). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - firmware: use kernel credentials when reading firmware (git-fixes). - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - fs: fix fd table size alignment properly (bsc#1200882). - fs: handle circular mappings correctly (bsc#1197918). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - fsnotify: fix wrong lockdep annotations (bsc#1200815). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - fuse: fix fileattr op failure (bsc#1197292). - gen_init_cpio: fix short read file handling (bsc#1193289). - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq: Synchronize interrupt thread startup (git-fixes) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - hide appended member supports_dynamic_smps_6ghz (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - hv_balloon: rate-limit 'Unhandled message' warning (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - i2c: qcom-cci: do not delete an unregistered adapter (git-fixes). - i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes). - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: Clear default forwarding VSI during VSI release (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: Do not use GFP_KERNEL in atomic context (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: kabi protect ice_pf (bsc#1200502). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - init/main.c: return 1 from handled __setup() functions (git-fixes). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - Input: synaptics: retry query upon error (bsc#1194086). - Input: wm97xx: Simplify resource management (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - iocost: do not reset the inuse weight of under-weighted debtors (git-fixes). - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - iomap: iomap_write_failed fix (bsc#1200829). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Correctly print AQ errors if completions are not received (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Do not send reset commands if FW isn't running (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). - io_uring: do not halt iopoll too early (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes). - iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ixgbe: ensure IPsec VF - PF compatibility (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - kABI: Fix kABI after 'x86/mm/cpa: Generalize __set_memory_enc_pgtable()' (jsc#SLE-19924). - kABI fix of sysctl_run_estimation (git-fixes). - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: fix rndis_parameters locking (git-fixes). - kABI: ivtv: restore caps member (git-fixes). - kabi/severities: add exception for bcache symboles - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - kABI workaround for fxls8962af iio accel drivers (git-fixes). - kABI workaround for pci quirks (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - kselftest/arm64: bti: force static linking (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - KVM: VMX: Read Posted Interrupt 'control' exactly once per loop iteration (git-fixes). - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - KVM: VMX: Remove defunct 'nr_active_uret_msrs' field (git-fixes). - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes). - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - KVM: x86: Drop WARNs that assert a triple fault never 'escapes' from L2 (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - KVM: x86: Ignore sparse banks size for an 'all CPUs', non-sparse IPI req (git-fixes). - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - lib: bitmap: fix many kernel-doc warnings (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - lib/iov_iter: initialize 'flags' in new pipe_buffer (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998). - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - LSM: general protection fault in legacy_parse_param (git-fixes). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - mac80211: fix forwarded mesh frames AC and queue selection (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - maple: fix wrong return value of maple_bus_init() (git-fixes). - md: Do not set mddev private to NULL in raid0 pers->free (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: camss: csid-170: do not enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: vfe-170: fix 'VFE halt timeout' error (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: i2c: max9286: Use 'maxim,gpio-poc' property (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: ov5648: Do not pack controls struct (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Fix set format try processing path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: rockchip/rga: do proper error checking in probe (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: add raptor lake point S DID (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - mlx5: kabi protect lag_mp (git-fixes). - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: block: fix read single on recovery logic (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - mm, thp: lock filemap when truncating page cache (bsc#1198023). - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - modpost: restore the warning message for missing symbol versions (git-fixes). - mptcp: add missing documented NL params (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: fix encap offload ethernet type check (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - net: bnxt_ptp: fix compilation error (bsc#1199736). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Remove unused enum (bsc#1200502). - net: ipa: disable HOLB drop when updating timer (git-fixes). - net: ipa: HOLB register sometimes must be written twice (git-fixes). - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - net: marvell: prestera: fix double free issue on err path (git-fixes). - net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net: mvmdio: fix compilation warning (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: correct spelling error of media in documentation (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: sfc: add missing xdp queue reinitialization (git-fixes). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: fixes for converting from 'struct smc_cdc_tx_pend **' to 'struct smc_wr_tx_pend_priv *' (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Use a mutex for locking 'struct smc_pnettable' (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - nfc: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - nfc: port100: fix use-after-free in port100_send_complete (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483). - NFSD: allow lock state ids to be revoked and then freed (bsc#1192483). - NFSD: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483). - NFSD: Fix a write performance regression (bsc#1197016). - NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes). - NFSD: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes). - NFS: Do not overfill uncached readdir pages (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFSD: prepare for supporting admin-revocation of state (bsc#1192483). - NFSD: Replace use of rwsem with errseq_t (bsc#1196960). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFS: fix broken handling of the softreval mount option (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - nl80211: validate S1G channel width (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - nvme: add verbose error logging (bsc#1200567). Update config files. - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme: send uevent on connection up (jsc#SLE-23643). - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - objtool: Fix code relocs vs weak symbols (git-fixes). - objtool: Fix type of reloc::addend (git-fixes). - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - of: unittest: update text of expected warnings (git-fixes). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Do not mask irq when mapping (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Do not pass task around when ctx sched in (git-fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf/core: Fix cgroup event list management (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: tigerlake: Revert 'Add Alder Lake-M ACPI ID' (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - platform/x86: asus-wmi: Fix 'unsigned 'retval' is never less than zero' smatch warning (bsc#1198058). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp288_fuel_gauge: Drop BIOS version check from 'T3 MRD' DMI quirk (git-fixes). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - proc: bootconfig: Add null pointer check (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - psi: fix 'defined but not used' warnings when (git-fixes) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - pvpanic: Fix typos in the comments (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qed: display VF trust config (git-fixes). - qede: confirm skb is allocated before using (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - qed: return status of qed_iov_get_link (git-fixes). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - Revert 'drm/amd/display: Fix DCN3 B0 DP Alt Mapping' (git-fixes). - Revert 'drm/amdgpu/display: set vblank_disable_immediate for DC' (git-fixes). - Revert 'svm: Add warning message for AVIC IPI invalid target' (git-fixes). - rfkill: make new event layout opt-in (git-fixes). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - riscv: Fix fill_callchain return value (git fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (git-fixes). - s390/dasd: Fix read for ESE with blksize 4k (git-fixes). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - s390/setup: avoid reserving memory above identity mapping (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - sched/core: Export pelt_thermal_tp (git-fixes) - sched/core: Fix forceidle balancing (git-fixes) - sched/core: Mitigate race (git-fixes) - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - sched/fair: Revise comment about lb decision matrix (git-fixes) - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - sched/psi: report zeroes for CPU full at the system level (git-fixes) - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - sched/sugov: Ignore 'busy' filter when rq is capped by (git-fixes) - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftest: KVM: Add open sev dev helper (bsc#1194526). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - selftests: kvm: Remove absent target file (git-fixes). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: Use swap() instead of open coding it (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - slip: fix macro redefine warning (git-fixes). - smb3: add mount parm nosparse (bsc#1193629). - smb3: add trace point for lease not found issue (bsc#1193629). - smb3: add trace point for oplock not found (bsc#1193629). - smb3: check for null tcon (bsc#1193629). - smb3: cleanup and clarify status of tree connections (bsc#1193629). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). - smb3: fix snapshot mount option (bsc#1193629). - smb3 improve error message when mount options conflict with posix (bsc#1193629). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - smb3 move more common protocol header definitions to smbfs_common (bsc#1193629). - smb3: send NTLMSSP version information (bsc#1193629). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - staging: most: dim2: use device release method (git-fixes). - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: vc04_services: shut up out-of-range warning (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - staging: vchiq: Refactor vchiq cdev code (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - SUNRPC do not resend a task on an offlined transport (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - supported.conf: add intel_sdsi - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - TOMOYO: fix __setup handlers return values (git-fixes). - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - tools: bpftool: Complete metrics list in 'bpftool prog profile' doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, -B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: Fix error handling in async work (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have trace event string test handle zero length strings (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histogram: Fix sorting on old 'cpu' value (git-fixes). - tracing/osnoise: Force quiescent states while tracing (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes). - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - udmabuf: validate ubuf->pagecount (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - usb: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - usb: dwc3: pci: Add 'snps,dis_u2_susphy_quirk' for Intel Bay Trail (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: gadget: eliminate anonymous module_init and module_exit (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - usb: gadget: validate endpoint index for xilinx udc (git-fixes). - usb: gadget: validate interface OS descriptor requests (git-fixes). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - USB: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: new quirk for Dell Gen 2 devices (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - usb: serial: cp210x: add NCR Retail IO box id (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add support for DW5829e (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: serial: option: add Telit LE910R1 compositions (git-fixes). - usb: serial: option: add ZTE MF286D modem (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - usb: serial: pl2303: fix GS type detection (git-fixes). - usb: serial: pl2303: fix type detection for odd device (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: simple: add Nokia phone driver (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: eliminate anonymous module_init and module_exit (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - usb: zaurus: support another broken Zaurus (git-fixes). - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - vdpasim: allow to enable a vq repeatedly (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes). - vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio_blk: eliminate anonymous module_init and module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init and module_exit (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-net: realign page_to_skb() after merges (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - vsprintf: Fix potential unaligned access (bsc#1198379). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - x86/entry: Remove skip_r11rcx (bsc#1201524). - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - x86/kvmclock: Fix Hyper-V Isolated VM s boot issue when vCPUs 64 (bsc#1183682). - x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682). - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: fix is_xen_pmu() (git-fixes). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xfs: drop async cache flushes from CIL commits (bsc#1195669). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with poolmigrate_lock (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2573-1 Released: Thu Jul 28 04:24:19 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2597-1 Released: Fri Jul 29 16:12:04 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,1200549,1201394,1201469,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-23816,CVE-2022-23825,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364,CVE-2022-29900,CVE-2022-33745 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2625-1 Released: Tue Aug 2 12:15:42 2022 Summary: Recommended update for dracut Type: recommended Severity: important References: 1177461,1184970,1187654,1195047,1195508,1195604,1196267,1197635,1197967,1200236,1200251,1200360 This update for dracut fixes the following issues: - fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236) - fix(bluetooth): make hostonly configuration files optional (bsc#1195047) - fix(convertfs): ignore commented lines in fstab (bsc#1200251) - fix(crypt): remove quotes from cryptsetupopts (bsc#1197635) - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) - fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267) - fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604) - fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360) - fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2640-1 Released: Wed Aug 3 10:43:44 2022 Summary: Recommended update for yaml-cpp Type: recommended Severity: moderate References: 1160171,1178331,1178332,1200624 This update for yaml-cpp fixes the following issue: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2659-1 Released: Wed Aug 3 21:05:25 2022 Summary: Security update for ldb, samba Type: security Severity: important References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following non-security bug were fixed: ldb was updated to version 2.4.3: + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2677-1 Released: Fri Aug 5 04:00:59 2022 Summary: Recommended update for hwinfo Type: recommended Severity: important References: 1199948 This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2713-1 Released: Tue Aug 9 12:38:05 2022 Summary: Security update for bind Type: security Severity: important References: 1192146,1197135,1197136,1199044,1200685,CVE-2021-25219,CVE-2021-25220,CVE-2022-0396 This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135). - CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136). The following non-security bugs were fixed: - Update to release 9.16.31 (jsc#SLE-24600). - Logrotation broken since dropping chroot (bsc#1200685). - A non-existent initialization script (eg a leftorver 'createNamedConfInclude' in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2803-1 Released: Fri Aug 12 16:29:17 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1190256,1190497,1199291,1199356,1199665,1201258,1201323,1201391,1201458,1201592,1201593,1201595,1201596,1201635,1201651,1201691,1201705,1201726,1201846,1201930,1202094,CVE-2021-33655,CVE-2022-21505,CVE-2022-2585,CVE-2022-26373,CVE-2022-29581 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bnc#1202094). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26373: Fixed CPU info leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). The following non-security bugs were fixed: - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: Fix deadlock on resume (git-fixes). - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - batman-adv: Use netif_rx() (git-fixes). - bcmgenet: add WOL IRQ check (git-fixes). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - dm: do not stop request queue after the dm device is suspended (bsc#1201651). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - drivers: net: smc911x: Check for error irq (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - ethtool: Fix get module eeprom fallback (bsc#1201323). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fjes: Check for error irq (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim does not write the inode (bsc#1201592). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - gve: Recording rx queue before sending to napi (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - i2c: smbus: Check for parent device before dereference (git-fixes). - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - ice: Fix error with handling of bonding MTU (git-fixes). - ice: Fix race condition during interface enslave (git-fixes). - ice: stop disabling VFs due to PF error responses (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI workaround for phy_device changes (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kABI workaround for snd-soc-rt5682-* (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - kABI: fix adding field to ufs_hba (git-fixes). - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for 'i2c: smbus: Use device_*() functions instead of of_*()' - kabi/severities: add intel ice - kabi/severities: add stmmac network driver local symbols - kabi/severities: ignore dropped symbol rt5682_headset_detect - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - memregion: Fix memregion_free() fallback definition (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - natsemi: xtensa: fix section mismatch warnings (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - net: altera: set a couple error code in probe() (git-fixes). - net: amd-xgbe: Fix skb data length underflow (git-fixes). - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - net: axienet: Fix TX ring slot available check (git-fixes). - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - net: axienet: add missing memory barriers (git-fixes). - net: axienet: fix for TX busy handling (git-fixes). - net: axienet: fix number of TX ring slots for available check (git-fixes). - net: axienet: increase default TX ring size to 128 (git-fixes). - net: axienet: increase reset timeout (git-fixes). - net: axienet: limit minimum TX ring size (git-fixes). - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: bcmgenet: skip invalid partial checksums (git-fixes). - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes). - net: dsa: felix: do not use devres for mdiobus (git-fixes). - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - net: dsa: lan9303: fix reset on probe (git-fixes). - net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - net: ipa: add an interconnect dependency (git-fixes). - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - net: ipa: prevent concurrent replenish (git-fixes). - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - net: ks8851: Check for error irq (git-fixes). - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - net: mscc: ocelot: fix using match before it is set (git-fixes). - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - net: mvpp2: fix XDP rx queues registering (git-fixes). - net: phy: Do not trigger state machine while in suspend (git-fixes). - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - net: sfp: ignore disabled SFP node (git-fixes). - net: sparx5: Fix add vlan when invalid operation (git-fixes). - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - net: stmmac: Add platform level debug register dump feature (git-fixes). - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - net: stmmac: fix return value of __setup handler (git-fixes). - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - net: sxgbe: fix return value of __setup handler (git-fixes). - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - netdevsim: do not overwrite read only ethtool parms (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: wait until quiesce is done (bsc#1201651). - octeontx2-af: Do not fixup all VF action entries (git-fixes). - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - octeontx2-pf: Forward error codes to VF (git-fixes). - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - posix_cpu_timers: fix race between exit_itimers() and /proc/pid/timers (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - qede: validate non LSO skb length (git-fixes). - r8152: fix a WOL issue (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - rocker: fix a sleeping in atomic bug (git-fixes). - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). - scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - spi: amd: Limit max transfer and message size (git-fixes). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - tee: fix put order in teedev_close_context() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - tun: fix bonding active backup with arp monitoring (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: serial: ftdi_sio: add Belimo device ids (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - veth: Do not record rx queue hint in veth_xmit (git-fixes). - veth: ensure skb entering GRO are not cloned (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1190497). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:04 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2853-1 Released: Fri Aug 19 15:59:42 2022 Summary: Recommended update for sle-module-legacy-release Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498) The following package changes have been done: - bind-utils-9.16.31-150400.5.6.1 updated - dracut-mkinitrd-deprecated-055+suse.279.g3b3c36b2-150400.3.5.1 updated - dracut-055+suse.279.g3b3c36b2-150400.3.5.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - hwinfo-21.82-150400.3.3.1 updated - kernel-default-5.14.21-150400.24.18.1 updated - libldb2-2.4.3-150400.4.8.1 updated - libncurses6-6.1-150000.5.12.1 updated - libpcre2-8-0-10.39-150400.4.6.1 updated - libsystemd0-249.11-150400.8.5.1 updated - libudev1-249.11-150400.8.5.1 updated - libxml2-2-2.9.14-150400.5.7.1 updated - libyaml-cpp0_6-0.6.3-150400.4.3.1 updated - libzypp-17.30.2-150400.3.3.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - permissions-20201225-150400.5.8.1 updated - python3-apipkg-1.4-150000.3.2.1 added - python3-bind-9.16.31-150400.5.6.1 updated - python3-iniconfig-1.1.1-150000.1.5.1 added - python3-py-1.10.0-150000.5.9.2 updated - rpm-config-SUSE-1-150400.14.3.1 updated - samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 updated - systemd-sysvinit-249.11-150400.8.5.1 updated - systemd-249.11-150400.8.5.1 updated - tar-1.34-150000.3.18.1 updated - terminfo-base-6.1-150000.5.12.1 updated - terminfo-6.1-150000.5.12.1 updated - udev-249.11-150400.8.5.1 updated - xen-libs-4.16.1_06-150400.4.8.1 updated - zypper-1.14.53-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Aug 24 07:02:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2022 09:02:22 +0200 (CEST) Subject: SUSE-IU-2022:1062-1: Security update of suse-sles-15-sp4-chost-byos-v20220819-hvm-ssd-x86_64 Message-ID: <20220824070222.AA307FF0F@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20220819-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1062-1 Image Tags : suse-sles-15-sp4-chost-byos-v20220819-hvm-ssd-x86_64:20220819 Image Release : Severity : important Type : security References : 1027519 1055117 1061840 1065729 1071995 1089644 1103269 1118212 1121726 1137373 1137728 1156395 1157038 1157923 1160171 1175667 1177461 1178331 1178332 1179439 1179639 1180814 1181658 1183682 1183872 1184318 1184924 1184970 1187654 1187716 1188885 1189998 1190137 1190208 1190256 1190336 1190497 1190497 1190768 1190786 1190812 1191271 1191663 1192146 1192483 1193064 1193277 1193282 1193289 1193431 1193556 1193629 1193640 1193787 1193823 1193852 1194086 1194111 1194191 1194409 1194501 1194523 1194526 1194550 1194583 1194585 1194586 1194625 1194708 1194765 1194826 1194869 1195047 1195099 1195157 1195287 1195478 1195482 1195504 1195508 1195604 1195651 1195668 1195669 1195775 1195823 1195826 1195913 1195915 1195916 1195926 1195944 1195957 1195987 1196079 1196114 1196125 1196130 1196213 1196224 1196267 1196306 1196367 1196400 1196426 1196478 1196490 1196514 1196570 1196696 1196723 1196779 1196830 1196836 1196866 1196868 1196869 1196901 1196930 1196942 1196960 1197016 1197135 1197136 1197157 1197227 1197243 1197292 1197302 1197303 1197304 1197362 1197386 1197501 1197570 1197601 1197635 1197661 1197675 1197684 1197761 1197817 1197819 1197820 1197888 1197889 1197894 1197915 1197917 1197918 1197920 1197921 1197922 1197926 1197967 1198009 1198010 1198012 1198013 1198014 1198015 1198016 1198017 1198018 1198019 1198020 1198021 1198022 1198023 1198024 1198027 1198030 1198034 1198058 1198217 1198255 1198379 1198400 1198402 1198410 1198412 1198413 1198438 1198484 1198577 1198585 1198627 1198660 1198720 1198732 1198802 1198803 1198806 1198811 1198826 1198829 1198835 1198968 1198971 1199011 1199024 1199035 1199042 1199044 1199046 1199052 1199063 1199132 1199163 1199173 1199235 1199247 1199260 1199291 1199314 1199356 1199390 1199426 1199433 1199439 1199482 1199487 1199505 1199507 1199605 1199611 1199626 1199631 1199650 1199657 1199665 1199674 1199734 1199736 1199793 1199839 1199875 1199909 1199948 1199965 1199966 1200015 1200019 1200045 1200046 1200144 1200170 1200205 1200211 1200236 1200251 1200259 1200263 1200284 1200315 1200343 1200360 1200420 1200442 1200475 1200502 1200549 1200556 1200567 1200569 1200571 1200599 1200600 1200608 1200611 1200619 1200624 1200657 1200685 1200692 1200747 1200762 1200763 1200806 1200807 1200808 1200809 1200810 1200812 1200813 1200815 1200816 1200820 1200821 1200822 1200824 1200825 1200827 1200828 1200829 1200830 1200845 1200855 1200882 1200925 1200964 1201050 1201080 1201160 1201171 1201177 1201193 1201196 1201218 1201222 1201225 1201228 1201251 1201258 1201276 1201323 1201381 1201385 1201391 1201394 1201458 1201469 1201471 1201490 1201492 1201493 1201495 1201496 1201524 1201560 1201592 1201593 1201595 1201596 1201635 1201640 1201651 1201691 1201705 1201726 1201846 1201930 1202094 1202436 1202498 CVE-2020-29651 CVE-2021-25219 CVE-2021-25220 CVE-2021-26341 CVE-2021-33061 CVE-2021-33655 CVE-2021-4204 CVE-2021-44879 CVE-2021-45402 CVE-2022-0264 CVE-2022-0396 CVE-2022-0494 CVE-2022-0617 CVE-2022-1012 CVE-2022-1016 CVE-2022-1184 CVE-2022-1198 CVE-2022-1205 CVE-2022-1462 CVE-2022-1508 CVE-2022-1587 CVE-2022-1651 CVE-2022-1652 CVE-2022-1671 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1998 CVE-2022-20132 CVE-2022-20154 CVE-2022-2031 CVE-2022-21123 CVE-2022-21123 CVE-2022-21125 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-21505 CVE-2022-2318 CVE-2022-23222 CVE-2022-23308 CVE-2022-23816 CVE-2022-23825 CVE-2022-2585 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-26365 CVE-2022-26373 CVE-2022-26490 CVE-2022-29458 CVE-2022-29581 CVE-2022-29582 CVE-2022-29824 CVE-2022-29900 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33745 CVE-2022-33981 CVE-2022-34903 CVE-2022-34918 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20220819-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2520-1 Released: Thu Jul 21 18:34:49 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1 197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198410,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198829,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200813,1200815,1200816,1200820,1200821,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201080,1201160,1201171,1201177,120119 3,1201196,1201218,1201222,1201228,1201251,1201381,1201471,1201524,CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1462,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bnc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bnc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-1998: Fixed a use after free in the file system notify functionality (bnc#1200284). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875) - CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674) - CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968) - CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439) - CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433) - CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811) - CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386) - CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111) - CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765) - CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: PM: Revert 'Only mark EC GPE for wakeup on Intel systems' (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913). - ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - amd/display: set backlight only if required (git-fixes). - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - arm64: Add support for user sub-page fault probing (git-fixes) - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - arm64: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - arm64: fix types in copy_highpage() (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: mm: fix p?d_leaf() (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: socfpga: change qspi to 'intel,socfpga-qspi' (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: fix co-processor register typo (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277). - ARM: mediatek: select arch timer for mt7629 (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13' (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: soc-ops: fix error handling (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath11k: Do not check arvif->is_started before sending management frames (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - audit: improve audit queue handling when 'audit=1' on cmdline (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Do not let waker requests skip proper accounting (bsc#1184318). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Limit waker detection in time (bsc#1184318). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Relax waker detection for shared queues (bsc#1184318). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - bitfield: add explicit inclusions to the example (git-fixes). - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blktrace: fix use after free for struct blk_trace (bsc#1198017). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - block: do not delete queue kobject before its children (bsc#1198019). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - block: Fix up kabi after blkcg merge fix (bsc#1198020). - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - block: limit request dispatch loop duration (bsc#1198022). - block/mq-deadline: Improve request accounting further (bsc#1198009). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Add check_func_arg_reg_off function (git-fixes). - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#1198585). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes). - bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - cifs: avoid parallel session setups on same channel (bsc#1193629). - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - cifs: check reconnects for channels of active tcons too (bsc#1193629). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - cifs: clean up an inconsistent indenting (bsc#1193629). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - cifs: fix bad fids sent over wire (bsc#1197157). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - cifs: fix handlecache and multiuser (bsc#1193629). - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - cifs: fix minor compile warning (bsc#1193629). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - cifs: fix potential double free during failed mount (bsc#1193629). - cifs: fix potential race with cifsd thread (bsc#1193629). - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - cifs: fix the connection state transitions with multichannel (bsc#1193629). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - cifs: force new session setup and tcon for dfs (bsc#1193629). - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - cifs: make status checks in version independent callers (bsc#1193629). - cifs: mark sessions for reconnection in helper function (bsc#1193629). - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - cifs: move superblock magic defitions to magic.h (bsc#1193629). - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - cifs: print TIDs as hex (bsc#1193629). - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - cifs: release cached dentries only if mount is complete (bsc#1193629). - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - cifs: remove redundant assignment to pointer p (bsc#1193629). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - cifs: remove unused variable ses_selected (bsc#1193629). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - cifs: return the more nuanced writeback error on close() (bsc#1193629). - cifs: serialize all mount attempts (bsc#1193629). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - cifs: skip trailing separators of prefix paths (bsc#1193629). - cifs: smbd: fix typo in comment (bsc#1193629). - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - cifs: use new enum for ses_status (bsc#1193629). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - cifs: writeback fix (bsc#1193629). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: amlogic - call finalize with bh disabled (git-fixes). - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - dim: initialize all struct fields (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - Documentation: update stable tree link (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - driver base: fix compaction sysfs file leak (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - driver core: dd: fix return value of __setup handler (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - driver: hv: Rename 'alloced' to 'allocated' (git-fixes). - driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - driver: hv: vmbus: Fix potential crash on module unload (git-fixes). - driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - driver: net: xgene: Fix regression in CRC stripping (git-fixes). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15' Apple Retina panels (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - drm/amdgpu: do not do resets on APUs which do not support it (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: do not use BACO for reset in S3 (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes). - drm/amdkfd: Fix GWS queue count (bsc#1190786) - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/amdkfd: remove unused function (git-fixes). - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - drm/ast: Create threshold values for AST2600 (bsc#1190786) - drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - drm: bridge: icn6211: Fix register layout (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/connector: Fix typo in output format (bsc#1190786) - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - drm/edid: Always set RGB444 (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/i915/gem: add missing else (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - drm/i915/ttm: ensure we unmap when purging (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Widen the QGV point mask (git-fixes). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dp: remove fail safe mode related code (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm/dsi: Use 'ref' fw clock instead of global name for VCO parent (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm: properly add and remove internal bridges (bsc#1190768) - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/simpledrm: Add 'panel orientation' property on non-upright mounted LCD panels (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1190786) - drm/vmwgfx: validate the screen formats (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported 'bus-frequency' (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - EDAC/altera: Fix deferred probing (bsc#1190497). - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - EDAC/xgene: Fix deferred probing (bsc#1190497). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - epic100: fix use after free on rmmod (git-fixes). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - exec: Force single empty string when argv is empty (bsc#1200571). - ext2: correct max file size computing (bsc#1197820). - ext4: avoid trim error on fs with small groups (bsc#1191271). - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix ext4_fc_stats trace point (git-fixes). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - firmware: use kernel credentials when reading firmware (git-fixes). - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - fs: fix fd table size alignment properly (bsc#1200882). - fs: handle circular mappings correctly (bsc#1197918). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - fsnotify: fix wrong lockdep annotations (bsc#1200815). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - fuse: fix fileattr op failure (bsc#1197292). - gen_init_cpio: fix short read file handling (bsc#1193289). - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq: Synchronize interrupt thread startup (git-fixes) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - hide appended member supports_dynamic_smps_6ghz (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - hv_balloon: rate-limit 'Unhandled message' warning (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - i2c: qcom-cci: do not delete an unregistered adapter (git-fixes). - i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes). - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: Clear default forwarding VSI during VSI release (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: Do not use GFP_KERNEL in atomic context (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: kabi protect ice_pf (bsc#1200502). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - init/main.c: return 1 from handled __setup() functions (git-fixes). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - Input: synaptics: retry query upon error (bsc#1194086). - Input: wm97xx: Simplify resource management (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - iocost: do not reset the inuse weight of under-weighted debtors (git-fixes). - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - iomap: iomap_write_failed fix (bsc#1200829). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Correctly print AQ errors if completions are not received (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Do not send reset commands if FW isn't running (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). - io_uring: do not halt iopoll too early (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes). - iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ixgbe: ensure IPsec VF - PF compatibility (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - kABI: Fix kABI after 'x86/mm/cpa: Generalize __set_memory_enc_pgtable()' (jsc#SLE-19924). - kABI fix of sysctl_run_estimation (git-fixes). - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: fix rndis_parameters locking (git-fixes). - kABI: ivtv: restore caps member (git-fixes). - kabi/severities: add exception for bcache symboles - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - kABI workaround for fxls8962af iio accel drivers (git-fixes). - kABI workaround for pci quirks (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - kselftest/arm64: bti: force static linking (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - KVM: VMX: Read Posted Interrupt 'control' exactly once per loop iteration (git-fixes). - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - KVM: VMX: Remove defunct 'nr_active_uret_msrs' field (git-fixes). - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes). - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - KVM: x86: Drop WARNs that assert a triple fault never 'escapes' from L2 (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - KVM: x86: Ignore sparse banks size for an 'all CPUs', non-sparse IPI req (git-fixes). - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - lib: bitmap: fix many kernel-doc warnings (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - lib/iov_iter: initialize 'flags' in new pipe_buffer (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998). - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - LSM: general protection fault in legacy_parse_param (git-fixes). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - mac80211: fix forwarded mesh frames AC and queue selection (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - maple: fix wrong return value of maple_bus_init() (git-fixes). - md: Do not set mddev private to NULL in raid0 pers->free (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: camss: csid-170: do not enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: vfe-170: fix 'VFE halt timeout' error (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: i2c: max9286: Use 'maxim,gpio-poc' property (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: ov5648: Do not pack controls struct (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Fix set format try processing path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: rockchip/rga: do proper error checking in probe (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: add raptor lake point S DID (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - mlx5: kabi protect lag_mp (git-fixes). - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: block: fix read single on recovery logic (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - mm, thp: lock filemap when truncating page cache (bsc#1198023). - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - modpost: restore the warning message for missing symbol versions (git-fixes). - mptcp: add missing documented NL params (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: fix encap offload ethernet type check (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - net: bnxt_ptp: fix compilation error (bsc#1199736). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Remove unused enum (bsc#1200502). - net: ipa: disable HOLB drop when updating timer (git-fixes). - net: ipa: HOLB register sometimes must be written twice (git-fixes). - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - net: marvell: prestera: fix double free issue on err path (git-fixes). - net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net: mvmdio: fix compilation warning (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: correct spelling error of media in documentation (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: sfc: add missing xdp queue reinitialization (git-fixes). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: fixes for converting from 'struct smc_cdc_tx_pend **' to 'struct smc_wr_tx_pend_priv *' (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Use a mutex for locking 'struct smc_pnettable' (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - nfc: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - nfc: port100: fix use-after-free in port100_send_complete (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483). - NFSD: allow lock state ids to be revoked and then freed (bsc#1192483). - NFSD: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483). - NFSD: Fix a write performance regression (bsc#1197016). - NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes). - NFSD: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes). - NFS: Do not overfill uncached readdir pages (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFSD: prepare for supporting admin-revocation of state (bsc#1192483). - NFSD: Replace use of rwsem with errseq_t (bsc#1196960). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFS: fix broken handling of the softreval mount option (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - nl80211: validate S1G channel width (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - nvme: add verbose error logging (bsc#1200567). Update config files. - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme: send uevent on connection up (jsc#SLE-23643). - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - objtool: Fix code relocs vs weak symbols (git-fixes). - objtool: Fix type of reloc::addend (git-fixes). - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - of: unittest: update text of expected warnings (git-fixes). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Do not mask irq when mapping (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Do not pass task around when ctx sched in (git-fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf/core: Fix cgroup event list management (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: tigerlake: Revert 'Add Alder Lake-M ACPI ID' (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - platform/x86: asus-wmi: Fix 'unsigned 'retval' is never less than zero' smatch warning (bsc#1198058). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp288_fuel_gauge: Drop BIOS version check from 'T3 MRD' DMI quirk (git-fixes). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - proc: bootconfig: Add null pointer check (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - psi: fix 'defined but not used' warnings when (git-fixes) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - pvpanic: Fix typos in the comments (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qed: display VF trust config (git-fixes). - qede: confirm skb is allocated before using (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - qed: return status of qed_iov_get_link (git-fixes). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - Revert 'drm/amd/display: Fix DCN3 B0 DP Alt Mapping' (git-fixes). - Revert 'drm/amdgpu/display: set vblank_disable_immediate for DC' (git-fixes). - Revert 'svm: Add warning message for AVIC IPI invalid target' (git-fixes). - rfkill: make new event layout opt-in (git-fixes). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - riscv: Fix fill_callchain return value (git fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (git-fixes). - s390/dasd: Fix read for ESE with blksize 4k (git-fixes). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - s390/setup: avoid reserving memory above identity mapping (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - sched/core: Export pelt_thermal_tp (git-fixes) - sched/core: Fix forceidle balancing (git-fixes) - sched/core: Mitigate race (git-fixes) - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - sched/fair: Revise comment about lb decision matrix (git-fixes) - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - sched/psi: report zeroes for CPU full at the system level (git-fixes) - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - sched/sugov: Ignore 'busy' filter when rq is capped by (git-fixes) - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftest: KVM: Add open sev dev helper (bsc#1194526). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - selftests: kvm: Remove absent target file (git-fixes). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: Use swap() instead of open coding it (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - slip: fix macro redefine warning (git-fixes). - smb3: add mount parm nosparse (bsc#1193629). - smb3: add trace point for lease not found issue (bsc#1193629). - smb3: add trace point for oplock not found (bsc#1193629). - smb3: check for null tcon (bsc#1193629). - smb3: cleanup and clarify status of tree connections (bsc#1193629). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). - smb3: fix snapshot mount option (bsc#1193629). - smb3 improve error message when mount options conflict with posix (bsc#1193629). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - smb3 move more common protocol header definitions to smbfs_common (bsc#1193629). - smb3: send NTLMSSP version information (bsc#1193629). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - staging: most: dim2: use device release method (git-fixes). - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: vc04_services: shut up out-of-range warning (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - staging: vchiq: Refactor vchiq cdev code (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - SUNRPC do not resend a task on an offlined transport (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - supported.conf: add intel_sdsi - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - TOMOYO: fix __setup handlers return values (git-fixes). - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - tools: bpftool: Complete metrics list in 'bpftool prog profile' doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, -B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: Fix error handling in async work (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have trace event string test handle zero length strings (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histogram: Fix sorting on old 'cpu' value (git-fixes). - tracing/osnoise: Force quiescent states while tracing (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes). - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - udmabuf: validate ubuf->pagecount (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - usb: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - usb: dwc3: pci: Add 'snps,dis_u2_susphy_quirk' for Intel Bay Trail (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: gadget: eliminate anonymous module_init and module_exit (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - usb: gadget: validate endpoint index for xilinx udc (git-fixes). - usb: gadget: validate interface OS descriptor requests (git-fixes). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - USB: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: new quirk for Dell Gen 2 devices (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - usb: serial: cp210x: add NCR Retail IO box id (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add support for DW5829e (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: serial: option: add Telit LE910R1 compositions (git-fixes). - usb: serial: option: add ZTE MF286D modem (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - usb: serial: pl2303: fix GS type detection (git-fixes). - usb: serial: pl2303: fix type detection for odd device (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: simple: add Nokia phone driver (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: eliminate anonymous module_init and module_exit (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - usb: zaurus: support another broken Zaurus (git-fixes). - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - vdpasim: allow to enable a vq repeatedly (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes). - vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio_blk: eliminate anonymous module_init and module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init and module_exit (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-net: realign page_to_skb() after merges (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - vsprintf: Fix potential unaligned access (bsc#1198379). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - x86/entry: Remove skip_r11rcx (bsc#1201524). - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - x86/kvmclock: Fix Hyper-V Isolated VM s boot issue when vCPUs 64 (bsc#1183682). - x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682). - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: fix is_xen_pmu() (git-fixes). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xfs: drop async cache flushes from CIL commits (bsc#1195669). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with poolmigrate_lock (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2573-1 Released: Thu Jul 28 04:24:19 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2597-1 Released: Fri Jul 29 16:12:04 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,1200549,1201394,1201469,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-23816,CVE-2022-23825,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364,CVE-2022-29900,CVE-2022-33745 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2625-1 Released: Tue Aug 2 12:15:42 2022 Summary: Recommended update for dracut Type: recommended Severity: important References: 1177461,1184970,1187654,1195047,1195508,1195604,1196267,1197635,1197967,1200236,1200251,1200360 This update for dracut fixes the following issues: - fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236) - fix(bluetooth): make hostonly configuration files optional (bsc#1195047) - fix(convertfs): ignore commented lines in fstab (bsc#1200251) - fix(crypt): remove quotes from cryptsetupopts (bsc#1197635) - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) - fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267) - fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604) - fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360) - fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2640-1 Released: Wed Aug 3 10:43:44 2022 Summary: Recommended update for yaml-cpp Type: recommended Severity: moderate References: 1160171,1178331,1178332,1200624 This update for yaml-cpp fixes the following issue: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2659-1 Released: Wed Aug 3 21:05:25 2022 Summary: Security update for ldb, samba Type: security Severity: important References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following non-security bug were fixed: ldb was updated to version 2.4.3: + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2677-1 Released: Fri Aug 5 04:00:59 2022 Summary: Recommended update for hwinfo Type: recommended Severity: important References: 1199948 This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2713-1 Released: Tue Aug 9 12:38:05 2022 Summary: Security update for bind Type: security Severity: important References: 1192146,1197135,1197136,1199044,1200685,CVE-2021-25219,CVE-2021-25220,CVE-2022-0396 This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135). - CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136). The following non-security bugs were fixed: - Update to release 9.16.31 (jsc#SLE-24600). - Logrotation broken since dropping chroot (bsc#1200685). - A non-existent initialization script (eg a leftorver 'createNamedConfInclude' in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2803-1 Released: Fri Aug 12 16:29:17 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1190256,1190497,1199291,1199356,1199665,1201258,1201323,1201391,1201458,1201592,1201593,1201595,1201596,1201635,1201651,1201691,1201705,1201726,1201846,1201930,1202094,CVE-2021-33655,CVE-2022-21505,CVE-2022-2585,CVE-2022-26373,CVE-2022-29581 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bnc#1202094). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26373: Fixed CPU info leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). The following non-security bugs were fixed: - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: Fix deadlock on resume (git-fixes). - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - batman-adv: Use netif_rx() (git-fixes). - bcmgenet: add WOL IRQ check (git-fixes). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - dm: do not stop request queue after the dm device is suspended (bsc#1201651). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - drivers: net: smc911x: Check for error irq (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - ethtool: Fix get module eeprom fallback (bsc#1201323). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fjes: Check for error irq (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim does not write the inode (bsc#1201592). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - gve: Recording rx queue before sending to napi (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - i2c: smbus: Check for parent device before dereference (git-fixes). - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - ice: Fix error with handling of bonding MTU (git-fixes). - ice: Fix race condition during interface enslave (git-fixes). - ice: stop disabling VFs due to PF error responses (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI workaround for phy_device changes (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kABI workaround for snd-soc-rt5682-* (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - kABI: fix adding field to ufs_hba (git-fixes). - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for 'i2c: smbus: Use device_*() functions instead of of_*()' - kabi/severities: add intel ice - kabi/severities: add stmmac network driver local symbols - kabi/severities: ignore dropped symbol rt5682_headset_detect - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - memregion: Fix memregion_free() fallback definition (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - natsemi: xtensa: fix section mismatch warnings (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - net: altera: set a couple error code in probe() (git-fixes). - net: amd-xgbe: Fix skb data length underflow (git-fixes). - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - net: axienet: Fix TX ring slot available check (git-fixes). - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - net: axienet: add missing memory barriers (git-fixes). - net: axienet: fix for TX busy handling (git-fixes). - net: axienet: fix number of TX ring slots for available check (git-fixes). - net: axienet: increase default TX ring size to 128 (git-fixes). - net: axienet: increase reset timeout (git-fixes). - net: axienet: limit minimum TX ring size (git-fixes). - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: bcmgenet: skip invalid partial checksums (git-fixes). - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes). - net: dsa: felix: do not use devres for mdiobus (git-fixes). - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - net: dsa: lan9303: fix reset on probe (git-fixes). - net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - net: ipa: add an interconnect dependency (git-fixes). - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - net: ipa: prevent concurrent replenish (git-fixes). - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - net: ks8851: Check for error irq (git-fixes). - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - net: mscc: ocelot: fix using match before it is set (git-fixes). - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - net: mvpp2: fix XDP rx queues registering (git-fixes). - net: phy: Do not trigger state machine while in suspend (git-fixes). - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - net: sfp: ignore disabled SFP node (git-fixes). - net: sparx5: Fix add vlan when invalid operation (git-fixes). - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - net: stmmac: Add platform level debug register dump feature (git-fixes). - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - net: stmmac: fix return value of __setup handler (git-fixes). - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - net: sxgbe: fix return value of __setup handler (git-fixes). - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - netdevsim: do not overwrite read only ethtool parms (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: wait until quiesce is done (bsc#1201651). - octeontx2-af: Do not fixup all VF action entries (git-fixes). - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - octeontx2-pf: Forward error codes to VF (git-fixes). - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - posix_cpu_timers: fix race between exit_itimers() and /proc/pid/timers (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - qede: validate non LSO skb length (git-fixes). - r8152: fix a WOL issue (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - rocker: fix a sleeping in atomic bug (git-fixes). - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). - scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - spi: amd: Limit max transfer and message size (git-fixes). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - tee: fix put order in teedev_close_context() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - tun: fix bonding active backup with arp monitoring (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: serial: ftdi_sio: add Belimo device ids (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - veth: Do not record rx queue hint in veth_xmit (git-fixes). - veth: ensure skb entering GRO are not cloned (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1190497). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:04 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2853-1 Released: Fri Aug 19 15:59:42 2022 Summary: Recommended update for sle-module-legacy-release Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498) The following package changes have been done: - bind-utils-9.16.31-150400.5.6.1 updated - dracut-mkinitrd-deprecated-055+suse.279.g3b3c36b2-150400.3.5.1 updated - dracut-055+suse.279.g3b3c36b2-150400.3.5.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - hwinfo-21.82-150400.3.3.1 updated - kernel-default-5.14.21-150400.24.18.1 updated - libldb2-2.4.3-150400.4.8.1 updated - libncurses6-6.1-150000.5.12.1 updated - libpcre2-8-0-10.39-150400.4.6.1 updated - libsystemd0-249.11-150400.8.5.1 updated - libudev1-249.11-150400.8.5.1 updated - libxml2-2-2.9.14-150400.5.7.1 updated - libyaml-cpp0_6-0.6.3-150400.4.3.1 updated - libzypp-17.30.2-150400.3.3.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - permissions-20201225-150400.5.8.1 updated - python3-apipkg-1.4-150000.3.2.1 added - python3-bind-9.16.31-150400.5.6.1 updated - python3-iniconfig-1.1.1-150000.1.5.1 added - python3-py-1.10.0-150000.5.9.2 updated - rpm-config-SUSE-1-150400.14.3.1 updated - samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 updated - systemd-sysvinit-249.11-150400.8.5.1 updated - systemd-249.11-150400.8.5.1 updated - tar-1.34-150000.3.18.1 updated - terminfo-base-6.1-150000.5.12.1 updated - terminfo-6.1-150000.5.12.1 updated - udev-249.11-150400.8.5.1 updated - xen-libs-4.16.1_06-150400.4.8.1 updated - xen-tools-domU-4.16.1_06-150400.4.8.1 updated - zypper-1.14.53-150400.3.3.1 updated From sle-updates at lists.suse.com Wed Aug 24 07:25:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2022 09:25:38 +0200 (CEST) Subject: SUSE-CU-2022:1883-1: Security update of suse/sles12sp5 Message-ID: <20220824072538.2F062FF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1883-1 Container Tags : suse/sles12sp5:6.5.366 , suse/sles12sp5:latest Container Release : 6.5.366 Severity : moderate Type : security References : 1180065 CVE-2020-29362 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2871-1 Released: Tue Aug 23 09:26:32 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread that could lead to crashes (bsc#1180065) The following package changes have been done: - libp11-kit0-0.23.2-8.10.1 updated - p11-kit-tools-0.23.2-8.10.1 updated - p11-kit-0.23.2-8.10.1 updated From sle-updates at lists.suse.com Wed Aug 24 13:17:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2022 15:17:05 +0200 (CEST) Subject: SUSE-SU-2022:2882-1: important: Security update for gnutls Message-ID: <20220824131705.1A98FFF0F@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2882-1 Rating: important References: #1202020 Cross-References: CVE-2022-2509 CVSS scores: CVE-2022-2509 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2509 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2882=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2882=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2882=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2882=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2882=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2882=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2882=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2882=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2882=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2882=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2882=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2882=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2882=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 gnutls-guile-3.6.7-150200.14.19.2 gnutls-guile-debuginfo-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - openSUSE Leap 15.3 (x86_64): libgnutls-devel-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Manager Server 4.1 (x86_64): libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Manager Proxy 4.1 (x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): gnutls-3.6.7-150200.14.19.2 gnutls-debuginfo-3.6.7-150200.14.19.2 gnutls-debugsource-3.6.7-150200.14.19.2 libgnutls-devel-3.6.7-150200.14.19.2 libgnutls30-3.6.7-150200.14.19.2 libgnutls30-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-3.6.7-150200.14.19.2 libgnutlsxx-devel-3.6.7-150200.14.19.2 libgnutlsxx28-3.6.7-150200.14.19.2 libgnutlsxx28-debuginfo-3.6.7-150200.14.19.2 - SUSE Enterprise Storage 7 (x86_64): libgnutls30-32bit-3.6.7-150200.14.19.2 libgnutls30-32bit-debuginfo-3.6.7-150200.14.19.2 libgnutls30-hmac-32bit-3.6.7-150200.14.19.2 References: https://www.suse.com/security/cve/CVE-2022-2509.html https://bugzilla.suse.com/1202020 From sle-updates at lists.suse.com Wed Aug 24 13:17:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2022 15:17:52 +0200 (CEST) Subject: SUSE-SU-2022:2883-1: important: Security update for bluez Message-ID: <20220824131752.B5234FF0F@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2883-1 Rating: important References: #1194704 Cross-References: CVE-2022-0204 CVSS scores: CVE-2022-0204 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0204 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bluez fixes the following issues: - CVE-2022-0204: Fixed a buffer overflow in the implementation of the gatt protocol (bsc#1194704). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2883=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2883=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2883=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2883=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): bluez-5.55-150300.3.11.1 bluez-cups-5.55-150300.3.11.1 bluez-cups-debuginfo-5.55-150300.3.11.1 bluez-debuginfo-5.55-150300.3.11.1 bluez-debugsource-5.55-150300.3.11.1 bluez-deprecated-5.55-150300.3.11.1 bluez-deprecated-debuginfo-5.55-150300.3.11.1 bluez-devel-5.55-150300.3.11.1 bluez-test-5.55-150300.3.11.1 bluez-test-debuginfo-5.55-150300.3.11.1 libbluetooth3-5.55-150300.3.11.1 libbluetooth3-debuginfo-5.55-150300.3.11.1 - openSUSE Leap 15.3 (x86_64): bluez-devel-32bit-5.55-150300.3.11.1 libbluetooth3-32bit-5.55-150300.3.11.1 libbluetooth3-32bit-debuginfo-5.55-150300.3.11.1 - openSUSE Leap 15.3 (noarch): bluez-auto-enable-devices-5.55-150300.3.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): bluez-cups-5.55-150300.3.11.1 bluez-cups-debuginfo-5.55-150300.3.11.1 bluez-debuginfo-5.55-150300.3.11.1 bluez-debugsource-5.55-150300.3.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.55-150300.3.11.1 bluez-debugsource-5.55-150300.3.11.1 bluez-devel-5.55-150300.3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): bluez-5.55-150300.3.11.1 bluez-debuginfo-5.55-150300.3.11.1 bluez-debugsource-5.55-150300.3.11.1 bluez-deprecated-5.55-150300.3.11.1 bluez-deprecated-debuginfo-5.55-150300.3.11.1 libbluetooth3-5.55-150300.3.11.1 libbluetooth3-debuginfo-5.55-150300.3.11.1 References: https://www.suse.com/security/cve/CVE-2022-0204.html https://bugzilla.suse.com/1194704 From sle-updates at lists.suse.com Wed Aug 24 13:18:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2022 15:18:32 +0200 (CEST) Subject: SUSE-SU-2022:2881-1: important: Security update for spice Message-ID: <20220824131832.08860FF0F@maintenance.suse.de> SUSE Security Update: Security update for spice ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2881-1 Rating: important References: #1181686 Cross-References: CVE-2021-20201 CVSS scores: CVE-2021-20201 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-20201 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for spice fixes the following issues: - CVE-2021-20201: Fixed an issue which could allow clients to cause a denial of service by repeatedly renegotiating a connection (bsc#1181686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2881=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2881=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2881=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.14.3-150300.3.3.1 libspice-server1-0.14.3-150300.3.3.1 libspice-server1-debuginfo-0.14.3-150300.3.3.1 spice-debugsource-0.14.3-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libspice-server-devel-0.14.3-150300.3.3.1 libspice-server1-0.14.3-150300.3.3.1 libspice-server1-debuginfo-0.14.3-150300.3.3.1 spice-debugsource-0.14.3-150300.3.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libspice-server1-0.14.3-150300.3.3.1 libspice-server1-debuginfo-0.14.3-150300.3.3.1 spice-debugsource-0.14.3-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-20201.html https://bugzilla.suse.com/1181686 From sle-updates at lists.suse.com Wed Aug 24 16:16:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2022 18:16:40 +0200 (CEST) Subject: SUSE-SU-2022:2886-1: important: Security update for glibc Message-ID: <20220824161640.8307BFF0F@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2886-1 Rating: important References: #1027496 #1178386 #1179694 #1179721 #1181505 #1182117 #941234 Cross-References: CVE-2015-5180 CVE-2016-10228 CVE-2019-25013 CVE-2020-27618 CVE-2020-29562 CVE-2020-29573 CVE-2021-3326 CVSS scores: CVE-2016-10228 (NVD) : 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-10228 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2019-25013 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-25013 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27618 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27618 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-29562 (NVD) : 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2020-29562 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-29573 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29573 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3326 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3326 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2015-5180: Fix crash with internal QTYPE in resolv (bsc#941234, BZ #18784) - CVE-2016-10228: Rewrite iconv option parsing (bsc#1027496, BZ #19519) - CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module (bsc#1182117, BZ #24973) - CVE-2020-27618: Accept redundant shift sequences in IBM1364 iconv module (bsc#1178386, BZ #26224) - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds in iconv (bsc#1179694, BZ #26923) - CVE-2020-29573: Hardened printf against non-normal long double values (bsc#1179721, BZ #26649) - CVE-2021-3326: Fix assertion failure in ISO-2022-JP-3 gconv module (bsc#1181505, BZ #27256) - Recognize ppc64p7 arch to build for power7 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2886=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2886=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): glibc-html-2.22-126.1 glibc-i18ndata-2.22-126.1 glibc-info-2.22-126.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): glibc-2.22-126.1 glibc-32bit-2.22-126.1 glibc-debuginfo-2.22-126.1 glibc-debuginfo-32bit-2.22-126.1 glibc-debugsource-2.22-126.1 glibc-devel-2.22-126.1 glibc-devel-32bit-2.22-126.1 glibc-devel-debuginfo-2.22-126.1 glibc-devel-debuginfo-32bit-2.22-126.1 glibc-locale-2.22-126.1 glibc-locale-32bit-2.22-126.1 glibc-locale-debuginfo-2.22-126.1 glibc-locale-debuginfo-32bit-2.22-126.1 glibc-profile-2.22-126.1 glibc-profile-32bit-2.22-126.1 nscd-2.22-126.1 nscd-debuginfo-2.22-126.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-126.1 glibc-32bit-2.22-126.1 glibc-debuginfo-2.22-126.1 glibc-debuginfo-32bit-2.22-126.1 glibc-debugsource-2.22-126.1 glibc-devel-2.22-126.1 glibc-devel-32bit-2.22-126.1 glibc-devel-debuginfo-2.22-126.1 glibc-devel-debuginfo-32bit-2.22-126.1 glibc-locale-2.22-126.1 glibc-locale-32bit-2.22-126.1 glibc-locale-debuginfo-2.22-126.1 glibc-locale-debuginfo-32bit-2.22-126.1 glibc-profile-2.22-126.1 glibc-profile-32bit-2.22-126.1 nscd-2.22-126.1 nscd-debuginfo-2.22-126.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-126.1 glibc-i18ndata-2.22-126.1 glibc-info-2.22-126.1 References: https://www.suse.com/security/cve/CVE-2015-5180.html https://www.suse.com/security/cve/CVE-2016-10228.html https://www.suse.com/security/cve/CVE-2019-25013.html https://www.suse.com/security/cve/CVE-2020-27618.html https://www.suse.com/security/cve/CVE-2020-29562.html https://www.suse.com/security/cve/CVE-2020-29573.html https://www.suse.com/security/cve/CVE-2021-3326.html https://bugzilla.suse.com/1027496 https://bugzilla.suse.com/1178386 https://bugzilla.suse.com/1179694 https://bugzilla.suse.com/1179721 https://bugzilla.suse.com/1181505 https://bugzilla.suse.com/1182117 https://bugzilla.suse.com/941234 From sle-updates at lists.suse.com Wed Aug 24 16:17:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 24 Aug 2022 18:17:52 +0200 (CEST) Subject: SUSE-SU-2022:2885-1: moderate: Security update for rubygem-rails-html-sanitizer Message-ID: <20220824161752.52747FF0F@maintenance.suse.de> SUSE Security Update: Security update for rubygem-rails-html-sanitizer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2885-1 Rating: moderate References: #1201183 Cross-References: CVE-2022-32209 CVSS scores: CVE-2022-32209 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-32209 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-rails-html-sanitizer fixes the following issues: - CVE-2022-32209: Fixed a potential content injection under specific configurations (bsc#1201183). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2885=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-2885=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.11.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.11.1 References: https://www.suse.com/security/cve/CVE-2022-32209.html https://bugzilla.suse.com/1201183 From sle-updates at lists.suse.com Thu Aug 25 07:02:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 09:02:04 +0200 (CEST) Subject: SUSE-IU-2022:1067-1: Security update of sles-15-sp4-chost-byos-v20220818-x86-64 Message-ID: <20220825070204.D220FFF0F@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20220818-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1067-1 Image Tags : sles-15-sp4-chost-byos-v20220818-x86-64:20220818 Image Release : Severity : important Type : security References : 1027519 1055117 1061840 1065729 1071995 1089644 1103269 1118212 1121726 1137373 1137728 1156395 1157038 1157923 1160171 1175667 1177461 1178331 1178332 1179439 1179639 1180814 1181658 1183682 1183872 1184318 1184924 1184970 1187654 1187716 1188885 1189998 1190137 1190208 1190256 1190336 1190497 1190497 1190768 1190786 1190812 1191271 1191663 1192146 1192483 1193064 1193277 1193282 1193289 1193431 1193556 1193629 1193640 1193787 1193823 1193852 1194086 1194111 1194191 1194409 1194501 1194523 1194526 1194550 1194583 1194585 1194586 1194625 1194708 1194765 1194826 1194869 1195047 1195099 1195157 1195287 1195478 1195482 1195504 1195508 1195604 1195651 1195668 1195669 1195775 1195823 1195826 1195913 1195915 1195926 1195944 1195957 1195987 1196079 1196114 1196125 1196130 1196213 1196224 1196267 1196306 1196367 1196400 1196426 1196478 1196490 1196514 1196570 1196723 1196779 1196830 1196836 1196866 1196868 1196869 1196901 1196930 1196942 1196960 1197016 1197135 1197136 1197157 1197227 1197243 1197292 1197302 1197303 1197304 1197362 1197386 1197501 1197570 1197601 1197635 1197661 1197675 1197684 1197761 1197817 1197819 1197820 1197888 1197889 1197894 1197915 1197917 1197918 1197920 1197921 1197922 1197926 1197967 1198009 1198010 1198012 1198013 1198014 1198015 1198016 1198017 1198018 1198019 1198020 1198021 1198022 1198023 1198024 1198027 1198030 1198034 1198058 1198217 1198255 1198379 1198400 1198402 1198410 1198412 1198413 1198438 1198484 1198577 1198585 1198627 1198660 1198720 1198732 1198802 1198803 1198806 1198811 1198826 1198829 1198835 1198968 1198971 1199011 1199024 1199035 1199042 1199044 1199046 1199052 1199063 1199132 1199163 1199173 1199235 1199247 1199260 1199291 1199314 1199356 1199390 1199426 1199433 1199439 1199482 1199487 1199505 1199507 1199605 1199611 1199626 1199631 1199650 1199657 1199665 1199674 1199734 1199736 1199793 1199839 1199875 1199909 1199948 1199965 1199966 1200015 1200019 1200045 1200046 1200144 1200170 1200205 1200211 1200236 1200251 1200259 1200263 1200284 1200315 1200343 1200360 1200420 1200442 1200475 1200502 1200549 1200556 1200567 1200569 1200571 1200599 1200600 1200608 1200611 1200619 1200624 1200657 1200685 1200692 1200747 1200762 1200763 1200806 1200807 1200808 1200809 1200810 1200812 1200813 1200815 1200816 1200820 1200821 1200822 1200824 1200825 1200827 1200828 1200829 1200830 1200845 1200855 1200882 1200925 1200964 1201050 1201080 1201160 1201171 1201177 1201193 1201196 1201218 1201222 1201225 1201228 1201251 1201258 1201276 1201323 1201381 1201385 1201391 1201394 1201458 1201469 1201471 1201490 1201492 1201493 1201495 1201496 1201524 1201560 1201592 1201593 1201595 1201596 1201635 1201640 1201651 1201691 1201705 1201726 1201846 1201930 1202094 1202436 CVE-2021-25219 CVE-2021-25220 CVE-2021-26341 CVE-2021-33061 CVE-2021-33655 CVE-2021-4204 CVE-2021-44879 CVE-2021-45402 CVE-2022-0264 CVE-2022-0396 CVE-2022-0494 CVE-2022-0617 CVE-2022-1012 CVE-2022-1016 CVE-2022-1184 CVE-2022-1198 CVE-2022-1205 CVE-2022-1462 CVE-2022-1508 CVE-2022-1587 CVE-2022-1651 CVE-2022-1652 CVE-2022-1671 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1998 CVE-2022-20132 CVE-2022-20154 CVE-2022-2031 CVE-2022-21123 CVE-2022-21123 CVE-2022-21125 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-21505 CVE-2022-2318 CVE-2022-23222 CVE-2022-23308 CVE-2022-23816 CVE-2022-23825 CVE-2022-2585 CVE-2022-26362 CVE-2022-26363 CVE-2022-26364 CVE-2022-26365 CVE-2022-26373 CVE-2022-26490 CVE-2022-29458 CVE-2022-29581 CVE-2022-29582 CVE-2022-29824 CVE-2022-29900 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33745 CVE-2022-33981 CVE-2022-34903 CVE-2022-34918 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20220818-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2520-1 Released: Thu Jul 21 18:34:49 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1055117,1061840,1065729,1071995,1089644,1103269,1118212,1121726,1137728,1156395,1157038,1157923,1175667,1179439,1179639,1180814,1183682,1183872,1184318,1184924,1187716,1188885,1189998,1190137,1190208,1190336,1190497,1190768,1190786,1190812,1191271,1191663,1192483,1193064,1193277,1193289,1193431,1193556,1193629,1193640,1193787,1193823,1193852,1194086,1194111,1194191,1194409,1194501,1194523,1194526,1194583,1194585,1194586,1194625,1194765,1194826,1194869,1195099,1195287,1195478,1195482,1195504,1195651,1195668,1195669,1195775,1195823,1195826,1195913,1195915,1195926,1195944,1195957,1195987,1196079,1196114,1196130,1196213,1196306,1196367,1196400,1196426,1196478,1196514,1196570,1196723,1196779,1196830,1196836,1196866,1196868,1196869,1196901,1196930,1196942,1196960,1197016,1197157,1197227,1197243,1197292,1197302,1197303,1197304,1197362,1197386,1197501,1197601,1197661,1197675,1197761,1197817,1197819,1197820,1197888,1197889,1197894,1197915,1197917,1197918,1197920,1197921,1197922,1 197926,1198009,1198010,1198012,1198013,1198014,1198015,1198016,1198017,1198018,1198019,1198020,1198021,1198022,1198023,1198024,1198027,1198030,1198034,1198058,1198217,1198379,1198400,1198402,1198410,1198412,1198413,1198438,1198484,1198577,1198585,1198660,1198802,1198803,1198806,1198811,1198826,1198829,1198835,1198968,1198971,1199011,1199024,1199035,1199046,1199052,1199063,1199163,1199173,1199260,1199314,1199390,1199426,1199433,1199439,1199482,1199487,1199505,1199507,1199605,1199611,1199626,1199631,1199650,1199657,1199674,1199736,1199793,1199839,1199875,1199909,1200015,1200019,1200045,1200046,1200144,1200205,1200211,1200259,1200263,1200284,1200315,1200343,1200420,1200442,1200475,1200502,1200567,1200569,1200571,1200599,1200600,1200608,1200611,1200619,1200692,1200762,1200763,1200806,1200807,1200808,1200809,1200810,1200812,1200813,1200815,1200816,1200820,1200821,1200822,1200824,1200825,1200827,1200828,1200829,1200830,1200845,1200882,1200925,1201050,1201080,1201160,1201171,1201177,120119 3,1201196,1201218,1201222,1201228,1201251,1201381,1201471,1201524,CVE-2021-26341,CVE-2021-33061,CVE-2021-4204,CVE-2021-44879,CVE-2021-45402,CVE-2022-0264,CVE-2022-0494,CVE-2022-0617,CVE-2022-1012,CVE-2022-1016,CVE-2022-1184,CVE-2022-1198,CVE-2022-1205,CVE-2022-1462,CVE-2022-1508,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1966,CVE-2022-1972,CVE-2022-1974,CVE-2022-1998,CVE-2022-20132,CVE-2022-20154,CVE-2022-21123,CVE-2022-21125,CVE-2022-21127,CVE-2022-21166,CVE-2022-21180,CVE-2022-21499,CVE-2022-2318,CVE-2022-23222,CVE-2022-26365,CVE-2022-26490,CVE-2022-29582,CVE-2022-29900,CVE-2022-29901,CVE-2022-30594,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-33743,CVE-2022-33981,CVE-2022-34918 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657). - CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171). - CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). - CVE-2022-33743: Fixed a Denial of Service related to XDP (bsc#1200763). - CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bnc#1199487). - CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bnc#1200619). - CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692) - CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482). - CVE-2022-1998: Fixed a use after free in the file system notify functionality (bnc#1200284). - CVE-2022-1966: Fixed a use-after-free vulnerability in the Netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015) - CVE-2022-1852: Fixed a null-ptr-deref in the kvm module which can lead to DoS. (bsc#1199875) - CVE-2022-1789: Fixed a NULL pointer dereference when shadow paging is enabled. (bnc#1199674) - CVE-2022-1508: Fixed an out-of-bounds read flaw that could cause the system to crash. (bsc#1198968) - CVE-2022-1671: Fixed a null-ptr-deref bugs in net/rxrpc/server_key.c, unprivileged users could easily trigger it via ioctl. (bsc#1199439) - CVE-2022-1651: Fixed a bug in ACRN Device Model emulates virtual NICs in VM. This flaw may allow a local privileged attacker to leak kernel unauthorized information and also cause a denial of service problem. (bsc#1199433) - CVE-2022-29582: Fixed a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. (bnc#1198811) - CVE-2022-0494: Fixed a kernel information leak flaw in the scsi_ioctl function. This flaw allowed a local attacker with a special user privilege to create issues with confidentiality. (bnc#1197386) - CVE-2021-4204: Fixed a vulnerability that allows local attackers to escalate privileges on affected installations via ebpf. (bnc#1194111) - CVE-2022-23222: Fixed a bug that allowed local users to gain privileges. (bnc#1194765) - CVE-2022-0264: Fixed a vulnerability in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (bnc#1194826) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019) - CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650) - CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507). - CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063). - CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505). - CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426). - CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144) - CVE-2022-21499: Reinforce the kernel lockdown feature, until now it's been trivial to break out of it with kgdb or kdb. (bsc#1199426) - CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577) - CVE-2022-1734: Fixed a r/w use-after-free when non synchronized between cleanup routine and firmware download routine. (bnc#1199605) - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI/APEI: Limit printable size of BERT table data (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: bus: Avoid using CPPC if not supported by firmware (bsc#1199793). - ACPICA: Avoid cache flush inside virtual machines (git-fixes). - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes). - ACPI: CPPC: Assume no transition latency if no PCCT (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Amend PWM enumeration ASL example (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI/IORT: Check node revision for PMCG resources (git-fixes). - ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes). - ACPI: PM: Revert 'Only mark EC GPE for wakeup on Intel systems' (git-fixes). - ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE (git-fixes). - ACPI: processor idle: Allow playing dead in C3 state (git-fixes). - ACPI: processor: idle: Avoid falling back to C3 type C-states (git-fixes). - ACPI: processor idle: Check for architectural support for LPI (git-fixes). - ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: property: Release subnode properties with data nodes (git-fixes). - ACPI: sysfs: Fix BERT error region memory mapping (git-fixes). - ACPI: video: Change how we determine if brightness key-presses are handled (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (git-fixes). - aio: Fix incorrect usage of eventfd_signal_allowed() (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: core: Add snd_card_free_on_error() helper (git-fixes). - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes). - ALSA: ctxfi: Add SB046x PCI ID (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes). - ALSA: hda: Add AlderLake-PS variant PCI ID (git-fixes). - ALSA: hda: Add PCI and HDMI IDs for Intel Raptor Lake (git-fixes). - ALSA: hda: Avoid unsol event during RPM suspending (git-fixes). - ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes). - ALSA: hda/conexant: Fix missing beep setup (git-fixes). - ALSA: hda: Fix discovery of i915 graphics PCI device (bsc#1200611). - ALSA: hda: Fix driver index handling at re-binding (git-fixes). - ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes). - ALSA: hda: Fix regression on forced probe mask option (git-fixes). - ALSA: hda: Fix signedness of sscanf() arguments (git-fixes). - ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes). - ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes). - ALSA: hda/i915: Fix one too many pci_dev_put() (git-fixes). - ALSA: hda/i915 - skip acomp init if no matching display (git-fixes). - ALSA: hda: intel-dspcfg: use SOF for UpExtreme and UpExtreme11 boards (git-fixes). - ALSA: hda: intel-dsp-config: update AlderLake PCI IDs (git-fixes). - ALSA: hda: intel-nhlt: remove use of __func__ in dev_dbg (git-fixes). - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes). - ALSA: hda/realtek - Add HW8326 support (git-fixes). - ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes). - ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes). - ALSA: hda/realtek - Add new type for ALC245 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes). - ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes). - ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2019 (git-fixes). - ALSA: hda/realtek: add quirk for Lenovo Thinkpad X12 speakers (git-fixes). - ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes). - ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (git-fixes). - ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes). - ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes). - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes). - ALSA: hda/realtek: Fix deadlock by COEF mutex (bsc#1195913). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes). - ALSA: hda: realtek: Fix race at concurrent COEF updates (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes). - ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes). - ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes). - ALSA: hda: Set max DMA segment size (git-fixes). - ALSA: hda: Skip codec shutdown in case the codec is not registered (git-fixes). - ALSA: hda/via: Fix missing beep setup (git-fixes). - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ALSA: memalloc: Fix dma_need_sync() checks (bsc#1195913). - ALSA: memalloc: invalidate SG pages before sync (bsc#1195913). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes). - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent prealloc proc writes (git-fixes). - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls (git-fixes). - ALSA: pcm: Fix races among concurrent read/write and buffer changes (git-fixes). - ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: add mapping for MSI MAG X570S Torpedo MAX (git-fixes). - ALSA: usb-audio: add mapping for new Corsair Virtuoso SE (git-fixes). - ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ALSA: usb-audio: Add quirk bits for enabling/disabling generic implicit fb (git-fixes). - ALSA: usb-audio: Cancel pending work at closing a MIDI substream (git-fixes). - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes). - ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes). - ALSA: usb-audio: Configure sync endpoints before data (git-fixes). - ALSA: usb-audio: Correct quirk for VF0770 (git-fixes). - ALSA: usb-audio: Do not abort resume upon errors (bsc#1195913). - ALSA: usb-audio: Do not get sample rate for MCT Trigger 5 USB-to-HDMI (git-fixes). - ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - ALSA: usb-audio: Increase max buffer size (git-fixes). - ALSA: usb-audio: initialize variables that could ignore errors (git-fixes). - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes). - ALSA: usb-audio: Move generic implicit fb quirk entries into quirks.c (git-fixes). - ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes). - ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes). - ALSA: usb-audio: revert to IMPLICIT_FB_FIXED_DEV for M-Audio FastTrack Ultra (git-fixes). - ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes). - ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes). - ALSA: usb-audio: US16x08: Move overflow check before array access (git-fixes). - ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes). - ALSA: wavefront: Proper check of get_user() error (git-fixes). - ALSA: x86: intel_hdmi_audio: enable pm_runtime and set autosuspend delay (git-fixes). - ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() (git-fixes). - alx: acquire mutex for alx_reinit in alx_change_mtu (git-fixes). - amd/display: set backlight only if required (git-fixes). - arch/arm64: Fix topology initialization for core scheduling (git-fixes). - arm64: Add Cortex-A510 CPU part definition (git-fixes). - arm64: Add part number for Arm Cortex-A78AE (git-fixes). - arm64: Add support for user sub-page fault probing (git-fixes) - arm64: alternatives: mark patch_alternative() as `noinstr` (git-fixes). - arm64: avoid fixmap race condition when create pud mapping (git-fixes). - arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (git-fixes). - arm64: Correct wrong label in macro __init_el2_gicv3 (git-fixes). - arm64: defconfig: build imx-sdma as a module (git-fixes). - arm64: do not abuse pfn_valid() to ensure presence of linear map (git-fixes). - arm64: Do not defer reserve_crashkernel() for platforms with no DMA memory zones (git-fixes). - arm64: Do not include __READ_ONCE() block in assembly files (git-fixes). - arm64: dts: agilex: use the compatible 'intel,socfpga-agilex-hsotg' (git-fixes). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (git-fixes). - arm64: dts: broadcom: bcm4908: use proper TWD binding (git-fixes). - arm64: dts: broadcom: Fix sata nodename (git-fixes). - arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mm-venice: fix spi2 pin configuration (git-fixes) - arm64: dts: imx8mn-beacon: Enable RTS-CTS on UART3 (git-fixes). - arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (git-fixes) - arm64: dts: imx8mn: Fix SAI nodes (git-fixes) - arm64: dts: imx8mp-evk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct mmc pad settings (git-fixes). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (git-fixes). - arm64: dts: imx8mp-evk: correct vbus pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (git-fixes). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (git-fixes). - arm64: dts: imx8mq: fix lcdif port node (git-fixes). - arm64: dts: imx8qm: Correct SCU clock controller's compatible (git-fixes) - arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes (git-fixes). - arm64: dts: juno: Remove GICv2m dma-range (git-fixes). - arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus (git-fixes). - arm64: dts: ls1043a: Update i2c dma properties (git-fixes). - arm64: dts: ls1046a: Update i2c node dma properties (git-fixes). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes). - arm64: dts: marvell: espressobin-ultra: enable front USB3 port (git-fixes). - arm64: dts: marvell: espressobin-ultra: fix SPI-NOR config (git-fixes). - arm64: dts: meson-g12: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson-g12b-odroid-n2: fix typo 'dio2133' (git-fixes). - arm64: dts: meson-g12: drop BL32 region from SEI510/SEI610 (git-fixes). - arm64: dts: meson-gx: add ATF BL32 reserved-memory region (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for G12B boards (git-fixes). - arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO domain for GPIOE_2 (git-fixes). - arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1 (git-fixes). - arm64: dts: meson-sm1-odroid: fix boot loop after reboot (git-fixes). - arm64: dts: meson-sm1-odroid: use correct enable-gpio pin for tf-io regulator (git-fixes). - arm64: dts: mt8192: Fix nor_flash status disable typo (git-fixes). - arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes). - arm64: dts: qcom: ipq8074: fix the sleep clock frequency (git-fixes). - arm64: dts: qcom: msm8916-huawei-g7: Clarify installation instructions (git-fixes). - arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count (git-fixes). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (git-fixes). - arm64: dts: qcom: msm8994: Fix the cont_splash_mem address (git-fixes). - arm64: dts: qcom: msm8996: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: msm8996: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: pm8350c: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: pmr735a: stop depending on thermal_zones label (git-fixes). - arm64: dts: qcom: qrb5165-rb5: Fix can-clock node name (git-fixes). - arm64: dts: qcom: sdm845-db845c: add wifi variant property (git-fixes). - arm64: dts: qcom: sdm845: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sdm845: fix microphone bias properties and values (git-fixes). - arm64: dts: qcom: sdm845: remove snps,dw-pcie compatibles (git-fixes). - arm64: dts: qcom: sdm845-xiaomi-beryllium: fix typo in panel's vddio-supply property (git-fixes). - arm64: dts: qcom: sm8150: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8250: Drop flags for mdss irqs (git-fixes). - arm64: dts: qcom: sm8250: Fix MSI IRQ for PCIe1 and PCIe2 (git-fixes). - arm64: dts: qcom: sm8250: fix PCIe bindings to follow schema (git-fixes). - arm64: dts: qcom: sm8350: Correct TCS configuration for apps rsc (git-fixes). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (git-fixes). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (git-fixes). - arm64: dts: qcom: sm8350: Shorten camera-thermal-bottom name (git-fixes). - arm64: dts: renesas: Fix thermal bindings (git-fixes). - arm64: dts: renesas: ulcb-kf: fix wrong comment (git-fixes). - arm64: dts: rockchip: align pl330 node name with dtschema (git-fixes). - arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity (git-fixes). - arm64: dts: rockchip: fix rk3399-puma-haikou USB OTG mode (git-fixes). - arm64: dts: rockchip: Fix SDIO regulator supply properties on rk3399-firefly (git-fixes). - arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes). - arm64: dts: rockchip: reorder rk3399 hdmi clocks (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - arm64: dts: ti: j7200-main: Fix 'dtbs_check' serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: j721e-main: Fix 'dtbs_check' in serdes_ln_ctrl node (git-fixes). - arm64: dts: ti: k3-am64: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (git-fixes). - arm64: dts: ti: k3-am64-mcu: remove incorrect UART base clock rates (git-fixes). - arm64: dts: ti: k3-am65: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j7200: Fix gic-v3 compatible regs (git-fixes). - arm64: dts: ti: k3-j721e: Fix gic-v3 compatible regs (git-fixes). - arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (git-fixes). - arm64: Ensure execute-only permissions are not allowed without EPAN (git-fixes) - arm64: fix clang warning about TRAMP_VALIAS (git-fixes). - arm64: fix types in copy_highpage() (git-fixes). - arm64: ftrace: consistently handle PLTs (git-fixes). - arm64: ftrace: fix branch range checks (git-fixes). - arm64: kasan: fix include error in MTE functions (git-fixes). - arm64: kvm: keep the field workaround_flags in structure kvm_vcpu_arch (git-fixes). - arm64: Mark start_backtrace() notrace and NOKPROBE_SYMBOL (git-fixes) - arm64: mm: Drop 'const' from conditional arm64_dma_phys_limit definition (git-fixes). - arm64: mm: fix p?d_leaf() (git-fixes). - arm64: module: remove (NOLOAD) from linker script (git-fixes). - arm64: mte: Ensure the cleared tags are visible before setting the PTE (git-fixes). - arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes). - arm64: patch_text: Fixup last cpu should be master (git-fixes). - arm64: prevent instrumentation of bp hardening callbacks (git-fixes). - arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes). - arm64: stackleak: fix current_top_of_stack() (git-fixes). - arm64: supported.conf: mark PHY_FSL_IMX8MQ_USB as supported (bsc#1199909) - arm64: tegra: Add missing DFLL reset on Tegra210 (git-fixes). - arm64: tegra: Adjust length of CCPLEX cluster MMIO region (git-fixes). - arm64: Update config files. (bsc#1199909) Add pfuze100 regulator as module - arm64: vdso: fix makefile dependency on vdso.so (git-fixes). - ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes). - ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (git-fixes). - ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (git-fixes). - ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (git-fixes). - ARM: at91: fix soc detection for SAM9X60 SiPs (git-fixes). - ARM: at91: pm: use proper compatible for sama5d2's rtc (git-fixes). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (git-fixes). - ARM: boot: dts: bcm2711: Fix HVS register range (git-fixes). - ARM: cns3xxx: Fix refcount leak in cns3xxx_init (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable CONFIG_V4L_PLATFORM_DRIVERS (git-fixes). - ARM: configs: multi_v5_defconfig: re-enable DRM_PANEL and FB_xxx (git-fixes). - ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes). - ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes). - ARM: Do not use NOCROSSREFS directive with ld.lld (git-fixes). - ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes). - ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (git-fixes). - ARM: dts: aspeed: Add secure boot controller node (git-fixes). - ARM: dts: aspeed: Add video engine to g6 (git-fixes). - ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (git-fixes). - ARM: dts: aspeed: Fix AST2600 quad spi group (git-fixes). - ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (git-fixes). - ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (git-fixes). - ARM: dts: at91: fix pinctrl phandles (git-fixes). - ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (git-fixes). - ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (git-fixes). - ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes). - ARM: dts: bcm2711: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2711-rpi-400: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes). - ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes). - ARM: dts: bcm2837: Add the missing L1/L2 cache information (git-fixes). - ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes). - ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes). - ARM: dts: BCM5301X: update CRU block description (git-fixes). - ARM: dts: BCM5301X: Update pin controller node name (git-fixes). - ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks (git-fixes). - ARM: dts: dra7: Fix suspend warning for vpe powerdomain (git-fixes). - ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5250 (git-fixes). - ARM: dts: exynos: add missing HDMI supplies on SMDK5420 (git-fixes). - ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes). - ARM: dts: Fix boot regression on Skomer (git-fixes). - ARM: dts: Fix mmc order for omap3-gta04 (git-fixes). - ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes). - ARM: dts: Fix timer regression for beagleboard revision c (git-fixes). - ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes). - ARM: dts: imx6dl-colibri: Fix I2C pinmuxing (git-fixes). - ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes). - ARM: dts: imx6qdl: correct PU regulator ramp delay (git-fixes). - ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes). - ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes). - ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (git-fixes). - ARM: dts: imx7ulp: Fix 'assigned-clocks-parents' typo (git-fixes). - ARM: dts: imx7: Use audio_mclk_post_div instead audio_mclk_root_clk (git-fixes). - ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC (git-fixes) - ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes). - ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes). - ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes). - ARM: dts: meson: Fix the UART compatible strings (git-fixes). - ARM: dts: ox820: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 (git-fixes). - ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes). - ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes). - ARM: dts: qcom: sdx55: fix IPA interconnect definitions (git-fixes). - ARM: dts: rockchip: fix a typo on rk3288 crypto-controller (git-fixes). - ARM: dts: rockchip: reorder rk322x hmdi clocks (git-fixes). - ARM: dts: s5pv210: align DMA channels with dtschema (git-fixes). - ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries (git-fixes). - ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (git-fixes). - ARM: dts: socfpga: align interrupt controller node name with dtschema (git-fixes). - ARM: dts: socfpga: change qspi to 'intel,socfpga-qspi' (git-fixes). - ARM: dts: spear1340: Update serial node properties (git-fixes). - ARM: dts: spear13xx: Update SPI dma properties (git-fixes). - ARM: dts: stm32: fix AV96 board SAI2 pin muxing on stm32mp15 (git-fixes). - ARM: dts: stm32: Fix PHY post-reset delay on Avenger96 (git-fixes). - ARM: dts: sun8i: v3s: Move the csi1 block to follow address order (git-fixes). - ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes). - ARM: dts: switch timer config to common devkit8000 devicetree (git-fixes). - ARM: dts: Use 32KiHz oscillator on devkit8000 (git-fixes). - ARM: exynos: Fix refcount leak in exynos_map_pmu (git-fixes). - ARM: fix build warning in proc-v7-bugs.c (git-fixes). - ARM: fix co-processor register typo (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ARM: Fix refcount leak in axxia_boot_secondary (git-fixes). - ARM: fix Thumb2 regression with Spectre BHB (git-fixes). - ARM: ftrace: avoid redundant loads or clobbering IP (git-fixes). - ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes). - ARM: hisi: Add missing of_node_put after of_find_compatible_node (git-fixes). - ARM: iop32x: offset IRQ numbers by 1 (git-fixes). - ARM: kprobes: Make space for instruction pointer on stack (bsc#1193277). - ARM: mediatek: select arch timer for mt7629 (git-fixes). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (git-fixes). - ARM: mmp: Fix failure to remove sram device (git-fixes). - ARM: mstar: Select HAVE_ARM_ARCH_TIMER (git-fixes). - ARM: mxs_defconfig: Enable the framebuffer (git-fixes). - ARM: omap1: ams-delta: remove camera leftovers (git-fixes). - ARM: OMAP1: clock: Fix UART rate reporting algorithm (git-fixes). - ARM: OMAP2+: adjust the location of put_device() call in omapdss_init_of (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes). - ARM: OMAP2+: hwmod: Add of_node_put() before break (git-fixes). - ARM: pxa: maybe fix gpio lookup tables (git-fixes). - ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes). - ARM: Spectre-BHB: provide empty stub for non-config (git-fixes). - ARM: tegra: tamonten: Fix I2C3 pad setting (git-fixes). - ARM: vexpress/spc: Avoid negative array index when !SMP (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: amd: vg: fix for pm resume callback sequence (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes). - ASoC: atmel: Fix error handling in sam9x5_wm8731_driver_probe (git-fixes). - ASoC: atmel: Fix error handling in snd_proto_probe (git-fixes). - ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes). - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: codecs: Check for error pointer after calling devm_regmap_init_mmio (git-fixes). - ASoC: codecs: lpass-rx-macro: fix sidetone register offsets (git-fixes). - ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: rx-macro: fix accessing compander for aux (git-fixes). - ASoC: codecs: va-macro: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wc938x: fix accessing array out of bounds for enum type (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes). - ASoC: codecs: wcd934x: fix kcontrol max values (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: codecs: wcd938x: fix return value of mixer put function (git-fixes). - ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes). - ASoC: cs35l36: Update digital volume TLV (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: cs42l51: Correct minimum value for SX volume control (git-fixes). - ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes). - ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes). - ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes). - ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes). - ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes). - ASoC: dapm: Do not fold register value changes into notifications (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: es8328: Fix event generation for deemphasis control (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes). - ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (git-fixes). - ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: fsl: Use dev_err_probe() helper (git-fixes). - ASoC: hdmi-codec: Fix OOB memory accesses (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: imx-hdmi: Fix refcount leak in imx_hdmi_probe (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408 (git-fixes). - ASoC: intel: skylake: Set max DMA segment size (git-fixes). - ASoC: Intel: soc-acpi: correct device endpoints for max98373 (git-fixes). - ASoC: Intel: sof_sdw: fix quirks for 2022 HP Spectre x360 13' (git-fixes). - ASoC: madera: Add dependencies on MFD (git-fixes). - ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes). - ASoC: max98090: Generate notifications on changes for custom control (git-fixes). - ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes). - ASoC: max98090: Reject invalid values in custom control put() (git-fixes). - ASoC: max98357a: remove dependency on GPIOLIB (git-fixes). - ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes). - ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes). - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes). - ASoC: mediatek: mt8192-mt6359: Fix error handling in mt8192_mt6359_dev_probe (git-fixes). - ASoC: mediatek: use of_device_get_match_data() (git-fixes). - ASoC: meson: Fix event generation for AUI ACODEC mux (git-fixes). - ASoC: meson: Fix event generation for AUI CODEC mux (git-fixes). - ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: nau8822: Add operation for internal PLL off and on (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Fix stereo change notifications in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes). - ASoC: qcom: Actually clear DMA interrupt register for HDMI (git-fixes). - ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes). - ASoC: rk817: Fix missing clk_disable_unprepare() in rk817_platform_probe (git-fixes). - ASoC: rk817: Use devm_clk_get() in rk817_platform_probe (git-fixes). - ASoC: rockchip: i2s: Fix missing clk_disable_unprepare() in rockchip_i2s_probe (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_status_clear() (git-fixes). - ASoC: rsnd: care return value from rsnd_node_fixed_index() (git-fixes). - ASoC: rt1015p: remove dependency on GPIOLIB (git-fixes). - ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes). - ASoC: rt5645: Fix errorenous cleanup order (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - ASoC: samsung: Fix refcount leak in aries_audio_probe (git-fixes). - ASoC: samsung: Use dev_err_probe() helper (git-fixes). - ASoC: simple-card: fix probe failure on platform component (git-fixes). - ASoC: simple-card-utils: Set sysclk on all components (git-fixes). - ASoC: soc-compress: Change the check for codec_dai (git-fixes). - ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes). - ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes). - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes). - ASoC: soc-ops: fix error handling (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (git-fixes). - ASoC: SOF: hda: Set max DMA segment size (git-fixes). - ASoC: SOF: Intel: enable DMI L1 for playback streams (git-fixes). - ASoC: SOF: Intel: Fix build error without SND_SOC_SOF_PCI_DEV (git-fixes). - ASoC: SOF: Intel: Fix NULL ptr dereference when ENOMEM (git-fixes). - ASoC: SOF: Intel: match sdw version on link_slaves_found (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: tas2770: Insert post reset delay (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create() (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: wm8958: Fix change notifications for DSP controls (git-fixes). - ASoC: wm8962: Fix suspend while playing music (git-fixes). - ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes). - assoc_array: Fix BUG_ON during garbage collect (git-fixes). - asus-wmi: Add dgpu disable method (bsc#1198058). - asus-wmi: Add egpu enable method (bsc#1198058). - asus-wmi: Add panel overdrive functionality (bsc#1198058). - asus-wmi: Add support for platform_profile (bsc#1198058). - ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes). - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes). - ata: libata-core: Disable TRIM on M88V29 (git-fixes). - ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes). - ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ata: pata_hpt37x: fix PCI clock detection (git-fixes). - ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes). - ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (git-fixes). - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes). - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes). - ath10k: skip ath10k_halt during suspend for driver state RESTARTING (git-fixes). - ath11k: acquire ab->base_lock in unassign when finding the peer by addr (git-fixes). - ath11k: disable spectral scan during spectral deinit (git-fixes). - ath11k: Do not check arvif->is_started before sending management frames (git-fixes). - ath11k: fix kernel panic during unload/load ath11k modules (git-fixes). - ath11k: mhi: use mhi_sync_power_up() (git-fixes). - ath11k: pci: fix crash on suspend if board file is not found (git-fixes). - ath11k: set correct NL80211_FEATURE_DYNAMIC_SMPS for WCN6855 (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - ath9k: fix ar9003_get_eepmisc (git-fixes). - ath9k: fix QCA9561 PA bias level (git-fixes). - ath9k: Fix usage of driver-private space in tx_info (git-fixes). - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes). - ath9k_htc: fix uninit value bugs (git-fixes). - ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes). - atl1c: fix tx timeout after link flap on Mikrotik 10/25G NIC (git-fixes). - atm: eni: Add check for dma_map_single (git-fixes). - atm: firestream: check the return value of ioremap() in fs_init() (git-fixes). - atomics: Fix atomic64_{read_acquire,set_release} fallbacks (git-fixes). - audit: ensure userspace is penalized the same as the kernel when under pressure (git-fixes). - audit: improve audit queue handling when 'audit=1' on cmdline (git-fixes). - audit: improve robustness of the audit queue handling (git-fixes). - auxdisplay: lcd2s: Fix lcd2s_redefine_char() feature (git-fixes). - auxdisplay: lcd2s: Fix memory leak in ->remove() (git-fixes). - auxdisplay: lcd2s: Use proper API to free the instance of charlcd object (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes). - b43: Fix assigning negative value to unsigned variable (git-fixes). - b43legacy: Fix assigning negative value to unsigned variable (git-fixes). - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Do not skb_split skbuffs with frag_list (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes). - bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362). - bcache: fixup multiple threads crash (git-fixes). - bcache: fix use-after-free problem in bcache_device_free() (git-fixes). - bcache: improve multithreaded bch_btree_check() (git-fixes). - bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes). - bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes). - bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes). - bfq: Allow current waker to defend against a tentative one (bsc#1195915). - bfq: Avoid false marking of bic as stably merged (bsc#1197926). - bfq: Avoid merging queues with different parents (bsc#1197926). - bfq: Do not let waker requests skip proper accounting (bsc#1184318). - bfq: Drop pointless unlock-lock pair (bsc#1197926). - bfq: Fix warning in bfqq_request_over_limit() (bsc#1200812). - bfq: Get rid of __bio_blkcg() usage (bsc#1197926). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Limit waker detection in time (bsc#1184318). - bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926). - bfq: Relax waker detection for shared queues (bsc#1184318). - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926). - bfq: Split shared queues on move between cgroups (bsc#1197926). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - bfq: Track whether bfq_group is still online (bsc#1197926). - bfq: Update cgroup information before merging bio (bsc#1197926). - binfmt_flat: do not stop relocating GOT entries prematurely on riscv (git-fixes). - bitfield: add explicit inclusions to the example (git-fixes). - blkcg: Remove extra blkcg_bio_issue_init (bsc#1194585). - blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045). - blk-cgroup: set blkg iostat after percpu stat aggregation (bsc#1198018). - blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825). - blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() (bsc#1198034). - blk-mq: do not touch ->tagset in blk_mq_get_sq_hctx (bsc#1200824). - blk-mq: do not update io_ticks with passthrough requests (bsc#1200816). - blk-mq: fix tag_get wait task can't be awakened (bsc#1200263). - blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263). - blktrace: fix use after free for struct blk_trace (bsc#1198017). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1198016). - block: avoid to quiesce queue in elevator_init_mq (bsc#1198013). - block, bfq: fix UAF problem in bfqg_stats_init() (bsc#1194583). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: Check ADMIN before NICE for IOPRIO_CLASS_RT (bsc#1198012). - block: do not delete queue kobject before its children (bsc#1198019). - block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020). - block: fix async_depth sysfs interface for mq-deadline (bsc#1198015). - block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259). - block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (git-fixes). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - block: Fix the maximum minor value is blk_alloc_ext_minor() (bsc#1198021). - block: Fix up kabi after blkcg merge fix (bsc#1198020). - block: Hold invalidate_lock in BLKRESETZONE ioctl (bsc#1198010). - block: limit request dispatch loop duration (bsc#1198022). - block/mq-deadline: Improve request accounting further (bsc#1198009). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - Bluetooth: btintel: Fix WBS setting for Intel legacy ROM products (git-fixes). - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes). - Bluetooth: btusb: Add another Realtek 8761BU (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (git-fixes). - Bluetooth: btusb: Whitespace fixes for btusb_setup_csr() (git-fixes). - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes). - Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes). - Bluetooth: Fix not checking for valid hdev on bt_dev_{info,warn,err,dbg} (git-fixes). - Bluetooth: Fix the creation of hdev->name (git-fixes). - Bluetooth: Fix use after free in hci_send_acl (git-fixes). - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes). - Bluetooth: use hdev lock for accept_list and reject_list in conn req (git-fixes). - Bluetooth: use hdev lock in activate_scan for hci_is_adv_monitoring (git-fixes). - Bluetooth: use memset avoid memory leaks (git-fixes). - bnx2x: fix napi API usage sequence (bsc#1198217). - bnxt_en: Do not destroy health reporters during reset (bsc#1199736). - bnxt_en: Eliminate unintended link toggle during FW reset (bsc#1199736). - bnxt_en: Fix active FEC reporting to ethtool (git-fixes). - bnxt_en: Fix devlink fw_activate (jsc#SLE-18978). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (git-fixes). - bnxt_en: Fix unnecessary dropping of RX packets (git-fixes). - bnxt_en: Increase firmware message response DMA wait time (git-fixes). - bnxt_en: Prevent XDP redirect from running when stopping TX queue (git-fixes). - bnxt_en: reserve space inside receive page for skb_shared_info (git-fixes). - bnxt_en: Restore the resets_reliable flag in bnxt_open() (jsc#SLE-18978). - bnxt_en: Synchronize tx when xdp redirects happen on same ring (git-fixes). - bonding: fix data-races around agg_select_timer (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - bonding: pair enable_port with slave_arr_updates (git-fixes). - bpf: Add check_func_arg_reg_off function (git-fixes). - bpf: add config to allow loading modules with BTF mismatches (bsc#1194501). - bpf: Avoid races in __bpf_prog_run() for 32bit arches (git-fixes). - bpf: Disallow negative offset in check_ptr_off_reg (git-fixes). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg (git-fixes). - bpf: Fix PTR_TO_BTF_ID var_off check (git-fixes). - bpf: Fix UAF due to race between btf_try_get_module and load_module (git-fixes). - bpf: Mark PTR_TO_FUNC register initially with zero offset (git-fixes). - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes). - bpf: selftests: adapt bpf_iter_task_vma to get_inode_dev() (bsc#1198585). - bpf, selftests: Fix racing issue in btf_skc_cls_ingress test (git-fixes). - bpf, selftests: Update test case for atomic cmpxchg on r0 with pointer (git-fixes). - bpftool: Fix memory leak in prog_dump() (git-fixes). - bpftool: Remove inclusion of utilities.mak from Makefiles (git-fixes). - bpftool: Remove unused includes to bpf/bpf_gen_internal.h (git-fixes). - bpftool: Remove useless #include to perf-sys.h from map_perf_ring.c (git-fixes). - brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes). - brcmfmac: firmware: Fix crash in brcm_alt_fw_path (git-fixes). - brcmfmac: pcie: Declare missing firmware files in pcie.c (git-fixes). - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes). - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes). - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes). - brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes). - btrfs: add a BTRFS_FS_ERROR helper (bsc#1197915). - btrfs: add btrfs_set_item_*_nr() helpers (bsc#1197915). - btrfs: add helper to truncate inode items when logging inode (bsc#1197915). - btrfs: add missing run of delayed items after unlink during log replay (bsc#1197915). - btrfs: add ro compat flags to inodes (bsc#1197915). - btrfs: always update the logged transaction when logging new names (bsc#1197915). - btrfs: assert that extent buffers are write locked instead of only locked (bsc#1197915). - btrfs: avoid attempt to drop extents when logging inode for the first time (bsc#1197915). - btrfs: avoid expensive search when dropping inode items from log (bsc#1197915). - btrfs: avoid expensive search when truncating inode items from the log (bsc#1197915). - btrfs: Avoid live-lock in search_ioctl() on hardware with sub-page (git-fixes) - btrfs: avoid search for logged i_size when logging inode if possible (bsc#1197915). - btrfs: avoid unnecessarily logging directories that had no changes (bsc#1197915). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1197915). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1197915). - btrfs: change error handling for btrfs_delete_*_in_log (bsc#1197915). - btrfs: change handle_fs_error in recover_log_trees to aborts (bsc#1197915). - btrfs: check if a log tree exists at inode_logged() (bsc#1197915). - btrfs: constify and cleanup variables in comparators (bsc#1197915). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1197915). - btrfs: do not log new dentries when logging that a new name exists (bsc#1197915). - btrfs: do not pin logs too early during renames (bsc#1197915). - btrfs: drop the _nr from the item helpers (bsc#1197915). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1197915). - btrfs: factor out the copying loop of dir items from log_dir_items() (bsc#1197915). - btrfs: fix lost prealloc extents beyond eof after full fsync (bsc#1197915). - btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852). - btrfs: fix memory leak in __add_inode_ref() (bsc#1197915). - btrfs: fix missing last dir item offset update when logging directory (bsc#1197915). - btrfs: fix re-dirty process of tree-log nodes (bsc#1197915). - btrfs: improve the batch insertion of delayed items (bsc#1197915). - btrfs: insert items in batches when logging a directory when possible (bsc#1197915). - btrfs: introduce btrfs_lookup_match_dir (bsc#1197915). - btrfs: introduce item_nr token variant helpers (bsc#1197915). - btrfs: keep track of the last logged keys when logging a directory (bsc#1197915). - btrfs: loop only once over data sizes array when inserting an item batch (bsc#1197915). - btrfs: make btrfs_file_extent_inline_item_len take a slot (bsc#1197915). - btrfs: only copy dir index keys when logging a directory (bsc#1197915). - btrfs: remove no longer needed checks for NULL log context (bsc#1197915). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1197915). - btrfs: remove no longer needed logic for replaying directory deletes (bsc#1197915). - btrfs: remove redundant log root assignment from log_dir_items() (bsc#1197915). - btrfs: remove root argument from add_link() (bsc#1197915). - btrfs: remove root argument from btrfs_log_inode() and its callees (bsc#1197915). - btrfs: remove root argument from btrfs_unlink_inode() (bsc#1197915). - btrfs: remove root argument from check_item_in_log() (bsc#1197915). - btrfs: remove root argument from drop_one_dir_item() (bsc#1197915). - btrfs: remove the btrfs_item_end() helper (bsc#1197915). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1197915). - btrfs: remove unneeded return variable in btrfs_lookup_file_extent (bsc#1197915). - btrfs: rename btrfs_item_end_nr to btrfs_item_data_end (bsc#1197915). - btrfs: stop doing GFP_KERNEL memory allocations in the ref verify tool (bsc#1197915). - btrfs: unexport setup_items_for_insert() (bsc#1197915). - btrfs: unify lookup return value when dir entry is missing (bsc#1197915). - btrfs: update comment at log_conflicting_inodes() (bsc#1197915). - btrfs: use btrfs_item_size_nr/btrfs_item_offset_nr everywhere (bsc#1197915). - btrfs: use btrfs_next_leaf instead of btrfs_next_item when slots > nritems (bsc#1197915). - btrfs: use single bulk copy operations when logging directories (bsc#1197915). - bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes). - bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes). - bus: ti-sysc: Fix warnings for unbind for serial (git-fixes). - bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific (git-fixes). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: etas_es58x: change opened_channel_cnt's type from atomic_t to u8 (git-fixes). - can: etas_es58x: es58x_fd_rx_event_msg(): initialize rx_event_msg before calling es58x_check_msg_len() (git-fixes). - can: grcan: grcan_close(): fix deadlock (git-fixes). - can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (git-fixes). - can: grcan: only use the NAPI poll budget for RX (git-fixes). - can: grcan: use ofdev->dev when allocating DMA memory (git-fixes). - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - can: isotp: fix error path in isotp_sendmsg() to unlock wait queue (git-fixes). - can: isotp: fix potential CAN frame reception race in isotp_rcv() (git-fixes). - can: isotp: restore accidentally removed MSG_PEEK feature (git-fixes). - can: isotp: return -EADDRNOTAVAIL when reading from unbound socket (git-fixes). - can: isotp: set default value for N_As to 50 micro seconds (git-fixes). - can: isotp: stop timeout monitoring when no first frame was sent (git-fixes). - can: isotp: support MSG_TRUNC flag when reading from socket (git-fixes). - can: m_can: m_can_tx_handler(): fix use after free of skb (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix return of error value (git-fixes). - can: mcp251xfd: silence clang's -Wunaligned-access warning (git-fixes). - can: rcar_canfd: add __maybe_unused annotation to silence warning (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: xilinx_can: mark bit timing constants as const (git-fixes). - carl9170: fix missing bit-wise or operator for tx_params (git-fixes). - carl9170: tx: fix an incorrect use of list iterator (git-fixes). - CDC-NCM: avoid overflow in sanity checking (git-fixes). - ceph: fix setting of xattrs on async created inodes (bsc#1199611). - certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes). - cfg80211: declare MODULE_FIRMWARE for regulatory.db (git-fixes). - cfg80211: do not add non transmitted BSS to 6GHz scanned channels (git-fixes). - cfg80211: fix race in netlink owner interface destruction (git-fixes). - cfg80211: hold bss_lock while updating nontrans_list (git-fixes). - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (bsc#1196869). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - char: tpm: cr50_i2c: Suppress duplicated error message in .remove() (git-fixes). - char: xillybus: fix a refcount leak in cleanup_dev() (git-fixes). - cifs: add WARN_ON for when chan_count goes below minimum (bsc#1193629). - cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1193629). - cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1193629). - cifs: avoid parallel session setups on same channel (bsc#1193629). - cifs: avoid race during socket reconnect between send and recv (bsc#1193629). - cifs: call cifs_reconnect when a connection is marked (bsc#1193629). - cifs: call helper functions for marking channels for reconnect (bsc#1193629). - cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1193629). - cifs: check for smb1 in open_cached_dir() (bsc#1193629). - cifs: check reconnects for channels of active tcons too (bsc#1193629). - cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1193629). - cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1193629). - cifs: clean up an inconsistent indenting (bsc#1193629). - cifs: convert the path to utf16 in smb2_query_info_compound (bsc#1193629). - cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1193629). - cifs: do not build smb1ops if legacy support is disabled (bsc#1193629). - cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1193629). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: do not use tcpStatus after negotiate completes (bsc#1193629). - cifs: do not use uninitialized data in the owner/group sid (bsc#1193629). - cifs: fix bad fids sent over wire (bsc#1197157). - cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1193629). - cifs: fix double free race when mount fails in cifs_get_root() (bsc#1193629). - cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1193629). - cifs: fix handlecache and multiuser (bsc#1193629). - cifs: fix hang on cifs_get_next_mid() (bsc#1193629). - cifs: fix incorrect use of list iterator after the loop (bsc#1193629). - cifs: fix minor compile warning (bsc#1193629). - cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1193629). - cifs: fix potential deadlock in direct reclaim (bsc#1193629). - cifs: fix potential double free during failed mount (bsc#1193629). - cifs: fix potential race with cifsd thread (bsc#1193629). - cifs: fix set of group SID via NTSD xattrs (bsc#1193629). - cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1193629). - cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1193629). - cifs: fix the cifs_reconnect path for DFS (bsc#1193629). - cifs: fix the connection state transitions with multichannel (bsc#1193629). - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1193629). - cifs: fix workstation_name for multiuser mounts (bsc#1193629). - cifs: force new session setup and tcon for dfs (bsc#1193629). - cifs: free ntlmsspblob allocated in negotiate (bsc#1193629). - cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1193629). - cifs: make status checks in version independent callers (bsc#1193629). - cifs: mark sessions for reconnection in helper function (bsc#1193629). - cifs: modefromsids must add an ACE for authenticated users (bsc#1193629). - cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1193629). - cifs: move superblock magic defitions to magic.h (bsc#1193629). - cifs: potential buffer overflow in handling symlinks (bsc#1193629). - cifs: print TIDs as hex (bsc#1193629). - cifs: protect all accesses to chan_* with chan_lock (bsc#1193629). - cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1193629). - cifs: reconnect only the connection and not smb session where possible (bsc#1193629). - cifs: release cached dentries only if mount is complete (bsc#1193629). - cifs: remove check of list iterator against head past the loop body (bsc#1193629). - cifs: remove redundant assignment to pointer p (bsc#1193629). - cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1193629). - cifs: remove repeated state change in dfs tree connect (bsc#1193629). - cifs: remove unused variable ses_selected (bsc#1193629). - cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1193629). - cifs: return the more nuanced writeback error on close() (bsc#1193629). - cifs: serialize all mount attempts (bsc#1193629). - cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1193629). - cifs: skip trailing separators of prefix paths (bsc#1193629). - cifs: smbd: fix typo in comment (bsc#1193629). - cifs: Split the smb3_add_credits tracepoint (bsc#1193629). - cifs: take cifs_tcp_ses_lock for status checks (bsc#1193629). - cifs: track individual channel status using chans_need_reconnect (bsc#1193629). - cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: update tcpStatus during negotiate and sess setup (bsc#1193629). - cifs: use a different reconnect helper for non-cifsd threads (bsc#1193629). - cifs: use correct lock type in cifs_reconnect() (bsc#1193629). - cifs: Use kzalloc instead of kmalloc/memset (bsc#1193629). - cifs: use new enum for ses_status (bsc#1193629). - cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1193629). - cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1193629). - cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1193629). - cifs: we do not need a spinlock around the tree access during umount (bsc#1193629). - cifs: when extending a file with falloc we should make files not-sparse (bsc#1193629). - cifs: writeback fix (bsc#1193629). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: at91: generated: consider range when calculating best rate (git-fixes). - clk: at91: sama7g5: fix parents of PDMCs' GCLK (git-fixes). - clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: Enforce that disjoints limits are invalid (git-fixes). - clk: Fix clk_hw_get_clk() when dev is NULL (git-fixes). - clk: hisilicon: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: imx8mp: fix usb_root_clk parent (git-fixes). - clk: imx: Add check for kcalloc (git-fixes). - clk: imx: off by one in imx_lpcg_parse_clks_from_dt() (git-fixes). - clk: imx: scu: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: fix PCI-E clock oops (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes). - clk: rockchip: drop CLK_SET_RATE_PARENT from dclk_vop* on rk3568 (git-fixes). - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes). - clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes). - clk: tegra: Add missing reset deassertion (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: ti: Preserve node in ti_dt_clocks_register() (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/exynos_mct: Handle DTS with higher number of interrupts (git-fixes). - clocksource/drivers/exynos_mct: Refactor resources allocation (git-fixes). - clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes). - clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes). - clocksource/drivers/timer-microchip-pit64b: Use notrace (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - clocksource/drivers/timer-ti-dm: Fix regression from errata i940 fix (git-fixes). - clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() (bsc#1201218). - comedi: drivers: ni_routes: Use strcmp() instead of memcmp() (git-fixes). - comedi: vmk80xx: fix expression for tx buffer size (git-fixes). - copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626). - cpufreq: intel_pstate: Add Ice Lake server to out-of-band IDs (bsc#1201228). - cpufreq: qcom-cpufreq-nvmem: fix reading of PVS Valid fuse (git-fixes). - cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (git-fixes). - cpuidle: intel_idle: Update intel_idle() kerneldoc comment (git-fixes). - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - crypto: amlogic - call finalize with bh disabled (git-fixes). - crypto: api - Move cryptomgr soft dependency into algapi (git-fixes). - crypto: arm/aes-neonbs-cbc - Select generic cbc and aes (git-fixes). - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: caam - fix i.MX6SX entropy delay value (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: ccree - Fix use after free in cc_cipher_exit() (git-fixes). - crypto: ccree - use fine grained DMA mapping dir (git-fixes). - crypto: cryptd - Protect per-CPU resource by disabling BH (git-fixes). - crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes). - crypto: engine - check if BH is disabled during completion (git-fixes). - crypto: gemini - call finalize with bh disabled (git-fixes). - crypto: hisilicon/qm - cleanup warning in qm_vf_read_qos (git-fixes). - crypto: hisilicon/sec - fix the aead software fallback for engine (git-fixes). - crypto: hisilicon/sec - not need to enable sm4 extra mode at HW V3 (git-fixes). - crypto: marvell/cesa - ECB does not IV (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: octeontx2 - remove CONFIG_DM_CRYPT check (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: qcom-rng - ensure buffer for generate is completely filled (git-fixes). - crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (git-fixes). - crypto: rockchip - ECB does not need IV (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - only allow with rsa (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes). - crypto: sun8i-ce - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - call finalize with bh disabled (git-fixes). - crypto: sun8i-ss - handle zero sized sg (git-fixes). - crypto: sun8i-ss - really disable hash on A80 (git-fixes). - crypto: sun8i-ss - rework handling of IV (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes). - crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes). - crypto: xts - Add softdep on ecb (git-fixes). - dax: fix cache flush on PMD-mapped pages (bsc#1200830). - devlink: Add 'enable_iwarp' generic device param (bsc#1200502). - dim: initialize all struct fields (git-fixes). - display/amd: decrease message verbosity about watermarks table failure (git-fixes). - dma: at_xdmac: fix a missing check on list iterator (git-fixes). - dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes). - dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes). - dma-debug: fix return value of __setup handlers (git-fixes). - dma-direct: avoid redundant memory sync for swiotlb (git-fixes). - dmaengine: dw-edma: Fix unaligned 64bit access (git-fixes). - dmaengine: hisi_dma: fix MSI allocate fail when reload hisi_dma (git-fixes). - dmaengine: idxd: add missing callback function to support DMA_INTERRUPT (git-fixes). - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes). - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes). - dmaengine: idxd: check GENCAP config support for gencfg register (git-fixes). - dmaengine: idxd: fix device cleanup on disable (git-fixes). - dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes). - dmaengine: idxd: restore traffic class defaults after wq reset (git-fixes). - dmaengine: idxd: set DMA_INTERRUPT cap bit (git-fixes). - dmaengine: idxd: skip clearing device context when device is read-only (git-fixes). - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes). - dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes). - dmaengine: ptdma: fix concurrency issue with multiple dma transfer (jsc#SLE-21315). - dmaengine: ptdma: Fix the error handling path in pt_core_init() (git-fixes). - dmaengine: ptdma: handle the cases based on DMA is complete (jsc#SLE-21315). - dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size (git-fixes). - dmaengine: sh: rcar-dmac: Check for error num after setting mask (git-fixes). - dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe (git-fixes). - dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (git-fixes). - dmaengine: stm32-mdma: remove GISR1 register (git-fixes). - dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes). - dma-mapping: remove bogus test for pfn_valid from dma_map_resource (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm: fix use-after-free in dm_cleanup_zoned_dev() (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm verity: set DM_TARGET_IMMUTABLE feature flag (git-fixes). - doc/ip-sysctl: add bc_forwarding (git-fixes). - docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (git-fixes). - Documentation: add link to stable release candidate tree (git-fixes). - Documentation: dd: Use ReST lists for return values of driver_deferred_probe_check_state() (git-fixes). - Documentation: Fix duplicate statement about raw_spinlock_t type (git-fixes). - Documentation: update stable tree link (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes). - drbd: fix duplicate array initializer (git-fixes). - drbd: Fix five use after free bugs in get_initial_state (git-fixes). - drbd: remove assign_p_sizes_qlim (git-fixes). - drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes). - drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes). - driver base: fix an unlikely reference counting issue in __add_memory_block() (git-fixes). - driver base: fix compaction sysfs file leak (git-fixes). - driver: base: fix UAF when driver_attach failed (git-fixes). - driver core: dd: fix return value of __setup handler (git-fixes). - driver core: fix deadlock in __device_attach (git-fixes). - driver core: Fix wait_for_device_probe() and deferred_probe_timeout interaction (git-fixes). - driver core: Free DMA range map when device is released (git-fixes). - driver: hv: Compare cpumasks and not their weights in init_vp_index() (git-fixes). - driver: hv: log when enabling crash_kexec_post_notifiers (git-fixes). - driver: hv: Rename 'alloced' to 'allocated' (git-fixes). - driver: hv: utils: Make use of the helper macro LIST_HEAD() (git-fixes). - driver: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - driver: hv: vmbus: Fix potential crash on module unload (git-fixes). - driver: hv: vmbus: Use struct_size() helper in kmalloc() (git-fixes). - driver: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes). - driver: net: xgene: Fix regression in CRC stripping (git-fixes). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes). - drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit (git-fixes). - drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle() (git-fixes). - drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes). - drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes). - drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() (git-fixes). - drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes). - drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes). - drm: add a locked version of drm_is_current_master (git-fixes). - drm: Add orientation quirk for GPD Win Max (git-fixes). - drm/amd: Add USBC connector ID (git-fixes). - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes). - drm/amd: avoid suspend on dGPUs w/ s2idle support when runtime PM enabled (git-fixes). - drm/amd: Check if ASPM is enabled from PCIe subsystem (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/display: Add pstate verification and recovery for DCN31 (git-fixes). - drm/amd/display: Add signal type check when verify stream backends same (git-fixes). - drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (git-fixes). - drm/amd/display: Cap OLED brightness per max frame-average luminance (git-fixes). - drm/amd/display: Cap pflip irqs per max otg number (git-fixes). - drm/amd/display: Check if modulo is 0 before dividing (git-fixes). - drm/amd/display: DCN3.1: do not mark as kernel-doc (git-fixes). - drm/amd/display: Disabling Z10 on DCN31 (git-fixes). - drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes). - drm/amd/display: Do not reinitialize DMCUB on s0ix resume (git-fixes). - drm/amd/display: Enable power gating before init_pipes (git-fixes). - drm/amd/display: FEC check in timing validation (git-fixes). - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes). - drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes). - drm/amd/display: fix audio format not updated after edid updated (git-fixes). - drm/amd/display: Fix memory leak (git-fixes). - drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1190786) - drm/amd/display: Fix OLED brightness control on eDP (git-fixes). - drm/amd/display: Fix p-state allow debug index on dcn31 (git-fixes). - drm/amd/display: fix yellow carp wm clamping (git-fixes). - drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15' Apple Retina panels (git-fixes). - drm/amd/display: For vblank_disable_immediate, check PSR is really used (git-fixes). - drm/amd/display: Protect update_bw_bounding_box FPU code (git-fixes). - drm/amd/display: Read Golden Settings Table from VBIOS (git-fixes). - drm/amd/display: Remove vupdate_int_entry definition (git-fixes). - drm/amd/display: Revert FEC check in validation (git-fixes). - drm/amd/display: Update VTEM Infopacket definition (git-fixes). - drm/amd/display: Update watermark values for DCN301 (git-fixes). - drm/amd/display: Use adjusted DCN301 watermarks (git-fixes). - drm/amd/display: Use PSR version selected during set_psr_caps (git-fixes). - drm/amd/display: watermark latencies is not enough on DCN31 (git-fixes). - drm/amdgpu: add beige goby PCI ID (git-fixes). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (git-fixes). - drm/amdgpu: check vm ready by amdgpu_vm->evicting flag (git-fixes). - drm/amdgpu: conduct a proper cleanup of PDB bo (git-fixes). - drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/amdgpu/display: add support for multiple backlights (git-fixes). - drm/amdgpu: do not do resets on APUs which do not support it (git-fixes). - drm/amdgpu: do not enable asic reset for raven2 (git-fixes). - drm/amdgpu: do not set s3 and s0ix at the same time (git-fixes). - drm/amdgpu: do not use BACO for reset in S3 (git-fixes). - drm/amdgpu: do not use passthrough mode in Xen dom0 (git-fixes). - drm/amdgpu: Drop inline from amdgpu_ras_eeprom_max_record_count (git-fixes). - drm/amdgpu: Enable gfxoff quirk on MacBook Pro (git-fixes). - drm/amdgpu: Ensure HDA function is suspended before ASIC reset (git-fixes). - drm/amdgpu: explicitly check for s0ix when evicting resources (git-fixes). - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1190497) - drm/amdgpu: fix logic inversion in check (git-fixes). - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes). - drm/amdgpu: Fix recursive locking warning (git-fixes). - drm/amdgpu: fix suspend/resume hang regression (git-fixes). - drm/amdgpu/sdma: Fix incorrect calculations of the wptr of the doorbells (git-fixes). - drm/amdgpu: skipping SDMA hw_init and hw_fini for S0ix (git-fixes). - drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes). - drm/amdgpu: suppress the warning about enum value 'AMD_IP_BLOCK_TYPE_NUM' (git-fixes). - drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes). - drm/amdgpu: unify BO evicting method in amdgpu_ttm (git-fixes). - drm/amdgpu: update VCN codec support for Yellow Carp (git-fixes). - drm/amdgpu/vcn: Fix the register setting for vcn1 (git-fixes). - drm/amdgpu/vcn: improve vcn dpg stop procedure (git-fixes). - drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (bsc#1190786) - drm/amdkfd: add pinned BOs to kfd_bo_list (git-fixes). - drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes). - drm/amdkfd: Create file descriptor after client is added to smi_clients list (git-fixes). - drm/amdkfd: Do not take process mutex for svm ioctls (git-fixes). - drm/amdkfd: Fix GWS queue count (bsc#1190786) - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes). - drm/amdkfd: make CRAT table missing message informational only (git-fixes). - drm/amdkfd: remove unused function (git-fixes). - drm/amdkfd: Separate pinned BOs destruction from general routine (bsc#1195287). - drm/amdkfd: Use mmget_not_zero in MMU notifier (git-fixes). - drm/amd/pm: correct the MGpuFanBoost support for Beige Goby (git-fixes). - drm/amd/pm: correct the sequence of sending gpu reset msg (git-fixes). - drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige Goby (git-fixes). - drm/amd/pm: enable pm sysfs write for one VF mode (git-fixes). - drm/amd/pm: fix hwmon node of power1_label create issue (git-fixes). - drm/amd/pm: Fix missing thermal throttler status (git-fixes). - drm/amd/pm: fix some OEM SKU specific stability issues (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu12 (git-fixes). - drm/amd/pm: update smartshift powerboost calc for smu13 (git-fixes). - drm/amd/pm: use bitmap_{from,to}_arr32 where appropriate (git-fixes). - drm/ast: Create threshold values for AST2600 (bsc#1190786) - drm/atomic: Do not pollute crtc_state->mode_blob with error pointers (git-fixes). - drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes). - drm: avoid circular locks in drm_mode_getconnector (git-fixes). - drm/blend: fix typo in the comment (git-fixes). - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes). - drm/bridge: Add missing pm_runtime_put_sync (git-fixes). - drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes). - drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes). - drm/bridge: anx7625: Fix overflow issue on reading EDID (git-fixes). - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: Fix error handling in analogix_dp_probe (git-fixes). - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes). - drm: bridge: fix unmet dependency on DRM_KMS_HELPER for DRM_PANEL_BRIDGE (git-fixes). - drm: bridge: icn6211: Fix HFP_HSW_HBP_HI and HFP_MIN handling (bsc#1190786) - drm: bridge: icn6211: Fix register layout (git-fixes). - drm: bridge: it66121: Fix the register page length (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/bridge: sn65dsi83: Fix an error handling path in (bsc#1190786) - drm/bridge: ti-sn65dsi83: Handle dsi_lanes == 0 as invalid (git-fixes). - drm/bridge: ti-sn65dsi86: Properly undo autosuspend (git-fixes). - drm/cma-helper: Set VM_DONTEXPAND for mmap (git-fixes). - drm/connector: Fix typo in output format (bsc#1190786) - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/dp: Fix OOB read when handling Post Cursor2 register (bsc#1190786) - drm/edid: Always set RGB444 (git-fixes). - drm/edid: check basic audio support on CEA extension block (git-fixes). - drm/edid: Do not clear formats if using deep color (git-fixes). - drm/edid: fix CEA extension byte #3 parsing (bsc#1190786) - drm/edid: fix invalid EDID extension block filtering (git-fixes). - drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (git-fixes). - drm/fb-helper: Mark screen buffers in system memory with FBINFO_VIRTFB (git-fixes). - drm/fourcc: fix integer type usage in uapi header (git-fixes). - drm/i915/adlp: Fix TypeC PHY-ready status readout (git-fixes). - drm/i915: Allow !join_mbus cases for adlp+ dbuf configuration (bsc#1193640). - drm/i915: Check EDID for HDR static metadata when choosing blc (bsc#1190497) - drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes). - drm/i915/dg2: Print PHY name properly on calibration error (git-fixes). - drm/i915: Disable DRRS on IVB/HSW port != A (git-fixes). - drm/i915/display: Fix HPD short pulse handling for eDP (git-fixes). - drm/i915/display: Move DRRS code its own file (git-fixes). - drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails (git-fixes). - drm/i915/display: split out dpt out of intel_display.c (git-fixes). - drm/i915/dmc: Add MMIO range restrictions (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for ICL+ (git-fixes). - drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes). - drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes bsc#1193640). - drm/i915: Fix mbus join config lookup (git-fixes bsc#1193640). - drm/i915: Fix PSF GV point mask when SAGV is not possible (git-fixes). - drm/i915: Fix race in __i915_vma_remove_closed (bsc#1190497) - drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (bsc#1190497) - drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/i915/gem: add missing else (git-fixes). - drm/i915/guc/slpc: Correct the param count for unset param (git-fixes). - drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes). - drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes). - drm/i915: Implement w/a 22010492432 for adl-s (git-fixes). - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1190497) - drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes). - drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes). - drm/i915: Populate pipe dbuf slices more accurately during readout (bsc#1193640). - drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes). - drm/i915: s/JSP2/ICP2/ PCH (git-fixes). - drm/i915: Treat SAGV block time 0 as SAGV disabled (git-fixes). - drm/i915/ttm: ensure we unmap when purging (git-fixes). - drm/i915/ttm: tweak priority hint selection (git-fixes). - drm/i915: Widen the QGV point mask (git-fixes). - drm/i915: Workaround broken BIOS DBUF configuration on TGL/RKL (bsc#1193640). - drm/imx: dw_hdmi-imx: Fix bailout in error cases of probe (git-fixes). - drm: imx: fix compiler warning with gcc-12 (git-fixes). - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes). - drm/imx: imx-ldb: Check for null pointer after calling kmemdup (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/kmb: Fix for build errors with Warray-bounds (git-fixes). - drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes). - drm/komeda: return early if drm_universal_plane_init() fails (git-fixes). - drm: mali-dp: potential dereference of null pointer (git-fixes). - drm/mediatek: Add vblank register/unregister callback functions (bsc#1190768) - drm/mediatek: dpi: Use mt8183 output formats for mt8192 (git-fixes). - drm/mediatek: Fix mtk_cec_mask() (git-fixes). - drm/mediatek: mtk_dsi: Reset the dsi0 hardware (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: Make use of the helper function devm_platform_ioremap_resourcexxx() (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/meson: split out encoder from meson_dw_hdmi (git-fixes). - drm/msm/a6xx: Fix missing ARRAY_SIZE() check (git-fixes). - drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes). - drm/msm: add missing include to msm_drv.c (git-fixes). - drm/msm: Add missing put_task_struct() in debugfs path (git-fixes). - drm/msm/disp: check the return value of kzalloc() (git-fixes). - drm/msm/disp/dpu1: set mdp clk to the maximum frequency in opp table (bsc#1190768) - drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes). - drm/msm/dp: add fail safe mode outside of event_mutex context (git-fixes). - drm/msm/dp: always add fail-safe mode into connector mode list (git-fixes). - drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (git-fixes). - drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (git-fixes). - drm/msm/dp: do not initialize phy until plugin interrupt received (bsc#1190497) - drm/msm/dp: do not stop transmitting phy test pattern during DP phy compliance test (git-fixes). - drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (git-fixes). - drm/msm/dp: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/dp: fix event thread stuck in wait_event after kthread_stop() (git-fixes). - drm/msm/dp: force link training for display resolution change (git-fixes). - drm/msm/dp: Modify prototype of encoder based API (git-fixes). - drm/msm/dp: populate connector of struct dp_panel (git-fixes). - drm/msm/dp: remove fail safe mode related code (git-fixes). - drm/msm/dp: reset DP controller before transmit phy test pattern (git-fixes). - drm/msm/dp: stop event kernel thread when DP unbind (bsc#1190768) - drm/msm/dp: stop link training after link training 2 failed (git-fixes). - drm/msm/dp: tear down main link at unplug handle immediately (bsc#1190768) - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes). - drm/msm/dpu: fix dp audio condition (git-fixes). - drm/msm/dpu: fix error check return value of irq_of_parse_and_map() (bsc#1190768) - drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path (git-fixes). - drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes). - drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes). - drm/msm/dsi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes). - drm/msm/dsi: Use 'ref' fw clock instead of global name for VCO parent (git-fixes). - drm/msm: Fix double pm_runtime_disable() call (git-fixes). - drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes). - drm/msm: Fix range size vs end confusion (git-fixes). - drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes). - drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes). - drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes). - drm/msm/mdp5: check the return of kzalloc() (git-fixes). - drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes). - drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes). - drm/msm: properly add and remove internal bridges (bsc#1190768) - drm/msm: remove unused plane_property field from msm_drm_private (bsc#1190768) - drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes). - drm/msm: Switch ordering of runpm put vs devfreq_idle (git-fixes). - drm/msm: use for_each_sgtable_sg to iterate over scatterlist (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/nouveau/backlight: Just set all backlight types as RAW (git-fixes). - drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes). - drm/nouveau: fix off by one in BIOS boundary checking (git-fixes). - drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes). - drm/nouveau/pmu: Add missing callbacks for Tegra devices (git-fixes). - drm/nouveau/pmu/gm200-: use alternate falcon reset sequence (git-fixes). - drm/nouveau/subdev/bus: Ratelimit logging for fault errors (git-fixes). - drm/nouveau/tegra: Stop using iommu_present() (git-fixes). - drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes). - drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H (git-fixes). - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes). - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes). - drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes). - drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/panfrost: Check for error num after setting mask (git-fixes). - drm/plane: Move range check for format_count earlier (git-fixes). - drm/radeon: fix a possible null pointer dereference (git-fixes). - drm/radeon: Fix backlight control on iMac 12,1 (git-fixes). - drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes). - drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes). - drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes). - drm/selftests/test-drm_dp_mst_helper: Fix memory leak in sideband_msg_req_encode_decode (git-fixes). - drm/simpledrm: Add 'panel orientation' property on non-upright mounted LCD panels (git-fixes). - drm: sti: do not use kernel-doc markers (git-fixes). - drm/sun4i: Fix crash during suspend after component bind failure (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/sun4i: Remove obsolete references to PHYS_OFFSET (bsc#1190786) - drm/syncobj: flatten dma_fence_chains on transfer (git-fixes). - drm/tegra: Add back arm_iommu_detach_device() (git-fixes). - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes). - drm: use the lookup lock in drm_is_current_master (git-fixes). - drm/v3d/v3d_drv: Check for error num after setting mask (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: Fix deadlock on DSI device attach error (git-fixes). - drm/vc4: hdmi: Add debugfs prefix (bsc#1199163). - drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes). - drm/vc4: hdmi: Fix build error for implicit function declaration (git-fixes). - drm/vc4: hdmi: Fix HPD GPIO detection (git-fixes). - drm/vc4: hdmi: Make sure the device is powered with CEC (git-fixes). - drm/vc4: hdmi: Split the CEC disable / enable functions in two (git-fixes). - drm/vc4: hvs: Fix frame count register readout (git-fixes). - drm/vc4: hvs: Reset muxes at probe time (git-fixes). - drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes). - drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes). - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes). - drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() (git-fixes). - drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes). - drm/vmwgfx: Disable command buffers on svga3 without gbobjects (git-fixes). - drm/vmwgfx: Fix fencing on SVGAv3 (git-fixes). - drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes). - drm/vmwgfx: Remove unused compile options (bsc#1190786) - drm/vmwgfx: validate the screen formats (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - dt-bindings: arm: bcm: fix BCM53012 and BCM53016 SoC strings (git-fixes). - dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config (git-fixes). - dt-bindings: display: sitronix, st7735r: Fix backlight in example (git-fixes). - dt-bindings: gpio: altera: correct interrupt-cells (git-fixes). - dt-bindings: memory: mtk-smi: No need mediatek,larb-id for mt8167 (git-fixes). - dt-bindings: mtd: nand-controller: Fix a comment in the examples (git-fixes). - dt-bindings: mtd: nand-controller: Fix the reg property description (git-fixes). - dt-bindings: net: xgmac_mdio: Remove unsupported 'bus-frequency' (git-fixes). - dt-bindings: PCI: xilinx-cpm: Fix reg property order (git-fixes). - dt-bindings: phy: uniphier-usb3hs: Fix incorrect clock-names and reset-names (git-fixes). - dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (git-fixes). - dt-bindings: pinctrl: pinctrl-microchip-sgpio: Fix example (git-fixes). - dt-bindings: spi: mxic: The interrupt property is not mandatory (git-fixes). - dt-bindings: usb: ehci: Increase the number of PHYs (git-fixes). - dt-bindings: usb: hcd: correct usb-device path (git-fixes). - dt-bindings: usb: ohci: Increase the number of PHYs (git-fixes). - dt-bindings: watchdog: Require samsung,syscon-phandle for Exynos7 (git-fixes). - e1000e: Correct NVM checksum verification flow (bsc#1191663). - e1000e: Fix possible HW unit hang after an s0ix exit (jsc#SLE-18382). - e1000e: Fix possible overflow in LTR decoding (git-fixes). - e1000e: Handshake with CSME starts from ADL platforms (git-fixes). - e1000e: Separate ADP board type from TGP (git-fixes). - EDAC/altera: Fix deferred probing (bsc#1190497). - EDAC/amd64: Add new register offset support and related changes (jsc#SLE-19026). - EDAC/amd64: Set memory type per DIMM (jsc#SLE-19026). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1190497). - EDAC/synopsys: Read the error count from the correct register (bsc#1190497). - EDAC/xgene: Fix deferred probing (bsc#1190497). - eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX (git-fixes). - efi: Add missing prototype for efi_capsule_setup_info (git-fixes). - efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes). - efi: fix return value of __setup handlers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - epic100: fix use after free on rmmod (git-fixes). - ethernet/sfc: remove redundant rc variable (bsc#1196306). - exec: Force single empty string when argv is empty (bsc#1200571). - ext2: correct max file size computing (bsc#1197820). - ext4: avoid trim error on fs with small groups (bsc#1191271). - ext4: destroy ext4_fc_dentry_cachep kmemcache on module removal (bsc#1197917). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810). - ext4: fix bug_on in __es_tree_search (bsc#1200809). - ext4: fix ext4_fc_stats trace point (git-fixes). - ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807). - ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806). - ext4: make variable 'count' signed (bsc#1200820). - ext4: reject the 'commit' option on ext2 filesystems (bsc#1200808). - extcon: Modify extcon device to be created after driver data is set (git-fixes). - extcon: ptn5150: Add queue work sync before driver release (git-fixes). - faddr2line: Fix overlapping text section failures, the sequel (git-fixes). - fbcon: Avoid 'cap' set but not used warning (bsc#1190786) - fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes). - firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes). - firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes). - firewire: remove check of list iterator against head past the loop body (git-fixes). - firmware: arm_ffa: Fix uuid parameter to ffa_partition_probe (git-fixes). - firmware: arm_ffa: Remove incorrect assignment of driver_data (git-fixes). - firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes). - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes). - firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - firmware: stratix10-svc: add missing callback parameter on RSU (git-fixes). - firmware: stratix10-svc: fix a missing check on list iterator (git-fixes). - firmware: sysfb: fix platform-device leak in error path (git-fixes). - firmware: ti_sci: Fix compilation failure when CONFIG_TI_SCI_PROTOCOL is not defined (git-fixes). - firmware: use kernel credentials when reading firmware (git-fixes). - fs: fd tables have to be multiples of BITS_PER_LONG (bsc#1200827). - fs: fix fd table size alignment properly (bsc#1200882). - fs: handle circular mappings correctly (bsc#1197918). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - fsnotify: Do not insert unmergeable events in hashtable (bsc#1197922). - fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195944 bsc#1195478). - fsnotify: fix wrong lockdep annotations (bsc#1200815). - ftrace: Clean up hash direct_functions on register failures (git-fixes). - fuse: fix fileattr op failure (bsc#1197292). - gen_init_cpio: fix short read file handling (bsc#1193289). - genirq/affinity: Consider that CPUs on nodes can be (git-fixes) - genirq: Synchronize interrupt thread startup (git-fixes) - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gma500: fix an incorrect NULL check on list iterator (git-fixes). - gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes). - gpio: aggregator: Fix calling into sleeping GPIO controllers (git-fixes). - gpio: dwapb: Do not print error on -EPROBE_DEFER (git-fixes). - gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gpiolib: acpi: use correct format characters (git-fixes). - gpiolib: Never return internal error codes to user space (git-fixes). - gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes). - gpio: mvebu: drop pwm base assignment (git-fixes). - gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes). - gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes). - gpio: pca953x: use the correct register address to do regcache sync (git-fixes). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (git-fixes). - gpio: Revert regression in sysfs-gpio (gpiolib.c) (git-fixes). - gpio: sifive: use the correct register to read output values (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpio: visconti: Fix fwnode of GPIO IRQ (git-fixes). - gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes). - gpu: host1x: Fix a memory leak in 'host1x_remove()' (git-fixes). - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes). - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - gve: fix the wrong AdminQ buffer queue index check (git-fixes). - habanalabs: Add check for pci_enable_device (git-fixes). - habanalabs: fix possible memory leak in MMU DR fini (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - HID: Add support for open wheel and no attachment to T300 (git-fixes). - HID:Add support for UGTABLET WP5540 (git-fixes). - HID: amd_sfh: Add illuminance mask to limit ALS max value (git-fixes). - HID: amd_sfh: Correct the structure field name (git-fixes). - HID: amd_sfh: Modify the bus name (git-fixes). - HID: amd_sfh: Modify the hid name (git-fixes). - HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes). - hide appended member supports_dynamic_smps_6ghz (git-fixes). - HID: elan: Fix potential double free in elan_input_configured (git-fixes). - HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (git-fixes). - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes). - HID: intel-ish-hid: Use dma_alloc_coherent for firmware update (git-fixes). - HID: logitech-dj: add new lightspeed receiver id (git-fixes). - HID: multitouch: add quirks to enable Lenovo X12 trackpoint (git-fixes). - HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - HID: vivaldi: fix sysfs attributes leak (git-fixes). - hinic: fix bug of wq out of bound access (git-fixes). - hv_balloon: rate-limit 'Unhandled message' warning (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_utils: Add comment about max VMbus packet size in VSS driver (git-fixes). - hwmon: (dell-smm) Speed up setting of fan speed (git-fixes). - hwmon: (f71882fg) Fix negative temperature (git-fixes). - hwmon: Handle failure to register sensor with thermal zone correctly (git-fixes). - hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes). - hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (pmbus) Check PEC support before reading other registers (git-fixes). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (git-fixes). - hwmon: (pmbus) disable PEC if not enabled (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwmon: (tmp401) Add OF device ID table (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - hwrng: cavium - Check health status while reading random data (git-fixes). - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes). - hwrng: nomadik - Change clk_disable to clk_disable_unprepare (git-fixes). - hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (git-fixes). - i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes). - i2c: at91: use dma safe buffers (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - i2c: bcm2835: Fix the error handling in 'bcm2835_i2c_probe()' (git-fixes). - i2c: bcm2835: Use platform_get_irq() to get the interrupt (git-fixes). - i2c: brcmstb: fix support for DSL and CM variants (git-fixes). - i2c: cadence: Increase timeout per message if necessary (git-fixes). - i2c: designware: Use standard optional ref clock implementation (git-fixes). - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes). - i2c: ismt: prevent memory corruption in ismt_access() (git-fixes). - i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes). - i2c: meson: Fix wrong speed use from probe (git-fixes). - i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes). - i2c: mux: demux-pinctrl: do not deactivate a master that is not active (git-fixes). - i2c: npcm7xx: Add check for platform_driver_register (git-fixes). - i2c: npcm: Correct register access width (git-fixes). - i2c: npcm: Fix timeout calculation (git-fixes). - i2c: npcm: Handle spurious interrupts (git-fixes). - i2c: piix4: Add EFCH MMIO support for SMBus port select (git-fixes). - i2c: piix4: Add EFCH MMIO support to region request and release (git-fixes). - i2c: piix4: Add EFCH MMIO support to SMBus base address detect (git-fixes). - i2c: piix4: Enable EFCH MMIO for Family 17h+ (git-fixes). - i2c: piix4: Move port I/O region request/release code into functions (git-fixes). - i2c: piix4: Move SMBus controller base address detect into function (git-fixes). - i2c: piix4: Move SMBus port selection into function (git-fixes). - i2c: piix4: Replace hardcoded memory map size with a #define (git-fixes). - i2c: qcom-cci: do not delete an unregistered adapter (git-fixes). - i2c: qcom-cci: do not put a device tree node before i2c_add_adapter() (git-fixes). - i2c: rcar: fix PM ref counts in probe error paths (git-fixes). - i2c: xiic: Make bus names unique (git-fixes). - i40e: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - i40e: Fix for failed to init adminq while VF reset (git-fixes). - i40e: Fix issue when maximum queues is exceeded (git-fixes). - i40e: Fix queues reservation for XDP (git-fixes). - i40e: Fix reset bw limit when DCB enabled with 1 TC (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix unsigned stat widths (git-fixes). - i40e: i40e_main: fix a missing check on list iterator (git-fixes). - i40e: Increase delay to 1 s after global EMP reset (git-fixes). - i40e: remove dead stores on XSK hotpath (jsc#SLE-18378). - i40e: respect metadata on XSK Rx to skb (git-fixes). - i40e: stop disabling VFs due to PF error responses (jsc#SLE-18378). - iavf: Add waiting so the port is initialized in remove (jsc#SLE-18385). - iavf: Fix deadlock in iavf_reset_task (jsc#SLE-18385). - iavf: Fix double free in iavf_reset_task (jsc#SLE-18385). - iavf: Fix handling of vlan strip virtual channel messages (jsc#SLE-18385). - iavf: Fix hang during reboot/shutdown (jsc#SLE-18385). - iavf: Fix __IAVF_RESETTING state usage (jsc#SLE-18385). - iavf: Fix init state closure on remove (jsc#SLE-18385). - iavf: Fix locking for VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2_CAPS (jsc#SLE-18385). - iavf: Fix missing check for running netdev (git-fixes). - iavf: Fix race in init state (jsc#SLE-18385). - iavf: Rework mutexes for better synchronisation (jsc#SLE-18385 stable-5.14.6). - IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes). - IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes). - IB/cm: Release previously acquired reference counter in the cm_id_priv (git-fixes). - IB/hfi1: Allow larger MTU without AIP (git-fixes). - IB/hfi1: Fix AIP early init panic (git-fixes). - IB/hfi1: Fix alloc failure with larger txqueuelen (git-fixes). - IB/hfi1: Fix panic with larger ipoib send_queue_size (jsc#SLE-19242). - IB/hfi1: Fix tstats alloc and dealloc (git-fixes). - IB/mlx5: Expose NDR speed through MAD (bsc#1196930). - ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925). - ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815). - IB/qib: Fix duplicate sysfs directory name (git-fixes). - IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (jsc#SLE-18375). - ice: check the return of ice_ptp_gettimex64 (git-fixes). - ice: clear cmd_type_offset_bsz for TX rings (jsc#SLE-18375). - ice: Clear default forwarding VSI during VSI release (git-fixes). - ice: clear stale Tx queue settings before configuring (git-fixes). - ice: do not allow to run ice_send_event_to_aux() in atomic ctx (git-fixes). - ice: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ice: Do not use GFP_KERNEL in atomic context (git-fixes). - ice: enable parsing IPSEC SPI headers for RSS (git-fixes). - ice: fix an error code in ice_cfg_phy_fec() (git-fixes). - ice: fix concurrent reset and removal of VFs (git-fixes). - ice: fix crash in switchdev mode (jsc#SLE-18375). - ice: Fix curr_link_speed advertised speed (git-fixes). - ice: Fix incorrect locking in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: fix IPIP and SIT TSO offload (git-fixes). - ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() (jsc#SLE-18375). - ice: fix PTP stale Tx timestamps cleanup (git-fixes). - ice: fix setting l4 port flag when adding filter (jsc#SLE-18375). - ice: fix use-after-free when deinitializing mailbox snapshot (git-fixes). - ice: initialize local variable 'tlv' (git-fixes). - ice: kabi protect ice_pf (bsc#1200502). - ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (jsc#SLE-18375). - ice: respect metadata on XSK Rx to skb (git-fixes). - ice: synchronize_rcu() when terminating rings (git-fixes). - ice: xsk: Fix indexing in ice_tx_xsk_pool() (jsc#SLE-18375). - ice: xsk: fix VSI state check in ice_xsk_wakeup() (git-fixes). - igb: refactor XDP registration (git-fixes). - igc: avoid kernel warning when changing RX ring parameters (git-fixes). - igc: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - igc: Fix BUG: scheduling while atomic (git-fixes). - igc: Fix infinite loop in release_swfw_sync (git-fixes). - igc: Fix suspending when PTM is active (jsc#SLE-18377). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio:accel:bma180: rearrange iio trigger get and register (git-fixes). - iio: accel: fxls8962af: add padding to regmap for SPI (git-fixes). - iio:accel:kxcjk-1013: rearrange iio trigger get and register (git-fixes). - iio: accel: mma8452: ignore the return value of reset operation (git-fixes). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio:accel:mxc4005: rearrange iio trigger get and register (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP and AIN_BUFM bits (git-fixes). - iio: adc: ad7124: Remove shift from scan_type (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (git-fixes). - iio: adc: axp288: Override TS pin bias current for some models (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes). - iio: adc: sc27xx: fix read big scale voltage not right (git-fixes). - iio: adc: stm32: Fix ADCs iteration in irq handler (git-fixes). - iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (git-fixes). - iio: adc: stm32: fix maximum clock rate for stm32mp15x (git-fixes). - iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes). - iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (git-fixes). - iio: adc: tsc2046: fix memory corruption by preventing array overflow (git-fixes). - iio: adc: vf610: fix conversion mode sysfs node name (git-fixes). - iio: afe: rescale: Fix boolean logic bug (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: buffer: Fix file related error handling in IIO_BUFFER_GET_FD_IOCTL (git-fixes). - iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes). - iio: dac: ad5446: Fix read_raw not returning set value (git-fixes). - iio: dac: ad5592r: Fix the missing return value (git-fixes). - iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes). - iio:humidity:hts221: rearrange iio trigger get and register (git-fixes). - iio:imu:adis16480: fix buffering for devices with no burst mode (git-fixes). - iio:imu:bmi160: disable regulator in error path (git-fixes). - iio: imu: inv_icm42600: Fix I2C init possible nack (git-fixes). - iio: imu: st_lsm6dsx: wait for settling time in st_lsm6dsx_read_oneshot (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes). - iio: magnetometer: yas530: Fix memchr_inv() misuse (git-fixes). - iio: mma8452: Fix probe failing when an i2c_device_id is used (git-fixes). - iio: mma8452: fix probe fail when device tree compatible is used (git-fixes). - iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (git-fixes). - iio: st_sensors: Add a local lock for protecting odr (git-fixes). - iio: trigger: sysfs: fix use-after-free on remove (git-fixes). - ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes). - ima: Do not print policy rule with inactive LSM labels (git-fixes). - ima: fix reference leak in asymmetric_verify() (git-fixes). - ima: Remove ima_policy file before directory (git-fixes). - init: call time_init() before rand_initialize() (git-fixes). - init: Initialize noop_backing_dev_info early (bsc#1200822). - init/main.c: return 1 from handled __setup() functions (git-fixes). - initramfs: Check timestamp to prevent broken cpio archive (bsc#1193289). - inotify: show inotify mask flags in proc fdinfo (bsc#1200600). - Input: add bounds checking to input_set_capability() (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c: Add deny list for Lenovo Yoga Slim 7 (bsc#1193064). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - Input: gpio-keys - cancel delayed work only in case of GPIO (git-fixes). - Input: ili210x - fix reset timing (git-fixes). - Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes). - Input: samsung-keypad - properly state IOMEM dependency (git-fixes). - Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq (git-fixes). - Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes). - Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes). - Input: stmfts - fix reference leak in stmfts_input_open (git-fixes). - Input: synaptics - enable InterTouch on ThinkPad T14/P14s Gen 1 AMD (git-fixes). - Input: synaptics: retry query upon error (bsc#1194086). - Input: wm97xx: Simplify resource management (git-fixes). - Input: zinitix - do not report shadow fingers (git-fixes). - integrity: check the return value of audit_log_start() (git-fixes). - iocost: do not reset the inuse weight of under-weighted debtors (git-fixes). - iocost: Fix divide-by-zero on donation from low hweight cgroup (bsc#1198014). - iomap: iomap_write_failed fix (bsc#1200829). - iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes). - iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052). - iommu/amd: Remove useless irq affinity notifier (git-fixes). - iommu/amd: Restore GA log/tail pointer on host resume (git-fixes). - iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes). - iommu/amd: X2apic mode: re-enable after resume (git-fixes). - iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes). - iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (bsc#1198826). - iommu/arm-smmu-qcom: Fix TTBR0 read (git-fixes). - iommu: Extend mutex lock scope in iommu_probe_device() (git-fixes). - iommu/ioasid: Introduce a helper to check for valid PASIDs (jsc#SLE-24350). - iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes). - iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes). - iommu/iova: Fix race between FQ timeout and teardown (git-fixes). - iommu/sva: Assign a PASID to mm on PASID allocation and free it on mm exit (jsc#SLE-24350). - iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (jsc#SLE-24350). - iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes). - ionic: add FW_STOPPING state (git-fixes). - ionic: Allow flexibility for error reporting on dev commands (git-fixes). - ionic: better handling of RESET event (git-fixes). - ionic: catch transition back to RUNNING with fw_generation 0 (git-fixes). - ionic: Cleanups in the Tx hotpath code (git-fixes). - ionic: Correctly print AQ errors if completions are not received (git-fixes). - ionic: disable napi when ionic_lif_init() fails (git-fixes). - ionic: Do not send reset commands if FW isn't running (git-fixes). - ionic: fix missing pci_release_regions() on error in ionic_probe() (git-fixes). - ionic: fix type complaint in ionic_dev_cmd_clean() (git-fixes). - ionic: fix up printing of timeout error (git-fixes). - ionic: Prevent filter add/del err msgs when the device is not available (git-fixes). - ionic: Query FW when getting VF info via ndo_get_vf_config (git-fixes). - ionic: remove the dbid_inuse bitmap (git-fixes). - ionic: replace set_vf data with union (git-fixes). - ionic: start watchdog after all is setup (git-fixes). - ionic: stretch heartbeat detection (git-fixes). - io_uring: add more locking annotations for submit (bsc#1199011). - io_uring: avoid touching inode in rw prep (bsc#1199011). - io_uring: be smarter about waking multiple CQ ring waiters (bsc#1199011). - io_uring: cache __io_free_req()'d requests (bsc#1199011). - io_uring: clean io-wq callbacks (bsc#1199011). - io_uring: clean up tctx_task_work() (bsc#1199011). - io_uring: deduplicate open iopoll check (bsc#1199011). - io_uring: do not halt iopoll too early (bsc#1199011). - io_uring: drop exec checks from io_req_task_submit (bsc#1199011). - io_uring: extract a helper for ctx quiesce (bsc#1199011). - io_uring: Fix undefined-behaviour in io_issue_sqe (bsc#1199011). - io_uring: improve ctx hang handling (bsc#1199011). - io_uring: inline fixed part of io_file_get() (bsc#1199011). - io_uring: inline io_free_req_deferred (bsc#1199011). - io_uring: inline io_poll_remove_waitqs (bsc#1199011). - io_uring: inline struct io_comp_state (bsc#1199011). - io_uring: kill unused IO_IOPOLL_BATCH (bsc#1199011). - io_uring: move io_fallback_req_func() (bsc#1199011). - io_uring: move io_put_task() definition (bsc#1199011). - io_uring: move io_rsrc_node_alloc() definition (bsc#1199011). - io_uring: optimise io_cqring_wait() hot path (bsc#1199011). - io_uring: optimise putting task struct (bsc#1199011). - io_uring: refactor io_alloc_req (bsc#1199011). - io_uring: remove extra argument for overflow flush (bsc#1199011). - io_uring: remove file batch-get optimisation (bsc#1199011). - io_uring: remove IRQ aspect of io_ring_ctx completion lock (bsc#1199011). - io_uring: remove redundant args from cache_free (bsc#1199011). - io_uring: remove unnecessary PF_EXITING check (bsc#1199011). - io_uring: rename io_file_supports_async() (bsc#1199011). - io_uring: run linked timeouts from task_work (bsc#1199011). - io_uring: run regular file completions from task_work (bsc#1199011). - io_uring: run timeouts from task_work (bsc#1199011). - io_uring: use inflight_entry instead of compl.list (bsc#1199011). - io_uring: use kvmalloc for fixed files (bsc#1199011). - io-wq: get rid of FIXED worker flag (bsc#1199011). - io-wq: make worker creation resilient against signals (bsc#1199011). - io-wq: move nr_running and worker_refs out of wqe->lock protection (bsc#1199011). - io-wq: only exit on fatal signals (bsc#1199011). - io-wq: provide a way to limit max number of workers (bsc#1199011). - io-wq: split bounded and unbounded work into separate lists (bsc#1199011). - io-wq: wqe and worker locks no longer need to be IRQ safe (bsc#1199011). - ipc/sem: do not sleep with a spin lock held (bsc#1198412). - ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes). - ipmi: bail out if init_srcu_struct fails (git-fixes). - ipmi: Fix pr_fmt to avoid compilation issues (git-fixes). - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes). - ipmi:ssif: Check for NULL msg when handling events and messages (git-fixes). - ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504). - ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes). - irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes). - irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - irqchip/gic, gic-v3: Prevent GSI to SGI translations (git-fixes). - irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (git-fixes). - irqchip/gic-v3: Ensure pseudo-NMIs have an ISB between ack and handling (git-fixes). - irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v3: Fix GICR_CTLR.RWP polling (git-fixes). - irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (git-fixes). - irqchip/gic-v4: Wait for GICR_VPENDBASER.Dirty to clear before descheduling (git-fixes). - irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes). - irqchip/nvic: Release nvic_base upon failure (git-fixes). - irqchip/qcom-pdc: Fix broken locking (git-fixes). - irqchip/realtek-rtl: Fix refcount leak in map_interrupts (git-fixes). - irqchip/realtek-rtl: Service all pending interrupts (git-fixes). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (git-fixes). - ivtv: fix incorrect device_caps for ivtvfb (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - iwlwifi: Fix -EIO error code that is never returned (git-fixes). - iwlwifi: fix use-after-free (git-fixes). - iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes). - iwlwifi: mvm: align locking in D3 test debugfs (git-fixes). - iwlwifi: mvm: check debugfs_dir ptr before use (git-fixes). - iwlwifi: mvm: Correctly set fragmented EBS (git-fixes). - iwlwifi: mvm: Do not call iwl_mvm_sta_from_mac80211() with NULL sta (git-fixes). - iwlwifi: mvm: do not crash on invalid rate w/o STA (git-fixes). - iwlwifi: mvm: do not iterate unadded vifs when handling FW SMPS req (git-fixes). - iwlwifi: mvm: do not send SAR GEO command for 3160 devices (git-fixes). - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes). - iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes). - iwlwifi: mvm: move only to an enabled channel (git-fixes). - iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes). - iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes). - iwlwifi: yoyo: remove DBGI_SRAM address reset writing (git-fixes). - ixgbe: do not reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (git-fixes). - ixgbe: ensure IPsec VF - PF compatibility (git-fixes). - ixgbe: respect metadata on XSK Rx to skb (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971). - jfs: fix divide error in dbNextAG (bsc#1200828). - kABI: fix change of iscsi_host_remove() arguments (bsc#1198410). - kABI: Fix kABI after 'x86/mm/cpa: Generalize __set_memory_enc_pgtable()' (jsc#SLE-19924). - kABI fix of sysctl_run_estimation (git-fixes). - kABI: fix removal of iscsi_destroy_conn (bsc#1198410). - kABI: fix rndis_parameters locking (git-fixes). - kABI: ivtv: restore caps member (git-fixes). - kabi/severities: add exception for bcache symboles - kabi/severities: allow dropping a few invalid exported symbols (bsc#1201218) - kabi/severities: Ignore arch/x86/kvm except for kvm_x86_ops Handle this like in previous SLE kernels. - kABI workaround for fxls8962af iio accel drivers (git-fixes). - kABI workaround for pci quirks (git-fixes). - kconfig: fix failing to generate auto.conf (git-fixes). - kconfig: let 'shell' return enough output for deep path names (git-fixes). - kernel/fork: Initialize mm's PASID (jsc#SLE-24350). - kernel/resource: Introduce request_mem_region_muxed() (git-fixes). - kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (git-fixes). - KEYS: asymmetric: enforce that sig algo matches key algo (git-fixes). - KEYS: asymmetric: properly validate hash_algo and encoding (git-fixes). - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes). - KEYS: trusted: Avoid calling null function trusted_key_exit (git-fixes). - KEYS: trusted: Fix trusted key backends when building as module (git-fixes). - KEYS: trusted: tpm2: Fix migratable logic (git-fixes). - kprobes: Add kretprobe_find_ret_addr() for searching return address (bsc#1193277). - kprobes: Enable stacktrace from pt_regs in kretprobe handler (bsc#1193277). - kprobes: treewide: Cleanup the error messages for kprobes (bsc#1193277). - kprobes: treewide: Make it harder to refer kretprobe_trampoline directly (bsc#1193277). - kprobes: treewide: Remove trampoline_address from kretprobe_trampoline_handler() (bsc#1193277). - kprobes: treewide: Replace arch_deref_entry_point() with dereference_symbol_descriptor() (bsc#1193277). - kprobes: treewide: Use 'kprobe_opcode_t *' for the code address in get_optimized_kprobe() (bsc#1193277). - kselftest/arm64: bti: force static linking (git-fixes). - kunit: tool: Import missing importlib.abc (git-fixes). - KVM: arm64: Avoid consuming a stale esr value when SError occur (git-fixes). - KVM: arm64: Drop unused workaround_flags vcpu field (git-fixes). - KVM: arm64: pkvm: Use the mm_ops indirection for cache maintenance (git-fixes). - KVM: arm64: Use shadow SPSR_EL1 when injecting exceptions on !VHE (git-fixes). - KVM: Clean up benign vcpu->cpu data races when kicking vCPUs (git-fixes). - KVM: Ensure local memslot copies operate on up-to-date arch-specific data (git-fixes). - KVM: fix wrong exception emulation in check_rdtsc (git-fixes). - KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (git-fixes). - KVM: nVMX: Abide to KVM_REQ_TLB_FLUSH_GUEST request on nested vmentry/vmexit (git-fixes). - KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault (git-fixes). - KVM: nVMX: Do not clear CR3 load/store exiting bits if L1 wants 'em (git-fixes). - KVM: nVMX: Emulate guest TLB flush on nested VM-Enter with new vpid12 (git-fixes). - KVM: nVMX: Ensure vCPU honors event request if posting nested IRQ fails (git-fixes). - KVM: nVMX: Flush current VPID (L1 vs. L2) for KVM_REQ_TLB_FLUSH_GUEST (git-fixes). - KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (git-fixes). - KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes). - KVM: s390: Ensure kvm_arch_no_poll() is read once when blocking vCPU (git-fixes). - KVM: s390: pv: add macros for UVC CC values (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes). - KVM: selftests: Do not skip L2's VMCALL in SMM test for SVM guest (bsc#1194523). - KVM: selftests: Re-enable access_tracking_perf_test (bsc#1194526). - KVM: SEV: accept signals in sev_lock_two_vms (bsc#1194526). - KVM: SEV: do not take kvm->lock when destroying (bsc#1194526). - KVM: SEV: Fall back to vmalloc for SEV-ES scratch area if necessary (bsc#1194526). - KVM: SEV: Mark nested locking of kvm->lock (bsc#1194526). - KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails (bsc#1194526). - KVM: SVM: Allow AVIC support on system w/ physical APIC ID > 255 (bsc#1193823). - KVM: SVM: Do not terminate SEV-ES guests on GHCB validation failure (bsc#1194526). - KVM: SVM: drop unnecessary code in svm_hv_vmcb_dirty_nested_enlightenments() (git-fixes). - KVM: SVM: Emulate #INIT in response to triple fault shutdown (git-fixes). - KVM: SVM: Fix kvm_cache_regs.h inclusions for is_guest_mode() (git-fixes). - KVM: SVM: hyper-v: Enable Enlightened MSR-Bitmap support for real (git-fixes). - KVM: SVM: Never reject emulation due to SMAP errata for !SEV guests (git-fixes). - KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak (git-fixes). - KVM: VMX: Do not unblock vCPU w/ Posted IRQ if IRQs are disabled in guest (git-fixes). - KVM: VMX: Fold ept_update_paging_mode_cr0() back into vmx_set_cr0() (git-fixes). - KVM: VMX: Invert handling of CR0.WP for EPT without unrestricted guest (git-fixes). - KVM: VMX: Read Posted Interrupt 'control' exactly once per loop iteration (git-fixes). - KVM: VMX: Refresh list of user return MSRs after setting guest CPUID (git-fixes). - KVM: VMX: Remove defunct 'nr_active_uret_msrs' field (git-fixes). - KVM: VMX: Set failure code in prepare_vmcs02() (git-fixes). - KVM: VMX: Skip pointless MSR bitmap update when setting EFER (git-fixes). - KVM: VMX: Wake vCPU when delivering posted IRQ even if vCPU == this vCPU (git-fixes). - KVM: x86: Assume a 64-bit hypercall for guests with protected state (git-fixes). - kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes). - KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes). - KVM: x86: Do not mark all registers as avail/dirty during RESET/INIT (git-fixes). - KVM: x86: do not print when fail to read/write pv eoi memory (git-fixes). - KVM: x86: Drop guest CPUID check for host initiated writes to MSR_IA32_PERF_CAPABILITIES (git-fixes). - KVM: x86: Drop WARNs that assert a triple fault never 'escapes' from L2 (git-fixes). - KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes). - KVM: X86: Ensure that dirty PDPTRs are loaded (git-fixes). - KVM: x86: Exit to userspace if emulation prepared a completion callback (git-fixes). - KVM: x86: Fix emulation in writing cr8 (git-fixes). - KVM: X86: Fix missed remote tlb flush in rmap_write_protect() (git-fixes). - KVM: x86: Fix uninitialized eoi_exit_bitmap usage in vcpu_load_eoi_exitmap() (git-fixes). - KVM: x86: Handle 32-bit wrap of EIP for EMULTYPE_SKIP with flat code seg (git-fixes). - KVM: x86: hyper-v: Fix the maximum number of sparse banks for XMM fast TLB flush hypercalls (git-fixes). - KVM: x86: Ignore sparse banks size for an 'all CPUs', non-sparse IPI req (git-fixes). - KVM: x86: Mark all registers as avail/dirty at vCPU creation (git-fixes). - KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes). - KVM: x86/mmu: Check for present SPTE when clearing dirty bit in TDP MMU (git-fixes). - KVM: x86/mmu: Complete prefetch for trailing SPTEs for direct, legacy MMU (git-fixes). - KVM: x86/mmu: Fix TLB flush range when handling disconnected pt (git-fixes). - KVM: x86/mmu: Fix write-protection of PTs mapped by the TDP MMU (git-fixes). - KVM: x86/mmu: Passing up the error state of mmu_alloc_shadow_roots() (git-fixes). - KVM: x86/mmu: Pass parameter flush as false in kvm_tdp_mmu_zap_collapsible_sptes() (git-fixes). - KVM: x86/mmu: Remove spurious TLB flushes in TDP MMU zap collapsible path (git-fixes). - KVM: x86/mmu: Skip tlb flush if it has been done in zap_gfn_range() (git-fixes). - KVM: x86/mmu: Update number of zapped pages even if page list is stable (git-fixes). - KVM: x86/mmu: Use yield-safe TDP MMU root iter in MMU notifier unmapping (git-fixes). - KVM: x86: nSVM: restore the L1 host state prior to resuming nested guest on SMM exit (git-fixes). - KVM: x86: nSVM: skip eax alignment check for non-SVM instructions (git-fixes). - KVM: x86: nSVM: test eax for 4K alignment for GP errata workaround (git-fixes). - KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race (git-fixes). - KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register (git-fixes). - KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW (git-fixes). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (git-fixes). - KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs (git-fixes). - KVM: x86: SVM: do not set VMLOAD/VMSAVE intercepts on vCPU reset (git-fixes). - KVM: x86: SVM: fix avic spec based definitions again (bsc#1193823 jsc#SLE-24549). - KVM: x86: SVM: move avic definitions from AMD's spec to svm.h (bsc#1193823 jsc#SLE-24549). - KVM: X86: Synchronize the shadow pagetable before link it (git-fixes). - KVM: x86: Update vCPU's runtime CPUID on write to MSR_IA32_XSS (git-fixes). - KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (git-fixes). - lib: bitmap: fix many kernel-doc warnings (git-fixes). - libbpf: Free up resources used by inner map definition (git-fixes). - lib/iov_iter: initialize 'flags' in new pipe_buffer (git-fixes). - libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes). - linux/dim: Fix divide by 0 in RDMA DIM (git-fixes). - list: fix a data-race around ep->rdllist (git-fixes). - list: introduce list_is_head() helper and re-use it in list.h (git-fixes). - list: test: Add a test for list_is_head() (git-fixes). - livepatch: Do not block removal of patches that are safe to unload (bsc#1071995). - locking: Make owner_on_cpu() into linux/sched.h (bsc#1190137 bsc#1189998). - locking: Remove rt_rwlock_is_contended() (bsc#1190137 bsc#1189998). - locking/rtmutex: Add rt_mutex_lock_nest_lock() and rt_mutex_lock_killable() (bsc#1190137 bsc#1189998). - locking/rtmutex: Squash self-deadlock check for ww_rt_mutex (bsc#1190137 bsc#1189998). - locking/rwlocks: introduce write_lock_nested (bsc#1189998). - LSM: general protection fault in legacy_parse_param (git-fixes). - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes). - mac80211: fix EAPoL rekey fail in 802.3 rx path (git-fixes). - mac80211: fix forwarded mesh frames AC and queue selection (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes). - mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mac80211: minstrel_ht: fix where rate stats are stored (fixes debugfs output) (git-fixes). - mac80211: mlme: check for null after calling kmemdup (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - mac80211: Remove a couple of obsolete TODO (git-fixes). - mac80211: Reset MBSSID parameters upon connection (git-fixes). - mac80211: treat some SAE auth steps as final (git-fixes). - mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes). - macvlan: Fix leaking skb in source mode with nodst option (git-fixes). - mailbox: change mailbox-mpfs compatible string (git-fixes). - mailbox: imx: fix crash in resume on i.mx8ulp (git-fixes). - mailbox: imx: fix wakeup failure from freeze mode (git-fixes). - mailbox: tegra-hsp: Flush whole channel (git-fixes). - maple: fix wrong return value of maple_bus_init() (git-fixes). - md: Do not set mddev private to NULL in raid0 pers->free (git-fixes). - md: fix an incorrect NULL check in does_sb_need_changing (git-fixes). - md: fix an incorrect NULL check in md_reload_sb (git-fixes). - md: fix double free of io_acct_set bioset (git-fixes). - md: fix update super 1.0 on rdev size change (git-fixes). - md: Move alloc/free acct bioset in to personality (git-fixes). - md/raid5: play nice with PREEMPT_RT (bsc#1189998). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: atmel: atmel-isc-base: report frame sizes as full supported range (git-fixes). - media: atmel: atmel-isc: Fix PM disable depth imbalance in atmel_isc_probe (git-fixes). - media: atmel: atmel-sama5d2-isc: fix wrong mask in YUYV format check (git-fixes). - media: atmel: atmel-sama7g5-isc: fix ispck leftover (git-fixes). - media: atomisp: fix bad usage at error handling logic (git-fixes). - media: atomisp: fix dummy_ptr check to avoid duplicate active_bo (git-fixes). - media: atomisp_gmin_platform: Add DMI quirk to not turn AXP ELDO2 regulator off on some boards (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: camss: csid-170: do not enable unused irqs (git-fixes). - media: camss: csid-170: fix non-10bit formats (git-fixes). - media: camss: csid-170: remove stray comment (git-fixes). - media: camss: csid-170: set the right HALT_CMD when disabled (git-fixes). - media: camss: vfe-170: fix 'VFE halt timeout' error (git-fixes). - media: ccs-core.c: fix failure to call clk_disable_unprepare (git-fixes). - media: cec-adap.c: fix is_configuring state (git-fixes). - media: cedrus: h264: Fix neighbour info buffer size (git-fixes). - media: cedrus: H265: Fix neighbour info buffer size (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: cx25821: Fix the warning when removing the module (git-fixes). - media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes). - media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: davinci: vpif: fix use-after-free on driver unbind (git-fixes). - media: doc: pixfmt-rgb: Fix V4L2_PIX_FMT_BGR24 format description (git-fixes). - media: doc: pixfmt-yuv: Fix V4L2-PIX-FMT-Y10P format (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: gpio-ir-tx: fix transmit with long spaces on Orange Pi PC (git-fixes). - media: hantro: Empty encoder capture buffers by default (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: hantro: HEVC: Fix tile info buffer value computation (git-fixes). - media: hantro: HEVC: unconditionnaly set pps_{cb/cr}_qp_offset values (git-fixes). - media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes). - media: i2c: max9286: fix kernel oops when removing module (git-fixes). - media: i2c: max9286: Use dev_err_probe() helper (git-fixes). - media: i2c: max9286: Use 'maxim,gpio-poc' property (git-fixes). - media: i2c: ov5648: Fix lockdep error (git-fixes). - media: i2c: ov5648: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes). - media: i2c: rdacm2x: properly set subdev entity function (git-fixes). - media: imon: reorganize serialization (git-fixes). - media: imx-jpeg: fix a bug of accessing array out of bounds (git-fixes). - media: imx-jpeg: Prevent decoding NV12M jpegs into single-planar buffers (git-fixes). - media: iommu/mediatek: Add device_link between the consumer and the larb devices (git-fixes). - media: iommu/mediatek: Return ENODEV if the device is NULL (git-fixes). - media: iommu/mediatek-v1: Free the existed fwspec if the master dev already has (git-fixes). - media: ir_toy: free before error exiting (git-fixes). - media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes). - media: mexon-ge2d: fixup frames size in registers (git-fixes). - media: mtk-vcodec: potential dereference of null pointer (git-fixes). - media: omap3isp: Use struct_group() for memcpy() region (git-fixes). - media: ov5640: Fix set format, v4l2_mbus_pixelcode not updated (git-fixes). - media: ov5648: Do not pack controls struct (git-fixes). - media: ov6650: Add try support to selection API operations (git-fixes). - media: ov6650: Fix crop rectangle affected by set format (git-fixes). - media: ov6650: Fix set format try processing path (git-fixes). - media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes). - media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes). - media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes). - media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes). - media: rga: fix possible memory leak in rga_probe (git-fixes). - media: rkvdec: h264: Fix bit depth wrap in pps packet (git-fixes). - media: rkvdec: h264: Fix dpb_valid implementation (git-fixes). - media: rkvdec: Stop overclocking the decoder (git-fixes). - media: rockchip/rga: do proper error checking in probe (git-fixes). - media: saa7134: fix incorrect use to determine if list is empty (git-fixes). - media: staging: media: imx: imx7-mipi-csis: Make subdev name unique (git-fixes). - media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com (git-fixes). - media: staging: media: zoran: fix usage of vb2_dma_contig_set_max_seg_size (git-fixes). - media: staging: media: zoran: fix various V4L2 compliance errors (git-fixes). - media: staging: media: zoran: move videodev alloc (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: ti-vpe: cal: Fix a NULL pointer dereference in cal_ctx_v4l2_init_formats() (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes). - media: v4l2-core: Initialize h264 scaling matrix (git-fixes). - media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls (git-fixes). - media: v4l: Avoid unaligned access warnings when printing 4cc modifiers (git-fixes). - media: venus: hfi: avoid null dereference in deinit (git-fixes). - media: venus: hfi_cmds: List HDR10 property as unsupported for v1 and v3 (git-fixes). - media: videobuf2: Fix the size printk format (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - media: vidtv: Check for null return of vzalloc (git-fixes). - mei: avoid iterator usage outside of list_for_each_entry (git-fixes). - mei: hbm: drop capability response on early shutdown (git-fixes). - mei: me: add Alder Lake N device id (git-fixes). - mei: me: add raptor lake point S DID (git-fixes). - mei: me: disable driver on the ign firmware (git-fixes). - memblock: fix memblock_phys_alloc() section mismatch error (git-fixes). - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes). - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - memory: fsl_ifc: populate child nodes of buses and mfd devices (git-fixes). - memory: mtk-smi: Add error handle for smi_probe (git-fixes). - memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode (git-fixes). - memory: renesas-rpc-if: fix platform-device leak in error path (git-fixes). - memory: samsung: exynos5422-dmc: Avoid some over memory allocation (git-fixes). - memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (git-fixes). - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes). - mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (git-fixes). - mfd: exynos-lpass: Drop unneeded syscon.h include (git-fixes). - mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes). - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes). - mgag200 fix memmapsl configuration in GCTL6 register (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: atmel-ssc: Fix IRQ check in ssc_probe (git-fixes). - misc: fastrpc: avoid double fput() on failed usercopy (git-fixes). - misc: fastrpc: fix an incorrect NULL check on list iterator (git-fixes). - misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes). - misc: rtsx: set NULL intfdata when probe fails (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mISDN: Fix memory leak in dsp_pipeline_build() (git-fixes). - mlx5: kabi protect lag_mp (git-fixes). - mlxsw: spectrum: Protect driver from buggy firmware (git-fixes). - mm: Add fault_in_subpage_writeable() to probe at sub-page granularity (git-fixes) - mmc: block: Check for errors after write on SPI (git-fixes). - mmc: block: Fix CQE recovery reset success (git-fixes). - mmc: block: fix read single on recovery logic (git-fixes). - mmc: core: Allows to override the timeout value for ioctl() path (git-fixes). - mmc: core: Fixup support for writeback-cache for eMMC and SD (git-fixes). - mmc: core: Set HS clock speed before sending HS CMD13 (git-fixes). - mmc: core: Wait for command setting 'Power Off Notification' bit to complete (git-fixes). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mm: Change CONFIG option for mm->pasid field (jsc#SLE-24350). - mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes). - mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes). - mm/cma: provide option to opt out from exposing pages on activation failure (bsc#1195099 ltc#196102). - mmc: mediatek: wait dma stop bit reset to 0 (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes). - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes). - mmc: rtsx: add 74 Clocks in power on flow (git-fixes). - mmc: rtsx: Fix build errors/warnings for unused variable (git-fixes). - mmc: rtsx: Let MMC core handle runtime PM (git-fixes). - mmc: rtsx: Use pm_runtime_{get,put}() to handle runtime PM (git-fixes). - mmc: sdhci_am654: Fix the driver data of AM64 SoC (git-fixes). - mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (git-fixes). - mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes). - mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (git-fixes). - mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (git-fixes). - mm: fs: fix lru_cache_disabled race in bh_lru (bsc#1197761). - mm: Fully initialize invalidate_lock, amend lock class later (bsc#1197921). - mm: memcg: synchronize objcg lists with a dedicated spinlock (bsc#1198402). - mm/page_alloc: always attempt to allocate at least one page during bulk allocation (git fixes (mm/pgalloc)). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mm, page_alloc: fix build_zonerefs_node() (git-fixes). - mm/scatterlist: replace the !preemptible warning in sg_miter_stop() (bsc#1189998). - mm/slub: add missing TID updates on slab deactivation (git-fixes). - mm, thp: fix incorrect unmap behavior for private pages (bsc#1198024). - mm, thp: lock filemap when truncating page cache (bsc#1198023). - mm/vmalloc: fix comments about vmap_area struct (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - modpost: fix removing numeric suffixes (git-fixes). - modpost: fix section mismatch check for exported init/exit sections (git-fixes). - modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes). - modpost: restore the warning message for missing symbol versions (git-fixes). - mptcp: add missing documented NL params (git-fixes). - mt76: connac: fix sta_rec_wtbl tag len (git-fixes). - mt76: dma: initialize skip_unmap in mt76_dma_rx_fill (git-fixes). - mt76: do not attempt to reorder received 802.3 packets without agg session (git-fixes). - mt76: fix encap offload ethernet type check (git-fixes). - mt76: fix monitor mode crash with sdio driver (git-fixes). - mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes). - mt76: mt7603: check sta_rates pointer in mt7603_sta_rate_tbl_update (git-fixes). - mt76: mt7615: check sta_rates pointer in mt7615_sta_rate_tbl_update (git-fixes). - mt76: mt7615: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7615: Fix assigning negative values to unsigned variable (git-fixes). - mt76: mt7915: fix injected MPDU transmission to not use HW A-MSDU (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_sta_basic_tlv (git-fixes). - mt76: mt7915: use proper aid value in mt7915_mcu_wtbl_generic_tlv in sta mode (git-fixes). - mt76: mt7921: accept rx frames with non-standard VHT MCS10-11 (git-fixes). - mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835). - mt76: mt7921: fix a leftover race in runtime-pm (git-fixes). - mt76: mt7921: fix crash when startup fails (git-fixes). - mt76: mt7921: fix mt7921_queues_acq implementation (git-fixes). - mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes). - mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (git-fixes). - mtd: mchp23k256: Add SPI ID table (git-fixes). - mtd: mchp48l640: Add SPI ID table (git-fixes). - mtd: onenand: Check for error irq (git-fixes). - mtd: parsers: qcom: Fix kernel panic on skipped partition (git-fixes). - mtd: parsers: qcom: Fix missing free for pparts in cleanup (git-fixes). - mtd: phram: Prevent divide by zero bug in phram_setup() (git-fixes). - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes). - mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes). - mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe() (git-fixes). - mtd: rawnand: denali: Use managed device resources (git-fixes). - mtd: rawnand: fix ecc parameters for mt7622 (git-fixes). - mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes). - mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes). - mtd: rawnand: gpmi: fix controller timings setting (git-fixes). - mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes). - mtd: rawnand: ingenic: Fix missing put_device in ingenic_ecc_get (git-fixes). - mtd: rawnand: intel: fix possible null-ptr-deref in ebu_nand_probe() (git-fixes). - mtd: rawnand: pl353: Set the nand chip node as the flash node (git-fixes). - mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes). - mtd: rawnand: qcom: fix memory corruption that causes panic (git-fixes). - mtd: spinand: gigadevice: fix Quad IO for GD5F1GQ5UExxG (git-fixes). - mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes). - mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes). - n64cart: convert bi_disk to bi_bdev->bd_disk fix build (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: atlantic: Avoid out-of-bounds indexing (git-fixes). - net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes). - net: axienet: setup mdio unconditionally (git-fixes). - net: bnxt_ptp: fix compilation error (bsc#1199736). - net: dev: Always serialize on Qdisc::busylock in __dev_xmit_skb() on PREEMPT_RT (bsc#1189998). - net: dev: Change the order of the arguments for the contended condition (bsc#1189998). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: dpaa_eth: remove dead select in menuconfig FSL_DPAA_ETH (git-fixes). - net: dsa: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: hellcreek: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: microchip: ksz8863: be compatible with masters which unregister on shutdown (git-fixes). - net: dsa: xrs700x: be compatible with masters which unregister on shutdown (git-fixes). - net: ethernet: lantiq_etop: fix build errors/warnings (git-fixes). - net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (git-fixes). - net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (git-fixes). - net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (git-fixes). - net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks (git-fixes). - netfilter: conntrack: move synack init code to helper (bsc#1199035). - netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035). - netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035). - netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035). - net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() (git-fixes). - net: hns3: add NULL pointer check for hns3_set/get_ringparam() (git-fixes). - net: hns3: add return value for mailbox handling in PF (bsc#1190336). - net: hns3: add validity check for message data length (git-fixes). - net: hns3: add vlan list lock to protect vlan list (git-fixes). - net: hns3: align the debugfs output to the left (git-fixes). - net: hns3: clear inited state and stop client after failed to register netdev (git-fixes). - net: hns3: fix bug when PF set the duplicate MAC address for VFs (git-fixes). - net: hns3: fix phy can not link up when autoneg off and reset (git-fixes). - net: hns3: fix port base vlan add fail when concurrent with reset (git-fixes). - net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware (git-fixes). - net: hns3: handle empty unknown interrupt for VF (git-fixes). - net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (git-fixes). - net: hns3: refine the process when PF set VF VLAN (git-fixes). - net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes). - net/ice: Add support for enable_iwarp and enable_roce devlink param (bsc#1200502). - net/ice: Fix boolean assignment (bsc#1200502). - net/ice: Remove unused enum (bsc#1200502). - net: ipa: disable HOLB drop when updating timer (git-fixes). - net: ipa: HOLB register sometimes must be written twice (git-fixes). - net/ipa: ipa_resource: Fix wrong for loop range (git-fixes). - net: ipv6: unexport __init-annotated seg6_hmac_init() (bsc#1201218). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1201218). - net: macb: Align the dma and coherent dma masks (git-fixes). - net: mana: Add counter for packet dropped by XDP (bsc#1195651). - net: mana: Add counter for XDP_TX (bsc#1195651). - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651). - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651). - net: mana: Reuse XDP dropped page (bsc#1195651). - net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651). - net: marvell: mvpp2: increase MTU limit when XDP enabled (git-fixes). - net: marvell: prestera: fix double free issue on err path (git-fixes). - net: mdio: do not defer probe forever if PHY IRQ provider is missing (git-fixes). - net: mdio: unexport __init-annotated mdio_bus_init() (bsc#1201218). - net/mlx5: Avoid double clear or set of sync reset requested (git-fixes). - net/mlx5: Bridge, ensure dev_name is null-terminated (git-fixes). - net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (git-fixes). - net/mlx5: Bridge, take rtnl lock in init error handler (git-fixes). - net/mlx5: DR, Cache STE shadow memory (git-fixes). - net/mlx5: DR, Do not allow match on IP w/o matching on full ethertype/ip_version (git-fixes). - net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (jsc#SLE-19253). - net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (git-fixes). - net/mlx5e: Add missing increment of count (jsc#SLE-19253). - net/mlx5e: Avoid field-overflowing memcpy() (git-fixes). - net/mlx5e: Avoid implicit modify hdr for decap drop rule (jsc#SLE-19253). - net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (git-fixes). - net/mlx5e: Do not treat small ceil values as unlimited in HTB offload (git-fixes). - net/mlx5e: Fix broken SKB allocation in HW-GRO (jsc#SLE-19253). - net/mlx5e: Fix handling of wrong devices during bond netevent (git-fixes). - net/mlx5e: Fix module EEPROM query (git-fixes). - net/mlx5e: Fix the calling of update_buffer_lossy() API (git-fixes). - net/mlx5e: Fix trust state reset in reload (git-fixes). - net/mlx5e: Fix wrong calculation of header index in HW_GRO (jsc#SLE-19253). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Fix wrong source vport matching on tunnel rule (jsc#SLE-19253). - net/mlx5e: IPsec: Fix crypto offload for non TCP/UDP encapsulated traffic (git-fixes). - net/mlx5e: IPsec: Fix tunnel mode crypto offload for non TCP/UDP traffic (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (git-fixes). - net/mlx5e: Lag, Do not skip fib events on current dst (git-fixes). - net/mlx5e: Lag, Fix fib_info pointer assignment (git-fixes). - net/mlx5e: Lag, Fix use-after-free in fib event handler (git-fixes). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (git-fixes). - net/mlx5e: MPLSoUDP decap, fix check for unsupported matches (git-fixes). - net/mlx5e: SHAMPO, reduce TIR indication (jsc#SLE-19253). - net/mlx5: E-Switch, Fix uninitialized variable modact (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: Use struct_group() for memcpy() region (git-fixes). - net/mlx5: Fix a race on command flush flow (git-fixes). - net/mlx5: Fix deadlock in sync reset flow (git-fixes). - net/mlx5: Fix matching on inner TTC (jsc#SLE-19253). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (jsc#SLE-19253). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix size field in bufferx_reg struct (git-fixes). - net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (git-fixes). - net/mlx5: Fix tc max supported prio for nic mode (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Use del_timer_sync in fw reset flow of halting poll (git-fixes). - net: mvmdio: fix compilation warning (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: ax88772a: fix lost pause advertisement configuration (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: correct spelling error of media in documentation (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: dp83867: retrigger SGMII AN when link change (git-fixes). - net: phy: Fix race condition on link status change (git-fixes). - net: phy: marvell10g: fix return value on error (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes). - net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes). - net: phy: mediatek: remove PHY mode check on MT7531 (git-fixes). - net: phy: meson-gxl: fix interrupt handling in forced mode (git-fixes). - net: phy: meson-gxl: improve link-up behavior (git-fixes). - net: phy: micrel: Allow probing without .driver_data (git-fixes). - net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (git-fixes). - net: phy: micrel: Pass .probe for KS8737 (git-fixes). - net: phy: mscc: Add MODULE_FIRMWARE macros (git-fixes). - net: phy: mscc-miim: reject clause 45 register accesses (git-fixes). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (git-fixes). - net: rose: fix UAF bugs caused by timer handler (git-fixes). - net: sfc: add missing xdp queue reinitialization (git-fixes). - net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (git-fixes). - net: sfc: fix memory leak due to ptp channel (git-fixes). - net: sfc: fix using uninitialized xdp tx_queue (git-fixes). - net/smc: Avoid warning of possible recursive locking (git-fixes). - net/smc: fix connection leak (git-fixes). - net/smc: fixes for converting from 'struct smc_cdc_tx_pend **' to 'struct smc_wr_tx_pend_priv *' (git-fixes). - net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server (git-fixes). - net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client (git-fixes). - net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (git-fixes). - net/smc: postpone sk_refcnt increment in connect() (git-fixes). - net/smc: remove redundant re-assignment of pointer link (git-fixes). - net/smc: Remove unused function declaration (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - net/smc: set ini->smcrv2.ib_dev_v2 to NULL if SMC-Rv2 is unavailable (git-fixes). - net/smc: sync err code when tcp connection was refused (git-fixes). - net/smc: Transfer remaining wait queue entries during fallback (git-fixes). - net/smc: Transitional solution for clcsock race issue (git-fixes). - net/smc: Use a mutex for locking 'struct smc_pnettable' (git-fixes). - net/smc: use memcpy instead of snprintf to avoid out of bounds read (git-fixes). - net: stmmac: fix gcc-10 -Wrestrict warning (git-fixes). - net: stmmac: Fix signed/unsigned wreckage (git-fixes). - net: stmmac: socfpga: add runtime suspend/resume callback for stratix10 platform (git-fixes). - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: asix: do not force pause frames support (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes). - Netvsc: Call hv_unmap_memory() in the netvsc_device_remove() (bsc#1183682). - net/x25: Fix null-ptr-deref caused by x25_disconnect (git-fixes). - net: xfrm: unexport __init-annotated xfrm4_protocol_init() (bsc#1201218). - nfc: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes). - nfc: nci: add flush_workqueue to prevent uaf (git-fixes). - nfc: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes). - nfc: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes). - nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes). - nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes). - nfc: NULL out the dev->rfkill to prevent UAF (git-fixes). - NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes). - nfc: pn533: Fix buggy cleanup order (git-fixes). - nfc: port100: fix use-after-free in port100_send_complete (git-fixes). - nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nfp: flower: fix ida_idx not being released (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFSD: allow delegation state ids to be revoked and then freed (bsc#1192483). - NFSD: allow lock state ids to be revoked and then freed (bsc#1192483). - NFSD: allow open state ids to be revoked and then freed (bsc#1192483). - nfsd: destroy percpu stats counters after reply cache shutdown (git-fixes). - NFSD: do not admin-revoke NSv4.0 state ids (bsc#1192483). - NFSD: Fix a write performance regression (bsc#1197016). - NFSD: fix crash on COPY_NOTIFY with special stateid (git-fixes). - NFSD: Fix nsfd startup race (again) (git-fixes). - nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes). - NFSD: Fix READDIR buffer overflow (git-fixes). - NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957). - NFSD: Fix verifier returned in stable WRITEs (git-fixes). - NFSD: Fix zero-length NFSv3 WRITEs (git-fixes). - NFSD: more robust allocation failure handling in nfsd_file_cache_init (git-fixes). - NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Do not loop forever in nfs_do_recoalesce() (git-fixes). - NFS: Do not overfill uncached readdir pages (git-fixes). - NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes). - NFS: Do not report ENOSPC write errors twice (git-fixes). - NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes). - NFS: Do not report flush errors in nfs_write_end() (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: do not store 'struct cred *' in struct nfs_access_entry (git-fixes). - NFSD: prepare for supporting admin-revocation of state (bsc#1192483). - NFSD: Replace use of rwsem with errseq_t (bsc#1196960). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Ensure the server had an up to date ctime before renaming (git-fixes). - NFS: fix broken handling of the softreval mount option (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (git-fixes). - NFS: Further fixes to the writeback error handling (git-fixes). - NFS: limit use of ACCESS cache for negative responses (bsc#1196570). - NFS: Memory allocation failures are not server fatal errors (git-fixes). - NFS: NFSv2/v3 clients should never be setting NFS_CAP_XATTR (git-fixes). - NFS: pass cred explicitly for access tests (git-fixes). - NFS: Remove an incorrect revalidation in nfs4_update_changeattr_locked() (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4.1 mark qualified async operations as MOVEABLE tasks (git-fixes). - NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes). - NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes). - NFSv4: Do not invalidate inode attributes on delegation return (git-fixes). - NFSv4: Fix another issue with a list iterator pointing to the head (git-fixes). - NFSv4: fix open failure with O_ACCMODE flag (git-fixes). - NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes). - NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes). - nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size (git-fixes). - nl80211: fix locking in nl80211_set_tx_bitrate_mask() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - nl80211: show SSID for P2P_GO interfaces (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - nl80211: validate S1G channel width (git-fixes). - ntb_hw_switchtec: Fix bug with more than 32 partitions (git-fixes). - ntb_hw_switchtec: Fix pff ioread to read into mmio_part_cfg_all (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - n_tty: wake up poll(POLLRDNORM) on receiving data (git-fixes). - nvme: add verbose error logging (bsc#1200567). Update config files. - nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes). - nvme: do not return an error from nvme_configure_metadata (git-fixes). - nvme: expose cntrltype and dctype through sysfs (jsc#SLE-23643). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme: send uevent on connection up (jsc#SLE-23643). - objtool: Add frame-pointer-specific function ignore (bsc#1193277). - objtool: Fix code relocs vs weak symbols (git-fixes). - objtool: Fix type of reloc::addend (git-fixes). - objtool: Ignore unwind hints for ignored functions (bsc#1193277). - ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920). - octeontx2-af: Add a 'rvu_free_bitmap()' function (gix-fixes). - octeontx2-af: Fix some memory leaks in the error handling path of 'cgx_lmac_init()' (git-fixes). - of: base: Fix phandle argument length mismatch error message (git-fixes). - of: base: Improve argument length mismatch error (git-fixes). - of/fdt: Do not worry about non-memory region overlap for no-map (git-fixes). - of: overlay: do not break notify on NOTIFY_{OK|STOP} (git-fixes). - of: Support more than one crash kernel regions for kexec -s (git-fixes). - of: unittest: 64 bit dma address test requires arch support (git-fixes). - of: unittest: fix warning on PowerPC frame size warning (git-fixes). - of: unittest: update text of expected warnings (git-fixes). - pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config - PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (git-fixes). - PCI: aardvark: Add support for ERR interrupt on emulated bridge (git-fixes). - PCI: aardvark: Add support for masking MSI interrupts (git-fixes). - PCI: aardvark: Add support for PME interrupts (git-fixes). - PCI: aardvark: Assert PERST# when unbinding driver (git-fixes). - PCI: aardvark: Clear all MSIs at setup (git-fixes). - PCI: aardvark: Comment actions in driver remove method (git-fixes). - PCI: aardvark: Disable bus mastering when unbinding driver (git-fixes). - PCI: aardvark: Disable common PHY when unbinding driver (git-fixes). - PCI: aardvark: Disable link training when unbinding driver (git-fixes). - PCI: aardvark: Do not mask irq when mapping (git-fixes). - PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (git-fixes). - PCI: aardvark: Enable MSI-X support (git-fixes). - PCI: aardvark: Fix memory leak in driver unbind (git-fixes). - PCI: aardvark: Fix reading MSI interrupt number (git-fixes). - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes). - PCI: aardvark: Fix setting MSI address (git-fixes). - PCI: aardvark: Fix support for MSI interrupts (git-fixes). - PCI: aardvark: Fix support for PME requester on emulated bridge (git-fixes). - PCI: aardvark: Make msi_domain_info structure a static driver structure (git-fixes). - PCI: aardvark: Make MSI irq_chip structures static driver structures (git-fixes). - PCI: aardvark: Mask all interrupts when unbinding driver (git-fixes). - PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (git-fixes). - PCI: aardvark: Refactor unmasking summary MSI interrupt (git-fixes). - PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (git-fixes). - PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (git-fixes). - PCI: aardvark: Rewrite IRQ code to chained IRQ handler (git-fixes). - PCI: aardvark: Update comment about link going down after link-up (git-fixes). - PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (git-fixes). - PCI: aardvark: Use separate INTA interrupt for emulated root bridge (git-fixes). - PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3 (git-fixes). - PCI: Add ACS quirk for Pericom PI7C9X2G switches (bsc#1199390). - PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes). - PCI: Avoid broken MSI on SB600 USB devices (git-fixes). - PCI: cadence: Fix find_first_zero_bit() limit (git-fixes). - PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes). - PCI: endpoint: Fix alignment fault error in copy tests (git-fixes). - PCI: endpoint: Fix misused goto label (git-fixes). - PCI: fu740: Force 2.5GT/s for initial device probe (git-fixes). - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (git-fixes). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes). - PCI: imx6: Fix PERST# start-up sequence (git-fixes). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (git-fixes). - PCI: microchip: Fix potential race in interrupt handling (git-fixes). - PCI: mvebu: Fix configuring secondary bus of PCIe Root Port via emulated bridge (git-fixes). - PCI: mvebu: Fix device enumeration regression (git-fixes). - PCI: mvebu: Fix support for bus mastering and PCI_COMMAND on emulated bridge (git-fixes). - PCI: mvebu: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge (git-fixes). - PCI: mvebu: Setup PCIe controller to Root Complex mode (git-fixes). - PCI: pci-bridge-emul: Add definitions for missing capabilities registers (git-fixes). - PCI: pci-bridge-emul: Add description for class_revision field (git-fixes). - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes). - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes). - PCI/PM: Power up all devices during runtime resume (git-fixes). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes). - PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes). - PCI/switchtec: Add Gen4 automotive device IDs (git-fixes). - PCI: Work around Intel I210 ROM BAR overlap defect (git-fixes). - pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes). - perf: Copy perf_event_attr::sig_data on modification (git fixes). - perf/core: Do not pass task around when ctx sched in (git-fixes). - perf/core: Fix address filter parser for multiple filters (git fixes). - perf/core: Fix cgroup event list management (git fixes). - perf/core: Fix perf_cgroup_switch() (git fixes). - perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled (git fixes). - perf: Fix list corruption in perf_cgroup_switch() (git fixes). - perf/x86/intel/pt: Fix address filter config for 32-bit kernel (git fixes). - perf/x86/intel/pt: Fix crash with stop filters in single-range mode (git fixes). - perf/x86/intel/uncore: Make uncore_discovery clean for 64 bit addresses (bsc#1197304). - perf/x86/intel: Update the FRONTEND MSR mask on Sapphire Rapids (git fixes). - phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe() (git-fixes). - phy: amlogic: meson8b-usb2: fix shared reset control use (git-fixes). - phy: amlogic: meson8b-usb2: Use dev_err_probe() (git-fixes). - phy: amlogic: phy-meson-gxl-usb2: fix shared reset controller use (git-fixes). - phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes). - phy: broadcom: Kconfig: Fix PHY_BRCM_USB config option (git-fixes). - phy: dphy: Correct clk_pre parameter (git-fixes). - phy: dphy: Correct lpx parameter and its derivatives(ta_{get,go,sure}) (git-fixes). - phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes). - phy: phy-brcm-usb: fixup BCM4908 support (git-fixes). - phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes). - phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes). - phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes). - phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes). - phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes). - phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() (git-fixes). - phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes). - phy: ti: Fix missing sentinel for clk_div_table (git-fixes). - phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes). - phy: usb: Leave some clocks running during suspend (git-fixes). - phy: xilinx: zynqmp: Fix bus width setting for SGMII (git-fixes). - pinctrl: bcm2835: Fix a few error paths (git-fixes). - pinctrl: bcm63xx: fix unmet dependency on REGMAP for GPIO_REGMAP (git-fixes). - pinctrl: fix loop in k210_pinconf_get_drive() (git-fixes). - pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes). - pinctrl: intel: fix unexpected interrupt (git-fixes). - pinctrl: k210: Fix bias-pull-up (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: moore: Fix build error (git-fixes). - pinctrl: mediatek: mt8195: enable driver on mtk platforms (git-fixes). - pinctrl: mediatek: mt8365: fix IES control pins (git-fixes). - pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_BIAS_* readback (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: mediatek: paris: Skip custom extra pin config dump for virtual GPIOs (git-fixes). - pinctrl: microchip-sgpio: lock RMW access (git-fixes). - pinctrl: microchip sgpio: use reset driver (git-fixes). - pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: npcm: Fix broken references to chip->parent_device (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (git-fixes). - pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes). - pinctrl: renesas: checker: Fix miscalculation of number of states (git-fixes). - pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl: renesas: r8a77470: Reduce size for narrow VIN1 channel (git-fixes). - pinctrl: renesas: r8a779a0: Fix GPIO function on I2C-capable pins (git-fixes). - pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources() (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config (git-fixes). - pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI (git-fixes). - pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (git-fixes). - pinctrl: sunxi: fix f1c100s uart2 function (git-fixes). - pinctrl: sunxi: Fix H616 I2S3 pin data (git-fixes). - pinctrl: sunxi: Use unique lockdep classes for IRQs (git-fixes). - pinctrl: tegra: tegra194: drop unused pin groups (git-fixes). - pinctrl: tigerlake: Revert 'Add Alder Lake-M ACPI ID' (git-fixes). - ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826). - ping: remove pr_err from ping_lookup (bsc#1195826). - pipe: Fix missing lock in pipe_resize_ring() (git-fixes). - platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes). - platform/chrome: cros_ec: fix error handling in cros_ec_register() (git-fixes). - platform/chrome: cros_ec_typec: Check for EC device (git-fixes). - platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls (git-fixes). - platform: finally disallow IRQ0 in platform_get_irq() and its ilk (git-fixes). - platform/surface: aggregator: Fix initialization order when compiling as builtin module (git-fixes). - platform/surface: surface3-wmi: Simplify resource management (git-fixes). - platform/x86: Add Intel Software Defined Silicon driver (jsc#SLE-18938). - platform/x86: asus-wmi: Add support for custom fan curves (bsc#1198058). - platform/x86: asus-wmi: Delete impossible condition (bsc#1198058). - platform/x86: asus-wmi: Fix driver not binding when fan curve control probe fails (git-fixes). - platform/x86: asus-wmi: Fix regression when probing for fan curve control (bsc#1198058). - platform/x86: asus-wmi: Fix 'unsigned 'retval' is never less than zero' smatch warning (bsc#1198058). - platform/x86: asus-wmi: Potential buffer overflow in asus_wmi_evaluate_method_buf() (git-fixes). - platform/x86: gigabyte-wmi: Add support for B450M DS3H-CF (git-fixes). - platform/x86: gigabyte-wmi: Add Z690M AORUS ELITE AX DDR4 support (git-fixes). - platform/x86: huawei-wmi: check the return value of device_create_file() (git-fixes). - platform/x86: intel-hid: fix _DSM function index handling (git-fixes). - platform/x86/intel/sdsi: Fix bug in multi packet reads (jsc#SLE-18901). - platform/x86/intel/sdsi: Handle leaky bucket (jsc#SLE-18901). - platform/x86/intel/sdsi: Poll on ready bit for writes (jsc#SLE-18901). - platform/x86: panasonic-laptop: de-obfuscate button codes (git-fixes). - platform/x86: panasonic-laptop: do not report duplicate brightness key-presses (git-fixes). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (git-fixes). - platform/x86: panasonic-laptop: revert 'Resolve hotkey double trigger bug' (git-fixes). - platform/x86: panasonic-laptop: sort includes alphabetically (git-fixes). - platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RWC NANOTE P8 AY07J 2-in-1 (git-fixes). - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (git-fixes). - PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes). - PM: domains: Fix initialization of genpd's next_wakeup (git-fixes). - PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove() (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: hibernate: Remove register_nosave_region_late() (git-fixes). - PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes). - pNFS: Avoid a live lock condition in pnfs_update_layout() (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes). - powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes). - powerpc/64s: Do not use DSISR for SLB faults (bsc#1194869). - powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395). - powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes). - powerpc/bpf: Update ldimm64 instructions during extra pass (bsc#1194869). - powerpc: Do not select HAVE_IRQ_EXIT_ON_IRQ_STACK (bsc#1194869). - powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: opt out from freeing pages on cma activation failure (bsc#1195099 ltc#196102). - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/idle: Fix return value of __setup() handler (bsc#1065729). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mce: Modify the real address error logging messages (jsc#SLE-18194). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes). - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes). - powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395). - powerpc/perf: Fix the threshold compare group constraint for power10 (bsc#1194869). - powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729). - powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes). - powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Parse control memory access error (jsc#SLE-18194). - powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451). - powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/vdso: Fix incorrect CFI in gettimeofday.S (bsc#1199173 ltc#197388). - powerpc/vdso: Remove cvdso_call_time macro (bsc#1199173 ltc#197388). - powerpc/xive: Add a debugfs file to dump EQs (bsc#1194409 ltc#195810). - powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes). - powerpc/xive: Change the debugfs file 'xive' into a directory (bsc#1194409 ltc#195810). - powerpc/xive: Export XIVE IPI information for online-only processors (bsc#1194409 ltc#195810). - powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - powerpc/xive: Introduce an helper to print out interrupt characteristics (bsc#1194409 ltc#195810). - powerpc/xive: Introduce xive_core_debugfs_create() (bsc#1194409 ltc#195810). - powerpc/xive: Rename the 'cpus' debugfs file to 'ipis' (bsc#1194409 ltc#195810). - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes). - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes). - power: supply: axp20x_battery: properly report current when discharging (git-fixes). - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes). - power: supply: axp288_fuel_gauge: Drop BIOS version check from 'T3 MRD' DMI quirk (git-fixes). - power: supply: axp288_fuel_gauge: Fix battery reporting on the One Mix 1 (git-fixes). - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes). - power: supply: sbs-charger: Do not cancel work that is not initialized (git-fixes). - power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes). - power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes). - pps: clients: gpio: Propagate return value from pps_gpio_probe (git-fixes). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - proc: bootconfig: Add null pointer check (git-fixes). - proc: fix documentation and description of pagemap (git-fixes). - procfs: prevent unprivileged processes accessing fdinfo dir (git-fixes). - psi: fix 'defined but not used' warnings when (git-fixes) - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413). - pvpanic: Fix typos in the comments (git-fixes). - pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes). - qed: display VF trust config (git-fixes). - qede: confirm skb is allocated before using (git-fixes). - qed: fix ethtool register dump (jsc#SLE-19001). - qed: return status of qed_iov_get_link (git-fixes). - qla2xxx: add ->map_queues support for nvme (bsc#1195823). - qlcnic: dcb: default to returning -EOPNOTSUPP (git-fixes). - raid5: introduce MD_BROKEN (git-fixes). - random: check for signal_pending() outside of need_resched() check (git-fixes). - random: wake up /dev/random writers after zap (git-fixes). - random: wire up fops->splice_{read,write}_iter() (git-fixes). - ray_cs: Check ioremap return value (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (git-fixes). - RDMA/cma: Use correct address when leaving multicast group (git-fixes). - RDMA/core: Fix ib_qp_usecnt_dec() called when error (jsc#SLE-19249). - RDMA/core: Set MR type in ib_reg_user_mr (git-fixes). - RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/irdma: Fix netdev notifications for vlan's (git-fixes). - RDMA/irdma: Fix Passthrough mode in VM (git-fixes). - RDMA/irdma: Fix possible crash due to NULL netdev in notifier (git-fixes). - RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (git-fixes). - RDMA/irdma: Prevent some integer underflows (git-fixes). - RDMA/irdma: Reduce iWARP QP destroy time (git-fixes). - RDMA/irdma: Remove incorrect masking of PD (git-fixes). - RDMA/irdma: Set protocol based on PF rdma_mode flag (bsc#1200502). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/mlx5: Add a missing update of cache->last_add (git-fixes). - RDMA/mlx5: Do not remove cache MRs when a delay is needed (git-fixes). - RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes). - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (git-fixes). - RDMA/nldev: Prevent underflow in nldev_stat_set_counter_dynamic_doit() (jsc#SLE-19249). - RDMA/rtrs-clt: Fix possible double free in error case (git-fixes). - RDMA/rtrs-clt: Move free_permit from free_clt to rtrs_clt_close (git-fixes). - RDMA/rxe: Change variable and function argument to proper type (jsc#SLE-19249). - RDMA/rxe: Check the last packet by RXE_END_MASK (git-fixes). - RDMA/rxe: Fix ref error in rxe_av.c (jsc#SLE-19249). - RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/siw: Fix refcounting leak in siw_create_qp() (jsc#SLE-19249). - RDMA/ucma: Protect mc during concurrent multicast leaves (git-fixes). - regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes). - regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (git-fixes). - regmap-irq: Update interrupt clear register for proper reset (git-fixes). - regulator: atc260x: Fix missing active_discharge_on setting (git-fixes). - regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes). - regulator: core: fix false positive in regulator_late_cleanup() (git-fixes). - regulator: da9121: Fix uninit-value in da9121_assign_chip_model() (git-fixes). - regulator: mt6315: Enforce regulator-compatible, not name (git-fixes). - regulator: mt6315-regulator: fix invalid allowed mode (git-fixes). - regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - regulator: qcom_smd: Fix up PM8950 regulator configuration (git-fixes). - regulator: rpi-panel: Handle I2C errors/timing to the Atmel (git-fixes). - regulator: scmi: Fix refcount leak in scmi_regulator_probe (git-fixes). - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes). - remoteproc: Fix count check in rproc_coredump_write() (git-fixes). - remoteproc: imx_rproc: Ignore create mem entry for resource table (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes). - Revert 'drm/amd/display: Fix DCN3 B0 DP Alt Mapping' (git-fixes). - Revert 'drm/amdgpu/display: set vblank_disable_immediate for DC' (git-fixes). - Revert 'svm: Add warning message for AVIC IPI invalid target' (git-fixes). - rfkill: make new event layout opt-in (git-fixes). - rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (git-fixes). - riscv: Fix fill_callchain return value (git fixes). - rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (git-fixes). - rpmsg: qcom_smd: Fix redundant channel->registered assignment (git-fixes). - rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_probe() (git-fixes). - rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (git-fixes). - rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (git-fixes). - rtc: check if __rtc_read_time was successful (git-fixes). - rtc: fix use-after-free on device removal (git-fixes). - rtc: ftrtc010: Fix error handling in ftrtc010_rtc_probe (git-fixes). - rtc: ftrtc010: Use platform_get_irq() to get the interrupt (git-fixes). - rtc: mc146818-lib: fix locking in mc146818_set_time (git-fixes). - rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes). - rtc: mt6397: check return value after calling platform_get_resource() (git-fixes). - rtc: mxc: Silence a clang warning (git-fixes). - rtc: pcf2127: fix bug when reading alarm registers (git-fixes). - rtc: pl031: fix rtc features null pointer dereference (git-fixes). - rtc: sun6i: Fix time overflow handling (git-fixes). - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes). - rtl818x: Prevent using not initialized queues (git-fixes). - rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes). - rtw88: 8821c: fix debugfs rssi value (git-fixes). - rtw88: 8821c: support RFE type4 wifi NIC (git-fixes). - rtw88: Disable PCIe ASPM while doing NAPI poll on 8821CE (git-fixes). - rtw88: rtw8821c: enable rfe 6 devices (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix data corruption for ESE devices (git-fixes). - s390/dasd: Fix read for ESE with blksize 4k (git-fixes). - s390/dasd: Fix read inconsistency for ESE DASD devices (git-fixes). - s390/dasd: prevent double format of tracks for ESE devices (git-fixes). - s390/entry: fix duplicate tracking of irq nesting level (git-fixes). - s390/extable: fix exception table sorting (git-fixes). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/perf: obtain sie_block from the right address (bsc#1200315 LTC#198473). - s390/setup: avoid reserving memory above identity mapping (git-fixes). - s390/smp: sort out physical vs virtual pointers usage (git-fixes). - sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes). - sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes). - sc16is7xx: Fix for incorrect data being transmitted (git-fixes). - sched/core: Export pelt_thermal_tp (git-fixes) - sched/core: Fix forceidle balancing (git-fixes) - sched/core: Mitigate race (git-fixes) - sched/cpuacct: Fix charge percpu cpuusage (git-fixes) - sched/cpuacct: Fix user/system in shown cpuacct.usage* (git-fixes) - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched: Define and initialize a flag to identify valid PASID in the task (jsc#SLE-24350). - sched/fair: Consider CPU affinity when allowing NUMA imbalance in find_idlest_group() (bnc#1193431). - sched/fair: Fix fault in reweight_entity (git fixes (sched/core)). - sched/fair: Revise comment about lb decision matrix (git-fixes) - sched: Fix balance_push() vs __sched_setscheduler() (git-fixes) - sched: Fix yet more sched_fork() races (git fixes (sched/core)). - sched/membarrier: Fix membarrier-rseq fence command missing (git-fixes) - sched/numa: Adjust imb_numa_nr to a better approximation of memory channels (bnc#1193431). - sched/numa: Apply imbalance limitations consistently (bnc#1193431). - sched/numa: Do not swap tasks between nodes when spare capacity is available (bnc#1193431). - sched/numa: Initialise numa_migrate_retry (bnc#1193431). - sched/pasid: Add a kABI workaround (jsc#SLE-24350). - sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes) - sched/pelt: Relax the sync of util_sum with util_avg (git-fixes) - sched/psi: report zeroes for CPU full at the system level (git-fixes) - sched/rt: Plug rt_mutex_setprio() vs push_rt_task() race (git-fixes) - sched/rt: Try to restart rt period timer when rt runtime (git-fixes) - sched/scs: Reset task stack state in bringup_cpu() (git-fixes) - sched/sugov: Ignore 'busy' filter when rq is capped by (git-fixes) - sched: Teach the forced-newidle balancer about CPU affinity (git-fixes) - scripts/faddr2line: Fix overlapping text section failures (git-fixes). - scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume() (bsc#1198802). - scsi: block: PM fix blk_post_runtime_resume() args (bsc#1198802). - scsi: core: Query VPD size before getting full page (git-fixes). - scsi: dc395x: Fix a missing check on list iterator (git-fixes). - scsi: elx: efct: Do not use GFP_KERNEL under spin lock (git-fixes). - scsi: fnic: Fix a tracing statement (git-fixes). - scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631). - scsi: hisi_sas: Add more logs for runtime suspend/resume (bsc#1198802). - scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes). - scsi: hisi_sas: Fix rescan after deleting a disk (git-fixes). - scsi: hisi_sas: Fix some issues related to asd_sas_port->phy_list (bsc#1198802). - scsi: hisi_sas: Increase debugfs_dump_index after dump is completed (bsc#1198806). - scsi: hisi_sas: Initialise devices in .slave_alloc callback (bsc#1198802). - scsi: hisi_sas: Limit users changing debugfs BIST count value (bsc#1198803). - scsi: hisi_sas: Remove unused variable and check in hisi_sas_send_ata_reset_each_phy() (git-fixes). - scsi: hisi_sas: Wait for phyup in hisi_sas_control_phy() (bsc#1198802). - scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes). - scsi: iscsi: Add helper functions to manage iscsi_cls_conn (bsc#1198410). - scsi: iscsi: Add helper to remove a session from the kernel (bsc#1198410). - scsi: iscsi: Allow iscsi_if_stop_conn() to be called from kernel (bsc#1198410). - scsi: iscsi: Clean up bound endpoints during shutdown (bsc#1198410). - scsi: iscsi: Fix HW conn removal use after free (bsc#1198410). - scsi: iscsi: Fix session removal on shutdown (bsc#1198410). - scsi: libiscsi: Teardown iscsi_cls_conn gracefully (bsc#1198410). - scsi: libsas: Add flag SAS_HA_RESUMING (bsc#1198802). - scsi: libsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: libsas: Defer works of new phys during suspend (bsc#1198802). - scsi: libsas: Do not always drain event workqueue for HA resume (bsc#1198802). - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes). - scsi: libsas: Insert PORTE_BROADCAST_RCVD event for resuming host (bsc#1198802). - scsi: libsas: Keep host active while processing events (bsc#1198802). - scsi: libsas: Refactor sas_queue_deferred_work() (bsc#1198802). - scsi: libsas: Resume host while sending SMP I/Os (bsc#1198802). - scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193). - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193). - scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193). - scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193). - scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193). - scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045). - scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045). - scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045). - scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045). - scsi: lpfc: Commonize VMID code location (bsc#1201193). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045). - scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045). - scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193). - scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045). - scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045). - scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045). - scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045). - scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045). - scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045). - scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045). - scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045). - scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045). - scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045). - scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045). - scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045). - scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045). - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045). - scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045). - scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045). - scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045). - scsi: lpfc: Remove unneeded variable (bsc#1200045). - scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045). - scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193). - scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193). - scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045). - scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045). - scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045). - scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045). - scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045). - scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193). - scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use irq_set_affinity() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045). - scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045). - scsi: mpt3sas: Fix incorrect 4GB boundary check (git-fixes). - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes). - scsi: mpt3sas: Page fault in reply q processing (git-fixes). - scsi: mpt3sas: Use cached ATA Information VPD page (git-fixes). - scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list (bsc#1198802). - scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193). - scsi: pm8001: Fix abort all task initialization (git-fixes). - scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes). - scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes). - scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes). - scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes). - scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes). - scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes). - scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes). - scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() (git-fixes). - scsi: qedi: Use QEDI_MODE_NORMAL for error handling (bsc#1198410). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160). - scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823). - scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823). - scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823). - scsi: qla2xxx: Add retry for exec firmware (bsc#1195823). - scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160). - scsi: qla2xxx: edif: bsg refactor (bsc#1201160). - scsi: qla2xxx: edif: Fix clang warning (bsc#1195823). - scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201160). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160). - scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160). - scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046). - scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160). - scsi: qla2xxx: edif: Tweak trace message (bsc#1195823). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160). - scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823). - scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823). - scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Fix warning for missing error code (bsc#1195823). - scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823). - scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823). - scsi: qla2xxx: Implement ref count for SRB (bsc#1195823). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823). - scsi: qla2xxx: Remove a declaration (bsc#1195823). - scsi: qla2xxx: Remove free_sg command flag (bsc#1200046). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160). - scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046). - scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160). - scsi: scsi_transport_fc: Fix FPIN Link Integrity statistics counters (git-fixes). - scsi: sr: Do not leak information in ioctl (git-fixes). - scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes). - scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes). - scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes). - scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes). - scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes). - selftest: KVM: Add open sev dev helper (bsc#1194526). - selftests/bpf: Remove unused variable in tc_tunnel prog (git-fixes). - selftests: firmware: Fix the request_firmware_into_buf() test for XZ format (git-fixes). - selftests: firmware: Use smaller dictionary for XZ compression (git-fixes). - selftests: fix check for circular KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM (bsc#1194526). - selftests: KVM: Add /x86_64/sev_migrate_tests to .gitignore (bsc#1194526). - selftests: KVM: Fix check for !POLLIN in demand_paging_test (bsc#1194526). - selftests: kvm: Remove absent target file (git-fixes). - selftests: KVM: sev_migrate_tests: Fix sev_ioctl() (bsc#1194526). - selftests: kvm/x86: Fix the warning in lib/x86_64/processor.c (bsc#1194526). - selftests/powerpc: Add test for real address error handling (jsc#SLE-18194). - serial: 8250: Also set sticky MCR bits in console restoration (git-fixes). - serial: 8250_aspeed_vuart: add PORT_ASPEED_VUART port type (git-fixes). - serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (git-fixes). - serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes). - serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: 8250: fix XOFF/XON sending when DMA is used (git-fixes). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes). - serial: 8250_mtk: Fix UART_EFR register address (git-fixes). - serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - serial: cpm_uart: Fix build error without CONFIG_SERIAL_CPM_CONSOLE (git-fixes). - serial: digicolor-usart: Do not allow CS5-6 (git-fixes). - serial: imx: fix overrun interrupts in DMA mode (git-fixes). - serial: meson: acquire port->lock in startup() (git-fixes). - serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes). - serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes). - serial: rda-uart: Do not allow CS5-6 (git-fixes). - serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() (git-fixes). - serial: sh-sci: Do not allow CS5-6 (git-fixes). - serial: sifive: Report actual baud base rather than fixed 115200 (git-fixes). - serial: sifive: Sanitize CSIZE and c_iflag (git-fixes). - serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes). - serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes). - serial: txx9: Do not allow CS5-6 (git-fixes). - sfc: Do not free an empty page_ring (git-fixes). - sfc: fallback for lack of xdp tx queues (bsc#1196306). - sfc: last resort fallback for lack of xdp tx queues (bsc#1196306). - sfc: Use swap() instead of open coding it (bsc#1196306). - sfc: use swap() to make code cleaner (bsc#1196306). - skbuff: fix coalescing for page_pool fragment recycling (bsc#1190336). - slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes). - slip: fix macro redefine warning (git-fixes). - smb3: add mount parm nosparse (bsc#1193629). - smb3: add trace point for lease not found issue (bsc#1193629). - smb3: add trace point for oplock not found (bsc#1193629). - smb3: check for null tcon (bsc#1193629). - smb3: cleanup and clarify status of tree connections (bsc#1193629). - smb3: do not set rc when used and unneeded in query_info_compound (bsc#1193629). - SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1193629). - smb3: fix incorrect session setup check for multiuser mounts (bsc#1193629). - smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1193629). - smb3: fix snapshot mount option (bsc#1193629). - smb3 improve error message when mount options conflict with posix (bsc#1193629). - smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1193629). - smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1193629). - smb3 move more common protocol header definitions to smbfs_common (bsc#1193629). - smb3: send NTLMSSP version information (bsc#1193629). - smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes). - smsc911x: allow using IRQ0 (git-fixes). - soc: aspeed: lpc-ctrl: Block error printing on probe defer cases (git-fixes). - soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes). - soc: bcm: Check for NULL return of devm_kzalloc() (git-fixes). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: guts: Add a missing memory allocation failure check (git-fixes). - soc: fsl: guts: Revert commit 3c0d64e867ed (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - soc: mediatek: pm-domains: Add wakeup capacity support in power domain (git-fixes). - soc: qcom: aoss: Expose send for generic usecase (git-fixes). - soc: qcom: aoss: Fix missing put_device call in qmp_get (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: llcc: Add MODULE_DEVICE_TABLE() (git-fixes). - soc: qcom: ocmem: Fix missing put_device() call in of_get_ocmem (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes). - soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes). - soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes). - soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - sound/oss/dmasound: fix build when drivers are mixed =y/=m (git-fixes). - sound/oss/dmasound: fix 'dmasound_setup' defined but not used (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - soundwire: intel: prevent pm_runtime resume prior to system suspend (git-fixes). - soundwire: qcom: adjust autoenumeration timeout (git-fixes). - speakup-dectlk: Restore pitch setting (git-fixes). - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes). - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes). - spi: cadence-quadspi: fix incorrect supports_op() return value (git-fixes). - spi: cadence-quadspi: fix protocol setup for non-1-1-X operations (git-fixes). - spi: core: add dma_map_dev for __spi_unmap_msg() (git-fixes). - spi: Fix erroneous sgs value with min_t() (git-fixes). - spi: Fix invalid sgs value (git-fixes). - spi: Fix Tegra QSPI example (git-fixes). - spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes). - spi: mxic: Fix the transmit path (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: qcom-qspi: Add minItems to interconnect-names (git-fixes). - spi: rockchip: Fix error in getting num-cs property (git-fixes). - spi: rockchip: fix missing error on unsupported SPI_CS_HIGH (git-fixes). - spi: rockchip: Preset cs-high and clk polarity in setup progress (git-fixes). - spi: rockchip: Stop spi slave dma receiver when cs inactive (git-fixes). - spi: rockchip: terminate dma transmission when slave abort (git-fixes). - spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes). - spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes). - spi: spi-mtk-nor: initialize spi controller after resume (git-fixes). - spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes). - spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes). - spi: spi-zynqmp-gqspi: Handle error for dma_set_mask (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - spi: tegra20: Use of_device_get_match_data() (git-fixes). - spi: tegra210-quad: Fix missin IRQ check in tegra_qspi_probe (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: fbtft: fb_st7789v: reset display before initialization (git-fixes). - staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes). - staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - staging: most: dim2: force fcnt=3 on Renesas GEN3 (git-fixes). - staging: most: dim2: use device release method (git-fixes). - staging: most: dim2: use if statements instead of ?: expressions (git-fixes). - staging: mt7621-dts: fix formatting (git-fixes). - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes). - staging: mt7621-dts: fix pinctrl-0 items to be size-1 items on ethernet (git-fixes). - staging: mt7621-dts: fix pinctrl properties for ethernet (git-fixes). - staging: rtl8712: fix a potential memory leak in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes). - staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes). - staging: rtl8723bs: Fix access-point mode deadlock (git-fixes). - staging: vc04_services: shut up out-of-range warning (git-fixes). - staging: vchiq_arm: Avoid NULL ptr deref in vchiq_dump_platform_instances (git-fixes). - staging: vchiq_core: handle NULL result of find_service_by_handle (git-fixes). - staging: vchiq: Move certain declarations to vchiq_arm.h (git-fixes). - staging: vchiq: Move vchiq char driver to its own file (git-fixes). - staging: vchiq: Refactor vchiq cdev code (git-fixes). - staging: wfx: fix an error handling in wfx_init_common() (git-fixes). - stddef: Introduce DECLARE_FLEX_ARRAY() helper (git-fixes). - stm: ltdc: fix two incorrect NULL checks on list iterator (bsc#1190786) - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Do not dereference non-socket transports in sysfs (git-fixes). - SUNRPC: Do not dereference non-socket transports in sysfs - kabi fix (git-fixes). - SUNRPC do not resend a task on an offlined transport (git-fixes). - SUNRPC: Ensure gss-proxy connects on setup (git-fixes). - SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes). - SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix the svc_deferred_event trace class (git-fixes). - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes). - SUNRPC: Handle low memory situations in call_status() (git-fixes). - SUNRPC release the transport of a relocated task with an assigned transport (git-fixes). - SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() (git-fixes). - SUNRPC: Trap RDMA segment overflows (git-fixes). - SUNRPC: use different lock keys for INET6 and LOCAL (git-fixes). - supported.conf: add intel_sdsi - supported.conf: mark pfuze100 regulator as supported (bsc#1199909) - supported.conf: Support TPM TIS SPI driver (jsc#SLE-24093) - surface: surface3_power: Fix battery readings on batteries without a serial number (git-fixes). - swiotlb: max mapping size takes min align mask into account (bsc#1197303). - sysrq: do not omit current cpu when showing backtrace of all active CPUs (git-fixes). - thermal/core: Fix memory leak in __thermal_cooling_device_register() (git-fixes). - thermal: core: Fix TZ_GET_TRIP NULL pointer dereference (git-fixes). - thermal: devfreq_cooling: use local ops instead of global ops (git-fixes). - thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes). - thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes). - thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe (git-fixes). - thermal/drivers/int340x: Improve the tcc offset saving for suspend/resume (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Fix attr.show callback prototype (git-fixes). - thermal: int340x: fix memory leak in int3400_notify() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - thunderbolt: Use different lane for second DisplayPort tunnel (git-fixes). - tick/nohz: unexport __init-annotated tick_nohz_full_setup() (bsc#1201218). - tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (bsc#1190786) - timekeeping: Mark NMI safe time accessors as notrace (git-fixes) - timers: Fix warning condition in __run_timers() (git-fixes) - TOMOYO: fix __setup handlers return values (git-fixes). - tools arch x86: Add Intel SDSi provisiong tool (jsc#SLE-18938). - tools: bpftool: Complete metrics list in 'bpftool prog profile' doc (git-fixes). - tools: bpftool: Document and add bash completion for -L, -B options (git-fixes). - tools: bpftool: Update and synchronise option list in doc and help msg (git-fixes). - tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes). - tpm: Fix error handling in async work (git-fixes). - tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729). - tpm: use try_get_ops() in tpm-space.c (git-fixes). - tps6598x: clear int mask on probe failure (git-fixes). - tracing: Do not inc err_log entry count if entry allocation fails (git-fixes). - tracing: Dump stacktrace trigger to the corresponding instance (git-fixes). - tracing: Fix potential double free in create_var_ref() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tracing: Fix return value of trace_pid_write() (git-fixes). - tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes). - tracing: Have trace event string test handle zero length strings (git-fixes). - tracing: Have traceon and traceoff trigger honor the instance (git-fixes). - tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes). - tracing/histogram: Fix sorting on old 'cpu' value (git-fixes). - tracing/osnoise: Force quiescent states while tracing (git-fixes). - tracing: Propagate is_signed to expression (git-fixes). - tracing: Show kretprobe unknown indicator only for kretprobe_trampoline (bsc#1193277). - tty: Fix a possible resource leak in icom_probe (git-fixes). - tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes). - tty: goldfish: Fix free_irq() on remove (git-fixes). - tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (git-fixes). - tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes). - tty: n_gsm: Debug output allocation must use GFP_ATOMIC (git-fixes). - tty: n_gsm: Do not ignore write return value in gsmld_output() (git-fixes). - tty: n_gsm: fix deadlock in gsmtty_open() (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix NULL pointer access due to DLCI release (git-fixes). - tty: n_gsm: Fix packet data hex dump output (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - tty: n_gsm: fix wrong modem processing in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong tty control line for flow control (git-fixes). - tty: n_tty: do not look ahead for EOL character past the end of the buffer (git-fixes). - tty: n_tty: Restore EOF push handling behavior (git-fixes). - tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes). - tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes). - u64_stats: Disable preemption on 32bit UP+SMP PREEMPT_RT during updates (bsc#1189998). - uapi/linux/stddef.h: Add include guards (jsc#SLE-18978). - ucounts: Enforce RLIMIT_NPROC not RLIMIT_NPROC+1 (bsc#1194191). - udmabuf: validate ubuf->pagecount (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: cdc-wdm: fix reading stuck on device close (git-fixes). - usb: cdns3: Fix issue for clear halt endpoint (git-fixes). - usb: cdnsp: fix cdnsp_decode_trb function to properly handle ret value (git-fixes). - usb: cdnsp: Fixed setting last_trb incorrectly (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: core: Do not hold the device lock while sleeping in do_proc_control() (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: drd: fix soft connect when gadget is unconfigured (git-fixes). - usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes). - usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes). - usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes). - usb: dwc3: core: Fix tx/rx threshold settings (git-fixes). - usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes). - usb: dwc3: Decouple USB 2.0 L1 & L2 events (git-fixes). - usb: dwc3: gadget: Change to dev_dbg() when queuing to inactive gadget/ep (git-fixes). - usb: dwc3: gadget: ep_queue simplify isoc start condition (git-fixes). - usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes). - usb: dwc3: gadget: Give some time to schedule isoc (git-fixes). - usb: dwc3: gadget: Ignore Update Transfer cmd params (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: gadget: move cmd_endtransfer to extra function (git-fixes). - usb: dwc3: gadget: Move null pinter check to proper place (git-fixes). - usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes). - usb: dwc3: gadget: Prevent repeat pullup() (git-fixes). - usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes). - usb: dwc3: gadget: Return proper request status (git-fixes). - usb: dwc3: gadget: Skip checking Update Transfer status (git-fixes). - usb: dwc3: gadget: Skip reading GEVNTSIZn (git-fixes). - usb: dwc3: gadget: Wait for ep0 xfers to complete during dequeue (git-fixes). - usb: dwc3: Issue core soft reset before enabling run/stop (git-fixes). - usb: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes). - usb: dwc3: pci: Add 'snps,dis_u2_susphy_quirk' for Intel Bay Trail (git-fixes). - usb: dwc3: pci: add support for the Intel Meteor Lake-P (git-fixes). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes). - usb: dwc3: pci: Set the swnode from inside dwc3_pci_quirks() (git-fixes). - usb: dwc3: Try usb-role-switch first in dwc3_drd_init (git-fixes). - usb: dwc3: xilinx: fix uninitialized return value (git-fixes). - usb: ehci: add pci device support for Aspeed platforms (git-fixes). - usb: ehci-omap: drop unused ehci_read() function (git-fixes). - usb: f_fs: Fix use-after-free for epfile (git-fixes). - usb: Fix xhci event ring dequeue pointer ERDP update issue (git-fixes). - usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes). - usb: gadget: eliminate anonymous module_init and module_exit (git-fixes). - usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (git-fixes). - usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (git-fixes). - USB: gadget: Fix double-free bug in raw_gadget driver (git-fixes). - usb: gadget: Fix non-unique driver names in raw-gadget driver (git-fixes). - usb: gadget: fix race when gadget driver register via ioctl (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: f_uac2: Define specific wTerminalType (git-fixes). - usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: gadget: tegra-xudc: Do not program SPARAM (git-fixes). - usb: gadget: tegra-xudc: Fix control endpoint's definitions (git-fixes). - usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes). - usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes). - usb: gadget: uvc: allow for application to cleanly shutdown (git-fixes). - usb: gadget: uvc: Fix crash when encoding data for usb request (git-fixes). - usb: gadget: uvc: rename function to be more consistent (git-fixes). - usb: gadget: validate endpoint index for xilinx udc (git-fixes). - usb: gadget: validate interface OS descriptor requests (git-fixes). - USB: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes). - usb: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (git-fixes). - USB: host: isp116x: check return value after calling platform_get_resource() (git-fixes). - usb: isp1760: Fix out-of-bounds array access (git-fixes). - usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes). - usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes). - usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes). - usbnet: fix memory allocation in helpers (git-fixes). - USB: new quirk for Dell Gen 2 devices (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - usb: quirks: add a Realtek card reader (git-fixes). - usb: quirks: add STRING quirk for VCOM device (git-fixes). - usb: raw-gadget: fix handling of dual-direction-capable endpoints (git-fixes). - usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - usb: serial: cp210x: add NCR Retail IO box id (git-fixes). - usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes). - usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: io_ti: add Agilent E5805A support (git-fixes). - usb: serial: option: add Fibocom L610 modem (git-fixes). - usb: serial: option: add Fibocom MA510 modem (git-fixes). - USB: serial: option: add Quectel BG95 modem (git-fixes). - USB: serial: option: add Quectel EM05-G modem (git-fixes). - USB: serial: option: add Quectel RM500K module support (git-fixes). - USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes). - usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes). - usb: serial: option: add support for DW5829e (git-fixes). - usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes). - USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes). - usb: serial: option: add Telit LE910R1 compositions (git-fixes). - usb: serial: option: add ZTE MF286D modem (git-fixes). - usb: serial: pl2303: add device id for HP LM930 Display (git-fixes). - usb: serial: pl2303: add IBM device IDs (git-fixes). - USB: serial: pl2303: add support for more HXN (G) types (git-fixes). - usb: serial: pl2303: fix GS type detection (git-fixes). - usb: serial: pl2303: fix type detection for odd device (git-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes). - usb: serial: simple: add Nokia phone driver (git-fixes). - usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes). - usb: storage: karma: fix rio_karma_init return (git-fixes). - usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - usb: typec: mux: Check dev_set_name() return value (git-fixes). - usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes). - usb: typec: tcpci_mt6360: Update for BMC PHY setting (git-fixes). - usb: typec: tipd: Forward plug orientation to typec subsystem (git-fixes). - usb: typec: ucsi: Fix reuse of completion structure (git-fixes). - usb: typec: ucsi: Fix role swapping (git-fixes). - usb: ulpi: Call of_node_put correctly (git-fixes). - usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes). - usb: usbip: add missing device lock on tweak configuration cmd (git-fixes). - usb: usbip: eliminate anonymous module_init and module_exit (git-fixes). - usb: usbip: fix a refcount leak in stub_probe() (git-fixes). - usb: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions (git-fixes). - usb: zaurus: support another broken Zaurus (git-fixes). - use jobs not processors in the constraints jobs is the number of vcpus available to the build, while processors is the total processor count of the machine the VM is running on. - vdpasim: allow to enable a vq repeatedly (git-fixes). - veth: Ensure eth header is in skb's linear part (git-fixes). - veth: fix races around rq->rx_notify_masked (git-fixes). - vfio/ccw: Remove unneeded GFP_DMA (git-fixes). - vhost_vdpa: do not setup irq offloading when irq_num 0 (git-fixes). - vhost/vsock: do not check owner in vhost_vsock_stop() while releasing (git-fixes). - vhost/vsock: fix incorrect used length reported to the guest (git-fixes). - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes). - video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes). - video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() (git-fixes). - video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes). - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - video: fbdev: udlfb: properly check endpoint type (bsc#1190497) - video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit (git-fixes). - video: fbdev: w100fb: Reset global state (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio_blk: eliminate anonymous module_init and module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - virtio_console: break out of buf poll on remove (git-fixes). - virtio_console: eliminate anonymous module_init and module_exit (git-fixes). - virtio: fix virtio transitional ids (git-fixes). - virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes). - virtio-net: fix for skb_over_panic inside big mode (git-fixes). - virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes). - virtio_net: fix wrong buf address calculation when using xdp (git-fixes). - virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes). - virtio-net: realign page_to_skb() after merges (git-fixes). - virtio: pci: Fix an error handling path in vp_modern_probe() (git-fixes). - virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vringh: Fix loop descriptors check in the indirect cases (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - vsprintf: Fix potential unaligned access (bsc#1198379). - vt_ioctl: add array_index_nospec to VT_ACTIVATE (git-fixes). - vt_ioctl: fix array_index_nospec in vt_setactivate (git-fixes). - vxcan: enable local echo for sent CAN frames (git-fixes). - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes). - watchdog: rti-wdt: Add missing pm_runtime_disable() in probe function (git-fixes). - watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking (git-fixes). - Watchdog: sp5100_tco: Add initialization using EFCH MMIO (bsc#1199260). - watchdog: sp5100_tco: Add support for get_timeleft (bsc#1199260). - Watchdog: sp5100_tco: Enable Family 17h+ CPUs (bsc#1199260). - Watchdog: sp5100_tco: Move timer initialization into function (bsc#1199260). - Watchdog: sp5100_tco: Refactor MMIO base address initialization (bsc#1199260). - watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes). - watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes). - watch_queue: Actually free the watch (git-fixes). - watch_queue: Fix NULL dereference in error cleanup (git-fixes). - watch_queue: Free the page array when watch_queue is dismantled (git-fixes). - wcn36xx: Differentiate wcn3660 from wcn3620 (git-fixes). - wifi: mac80211: fix use-after-free in chanctx code (git-fixes). - wilc1000: fix crash observed in AP mode with cfg80211_register_netdevice() (git-fixes). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - writeback: Avoid skipping inode writeback (bsc#1200813). - writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1190497). - x86/boot: Fix memremap of setup_indirect structures (bsc#1190497). - x86/cc: Move arch/x86/{kernel/cc_platform.c coco/core.c} (jsc#SLE-19924). - x86/coco: Add API to handle encryption mask (jsc#SLE-19924). - x86/coco: Explicitly declare type of confidential computing platform (jsc#SLE-19924). - x86/cpu: Add Xeon Icelake-D to list of CPUs that support PPIN (bsc#1190497). - x86/cpufeatures: Re-enable ENQCMD (jsc#SLE-24350). - x86/cpu: Load microcode during restore_processor_state() (bsc#1190497). - x86/entry: Remove skip_r11rcx (bsc#1201524). - x86/fpu: Clear PASID when copying fpstate (jsc#SLE-24350). - x86/ibt,xen: Sprinkle the ENDBR (bsc#1201471). - x86/kprobes: Add UNWIND_HINT_FUNC on kretprobe_trampoline() (bsc#1193277). - x86/kprobes: Fixup return address in generic trampoline handler (bsc#1193277). - x86/kprobes: Push a fake return address at kretprobe_trampoline (bsc#1193277). - x86/kvmclock: Fix Hyper-V Isolated VM s boot issue when vCPUs 64 (bsc#1183682). - x86/kvm: Do not waste memory if kvmclock is disabled (bsc#1183682). - x86/MCE/AMD: Allow thresholding interface updates after init (bsc#1190497). - x86/mm/cpa: Generalize __set_memory_enc_pgtable() (jsc#SLE-19924). - x86/module: Fix the paravirt vs alternative order (bsc#1190497). - x86/pm: Save the MSR validity status at context setup (bsc#1190497). - x86/ptrace: Fix xfpregs_set() incorrect xmm clearing (bsc#1190497). - x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1190497). - x86/traps: Demand-populate PASID MSR via #GP (jsc#SLE-24350). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1190497). - x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (bsc#1190497). - x86/unwind: kABI workaround for unwind_state changes (bsc#1193277). - x86/unwind: Recover kretprobe trampoline entry (bsc#1193277). - xen/blkfront: fix comment for need_copy (git-fixes). - xen: fix is_xen_pmu() (git-fixes). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (bsc#1201218). - xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556). - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556). - xfs: drop async cache flushes from CIL commits (bsc#1195669). - xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI (git-fixes). - xhci: Enable runtime PM on second Alderlake controller (git-fixes). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). - xhci: fix runtime PM imbalance in USB2 resume (git-fixes). - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes). - xhci: increase usb U3 U0 link resume timeout from 100ms to 500ms (git-fixes). - xhci: make xhci_handshake timeout for xhci_reset() adjustable (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (git-fixes). - xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). - xhci: stop polling roothubs after shutdown (git-fixes). - xhci: turn off port power in shutdown (git-fixes). - xsk: Do not write NULL in SW ring at allocation failure (jsc#SLE-18375). - zsmalloc: decouple class actions from zspage works (bsc#1189998). - zsmalloc: introduce obj_allocated (bsc#1189998). - zsmalloc: introduce some helper functions (bsc#1189998). - zsmalloc: move huge compressed obj from page to zspage (bsc#1189998). - zsmalloc: remove zspage isolation for migration (bsc#1189998). - zsmalloc: rename zs_stat_type to class_stat_type (bsc#1189998). - zsmalloc: replace get_cpu_var with local_lock (bsc#1189998). - zsmalloc: replace per zpage lock with poolmigrate_lock (bsc#1189998). - zsmalloc: Stop using slab fields in struct page (bsc#1189998 bsc#1190208). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2546-1 Released: Mon Jul 25 14:43:22 2022 Summary: Security update for gpg2 Type: security Severity: important References: 1196125,1201225,CVE-2022-34903 This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225). - Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2573-1 Released: Thu Jul 28 04:24:19 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1194550,1197684,1199042 This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2597-1 Released: Fri Jul 29 16:12:04 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1199965,1199966,1200549,1201394,1201469,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-23816,CVE-2022-23825,CVE-2022-26362,CVE-2022-26363,CVE-2022-26364,CVE-2022-29900,CVE-2022-33745 This update for xen fixes the following issues: - CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966). - CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549). - CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965). - CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394). - CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469). Fixed several upstream bugs (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2625-1 Released: Tue Aug 2 12:15:42 2022 Summary: Recommended update for dracut Type: recommended Severity: important References: 1177461,1184970,1187654,1195047,1195508,1195604,1196267,1197635,1197967,1200236,1200251,1200360 This update for dracut fixes the following issues: - fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236) - fix(bluetooth): make hostonly configuration files optional (bsc#1195047) - fix(convertfs): ignore commented lines in fstab (bsc#1200251) - fix(crypt): remove quotes from cryptsetupopts (bsc#1197635) - fix(dracut-install): copy files preserving ownership attributes (bsc#1197967) - fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508) - fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654) - fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267) - fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604) - fix(network-legacy): support rd.net.timeout.dhcp (bsc#1200360) - fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970) - fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2640-1 Released: Wed Aug 3 10:43:44 2022 Summary: Recommended update for yaml-cpp Type: recommended Severity: moderate References: 1160171,1178331,1178332,1200624 This update for yaml-cpp fixes the following issue: - Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2659-1 Released: Wed Aug 3 21:05:25 2022 Summary: Security update for ldb, samba Type: security Severity: important References: 1196224,1198255,1199247,1199734,1200556,1200964,1201490,1201492,1201493,1201495,1201496,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746 This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following non-security bug were fixed: ldb was updated to version 2.4.3: + Fix build problems, waf produces incorrect names for python extensions; (bso#15071); samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2677-1 Released: Fri Aug 5 04:00:59 2022 Summary: Recommended update for hwinfo Type: recommended Severity: important References: 1199948 This update for hwinfo fixes the following issues: - Keep NVMe's namespace output consistency when the option `nvme_core.multipath=1` (bsc#1199948) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2713-1 Released: Tue Aug 9 12:38:05 2022 Summary: Security update for bind Type: security Severity: important References: 1192146,1197135,1197136,1199044,1200685,CVE-2021-25219,CVE-2021-25220,CVE-2022-0396 This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders (bsc#1197135). - CVE-2022-0396: Fixed a incorrect handling of TCP connection slots time frame leading to deny of service (bsc#1197136). The following non-security bugs were fixed: - Update to release 9.16.31 (jsc#SLE-24600). - Logrotation broken since dropping chroot (bsc#1200685). - A non-existent initialization script (eg a leftorver 'createNamedConfInclude' in /etc/sysconfig/named) may cause named not to start. A warning message is printed in named.prep and the fact is ignored. Also, the return value of a failed script was not handled properly causing a failed script to not prevent named to start. This is now fixed properly. [bsc#1199044, vendor-files.tar.bz2] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2803-1 Released: Fri Aug 12 16:29:17 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1190256,1190497,1199291,1199356,1199665,1201258,1201323,1201391,1201458,1201592,1201593,1201595,1201596,1201635,1201651,1201691,1201705,1201726,1201846,1201930,1202094,CVE-2021-33655,CVE-2022-21505,CVE-2022-2585,CVE-2022-26373,CVE-2022-29581 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bnc#1202094). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2022-26373: Fixed CPU info leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). The following non-security bugs were fixed: - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes). - ACPI: video: Fix acpi_video_handles_brightness_key_presses() (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0) (git-fixes). - ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes). - ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices (git-fixes). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (git-fixes). - ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (git-fixes). - ARM: 9210/1: Mark the FDT_FIXED sections as shareable (git-fixes). - ARM: 9213/1: Print message about disabled Spectre workarounds only once (git-fixes). - ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (git-fixes). - ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes). - ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes). - ARM: dts: stm32: use the correct clock source for CEC on stm32mp151 (git-fixes). - ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering problem (git-fixes). - ASoC: Intel: sof_sdw: handle errors on card registration (git-fixes). - ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on remove (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues in probe (git-fixes). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: dapm: Initialise kcontrol data for mux/demux controls (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: rt5682: Avoid the unexpected IRQ event during going to suspend (git-fixes). - ASoC: rt5682: Fix deadlock on resume (git-fixes). - ASoC: rt5682: Re-detect the combo jack after resuming (git-fixes). - ASoC: rt5682: fix an incorrect NULL check on list iterator (git-fixes). - ASoC: rt5682: move clk related code to rt5682_i2c_probe (git-fixes). - ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes). - ASoC: rt711-sdca-sdw: fix calibrate mutex initialization (git-fixes). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error (git-fixes). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (git-fixes). - ASoC: rt711: fix calibrate mutex initialization (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: tas2764: Add post reset delays (git-fixes). - ASoC: tas2764: Correct playback volume range (git-fixes). - ASoC: tas2764: Fix amp gain register offset & default (git-fixes). - ASoC: tas2764: Fix and extend FSYNC polarity handling (git-fixes). - ASoC: wcd938x: Fix event generation for some controls (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: btusb: Add the new support IDs for WCN6855 (git-fixxes). - Input: cpcap-pwrbutton - handle errors from platform_get_irq() (git-fixes). - Input: i8042 - Apply probe defer to more ASUS ZenBook models (bsc#1190256). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635). - VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635). - VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635). - VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635). - VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635). - arm64: Add HWCAP for self-synchronising virtual counter (git-fixes) - arm64: Add cavium_erratum_23154_cpus missing sentinel (jsc#SLE-24682). - arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes) - arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot (git-fixes). - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes) - arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes). - arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes). - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes) - batman-adv: Use netif_rx() (git-fixes). - bcmgenet: add WOL IRQ check (git-fixes). - be2net: Fix buffer overflow in be_get_module_eeprom (bsc#1201323). - blk-mq: add one API for waiting until quiesce is done (bsc#1201651). - blk-mq: fix kabi support concurrent queue quiesce unquiesce (bsc#1201651). - blk-mq: support concurrent queue quiesce/unquiesce (bsc#1201651). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (git-fixes). - can: grcan: grcan_probe(): remove extra of_node_get() (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: m_can: m_can_chip_config(): actually enable internal timestamping (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (git-fixes). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (git-fixes). - ceph: fix up non-directory creation in SGID directories (bsc#1201595). - cpufreq: mediatek: Unregister platform device on exit (git-fixes). - cpufreq: mediatek: Use module_init and add module_exit (git-fixes). - cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391). - crypto: octeontx2 - Avoid stack variable overflow (jsc#SLE-24682). - crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682). - crypto: octeontx2 - Use swap() instead of swap_engines() (jsc#SLE-24682). - crypto: octeontx2 - add apis for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - add synchronization between mailbox accesses (jsc#SLE-24682). - crypto: octeontx2 - fix missing unlock (jsc#SLE-24682). - crypto: octeontx2 - increase CPT HW instruction queue length (jsc#SLE-24682). - crypto: octeontx2 - out of bounds access in otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682). - crypto: octeontx2 - parameters for custom engine groups (jsc#SLE-24682). - crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682). - crypto: octeontx2 - use swap() to make code cleaner (jsc#SLE-24682). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set CIPHER capability for DH895XCC (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - crypto: testmgr - allow ecdsa-nist in FIPS mode (jsc#SLE-21132,bsc#1201258). - device property: Add fwnode_irq_get_byname (jsc#SLE-24569) - dm: do not stop request queue after the dm device is suspended (bsc#1201651). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569) - docs: net: dsa: add more info about the other arguments to get_tag_protocol (git-fixes). - docs: net: dsa: delete port_mdb_dump (git-fixes). - docs: net: dsa: document change_tag_protocol (git-fixes). - docs: net: dsa: document port_fast_age (git-fixes). - docs: net: dsa: document port_setup and port_teardown (git-fixes). - docs: net: dsa: document the shutdown behavior (git-fixes). - docs: net: dsa: document the teardown method (git-fixes). - docs: net: dsa: re-explain what port_fdb_dump actually does (git-fixes). - docs: net: dsa: remove port_vlan_dump (git-fixes). - docs: net: dsa: rename tag_protocol to get_tag_protocol (git-fixes). - docs: net: dsa: update probing documentation (git-fixes). - dpaa2-eth: Initialize mutex used in one step timestamping path (git-fixes). - dpaa2-eth: destroy workqueue at the end of remove function (git-fixes). - dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes). - drbd: fix potential silent data corruption (git-fixes). - drivers: net: smc911x: Check for error irq (git-fixes). - drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw (git-fixes). - drm/amd/display: Only use depth 36 bpp linebuffers on DCN display engines (git-fixes). - drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes). - drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes). - drm/i915/dg2: Add Wa_22011100796 (git-fixes). - drm/i915/gt: Serialize GRDOM access between multiple engine resets (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/gvt: IS_ERR() vs NULL bug in intel_gvt_update_reg_whitelist() (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915/uc: correctly track uc_fw init failure (git-fixes). - drm/i915: Fix a race between vma / object destruction and unbinding (git-fixes). - drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/imx/dcss: Add missing of_node_put() in fail path (git-fixes). - drm/mediatek: Detect CMDQ execution timeout (git-fixes). - drm/mediatek: Remove the pointer of struct cmdq_client (git-fixes). - drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (git-fixes). - dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571) - dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC (git-fixes). - dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible (git-fixes). - e1000e: Enable GPT clock before sending message to CSME (git-fixes). - efi/x86: use naked RET on mixed mode call wrapper (git-fixes). - ethernet: Fix error handling in xemaclite_of_probe (git-fixes). - ethtool: Fix get module eeprom fallback (bsc#1201323). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fjes: Check for error irq (git-fixes). - fsl/fman: Check for null pointer after calling devm_ioremap (git-fixes). - fsl/fman: Fix missing put_device() call in fman_port_probe (git-fixes). - fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593). - fuse: make sure reclaim does not write the inode (bsc#1201592). - gpio: gpio-xilinx: Fix integer overflow (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571) - gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571) - gve: Recording rx queue before sending to napi (git-fixes). - hwmon: (occ) Prevent power cap command overwriting poll response (git-fixes). - hwmon: (occ) Remove sequence numbering and checksum calculation (git-fixes). - hwrng: cavium - fix NULL but dereferenced coccicheck error (jsc#SLE-24682). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mlxcpld: Fix register setting for 400KHz frequency (git-fixes). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (git-fixes). - i2c: smbus: Check for parent device before dereference (git-fixes). - i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569) - i2c: tegra: Add SMBus block read function (jsc#SLE-24569) - i2c: tegra: Add the ACPI support (jsc#SLE-24569) - i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569) - ice: Avoid RTNL lock when re-creating auxiliary device (git-fixes). - ice: Fix error with handling of bonding MTU (git-fixes). - ice: Fix race condition during interface enslave (git-fixes). - ice: stop disabling VFs due to PF error responses (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - ima: force signature verification when CONFIG_KEXEC_SIG is configured (git-fixes). - irqchip/gic-v3: Workaround Marvell erratum 38545 when reading IAR (jsc#SLE-24682). - irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (git-fixes). - ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes). - kABI workaround for phy_device changes (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kABI workaround for snd-soc-rt5682-* (git-fixes). - kABI: fix adding field to scsi_device (git-fixes). - kABI: fix adding field to ufs_hba (git-fixes). - kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569). kABI fix for 'i2c: smbus: Use device_*() functions instead of of_*()' - kabi/severities: add intel ice - kabi/severities: add stmmac network driver local symbols - kabi/severities: ignore dropped symbol rt5682_headset_detect - kasan: fix tag for large allocations when using CONFIG_SLAB (git fixes (mm/kasan)). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kvm: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - kvm: emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - libceph: fix potential use-after-free on linger ping and resends (bsc#1201596). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT (git fixes (mm/pgalloc)). - memregion: Fix memregion_free() fallback definition (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm/large system hash: avoid possible NULL deref in alloc_large_system_hash (git fixes (mm/pgalloc)). - mm/secretmem: avoid letting secretmem_users drop to zero (git fixes (mm/secretmem)). - mm/vmalloc: fix numa spreading for large hash tables (git fixes (mm/vmalloc)). - mm/vmalloc: make sure to dump unpurged areas in /proc/vmallocinfo (git fixes (mm/vmalloc)). - mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node() (git fixes (mm/vmalloc)). - mm: do not try to NUMA-migrate COW pages that have other uses (git fixes (mm/numa)). - mm: swap: get rid of livelock in swapin readahead (git fixes (mm/swap)). - mt76: mt7921: get rid of mt7921_mac_set_beacon_filter (git-fixes). - natsemi: xtensa: fix section mismatch warnings (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - net/fsl: xgmac_mdio: Add workaround for erratum A-009885 (git-fixes). - net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module (git-fixes). - net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes). - net: ag71xx: Fix a potential double free in error handling paths (git-fixes). - net: altera: set a couple error code in probe() (git-fixes). - net: amd-xgbe: Fix skb data length underflow (git-fixes). - net: amd-xgbe: disable interrupts during pci removal (git-fixes). - net: amd-xgbe: ensure to reset the tx_timer_active flag (git-fixes). - net: annotate data-races on txq->xmit_lock_owner (git-fixes). - net: axienet: Fix TX ring slot available check (git-fixes). - net: axienet: Wait for PhyRstCmplt after core reset (git-fixes). - net: axienet: add missing memory barriers (git-fixes). - net: axienet: fix for TX busy handling (git-fixes). - net: axienet: fix number of TX ring slots for available check (git-fixes). - net: axienet: increase default TX ring size to 128 (git-fixes). - net: axienet: increase reset timeout (git-fixes). - net: axienet: limit minimum TX ring size (git-fixes). - net: bcm4908: Handle dma_set_coherent_mask error codes (git-fixes). - net: bcmgenet: Do not claim WOL when its not available (git-fixes). - net: bcmgenet: skip invalid partial checksums (git-fixes). - net: chelsio: cxgb3: check the return value of pci_find_capability() (git-fixes). - net: cpsw: Properly initialise struct page_pool_params (git-fixes). - net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into account (git-fixes). - net: dsa: ar9331: register the mdiobus under devres (git-fixes). - net: dsa: bcm_sf2: do not use devres for mdiobus (git-fixes). - net: dsa: felix: do not use devres for mdiobus (git-fixes). - net: dsa: lan9303: add VLAN IDs to master device (git-fixes). - net: dsa: lan9303: fix reset on probe (git-fixes). - net: dsa: lantiq_gswip: do not use devres for mdiobus (git-fixes). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (git-fixes). - net: dsa: mt7530: fix kernel bug in mdiobus_free() when unbinding (git-fixes). - net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY (git-fixes). - net: dsa: mv88e6xxx: do not use devres for mdiobus (git-fixes). - net: dsa: mv88e6xxx: fix use-after-free in mv88e6xxx_mdios_unregister (git-fixes). - net: dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN (git-fixes). - net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes). - net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config() (git-fixes). - net: ethernet: mtk_eth_soc: fix return values and refactor MDIO ops (git-fixes). - net: ethernet: ti: cpts: Handle error for clk_enable (git-fixes). - net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() (git-fixes). - net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: ieee802154: hwsim: Ensure proper channel selection at probe time (git-fixes). - net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes). - net: ipa: add an interconnect dependency (git-fixes). - net: ipa: fix atomic update in ipa_endpoint_replenish() (git-fixes). - net: ipa: prevent concurrent replenish (git-fixes). - net: ipa: use a bitmap for endpoint replenish_enabled (git-fixes). - net: ks8851: Check for error irq (git-fixes). - net: lantiq_xrx200: fix statistics of received bytes (git-fixes). - net: ll_temac: check the return value of devm_kmalloc() (git-fixes). - net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes). - net: macsec: Fix offload support for NETDEV_UNREGISTER event (git-fixes). - net: macsec: Verify that send_sci is on when setting Tx sci explicitly (git-fixes). - net: marvell: mvpp2: Fix the computation of shared CPUs (git-fixes). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (git-fixes). - net: marvell: prestera: fix incorrect return of port_find (git-fixes). - net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes). - net: mscc: ocelot: fix backwards compatibility with single-chain tc-flower offload (git-fixes). - net: mscc: ocelot: fix mutex lock error during ethtool stats read (git-fixes). - net: mscc: ocelot: fix using match before it is set (git-fixes). - net: mv643xx_eth: process retval from of_get_mac_address (git-fixes). - net: mvpp2: fix XDP rx queues registering (git-fixes). - net: phy: Do not trigger state machine while in suspend (git-fixes). - net: phylink: Force link down and retrigger resolve on interface change (git-fixes). - net: phylink: Force retrigger in case of latched link-fail indicator (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: sfp: fix high power modules without diagnostic monitoring (git-fixes). - net: sfp: ignore disabled SFP node (git-fixes). - net: sparx5: Fix add vlan when invalid operation (git-fixes). - net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes). - net: stmmac: Add platform level debug register dump feature (git-fixes). - net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header support (git-fixes). - net: stmmac: configure PTP clock source prior to PTP initialization (git-fixes). - net: stmmac: dump gmac4 DMA registers correctly (git-fixes). - net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup (git-fixes). - net: stmmac: dwmac-visconti: Fix bit definitions for ETHER_CLK_SEL (git-fixes). - net: stmmac: dwmac-visconti: Fix clock configuration for RMII mode (git-fixes). - net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes). - net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for unexpected speed request (git-fixes). - net: stmmac: ensure PTP time register reads are consistent (git-fixes). - net: stmmac: fix return value of __setup handler (git-fixes). - net: stmmac: fix tc flower deletion for VLAN priority Rx steering (git-fixes). - net: stmmac: properly handle with runtime pm in stmmac_dvr_remove() (git-fixes). - net: stmmac: ptp: fix potentially overflowing expression (git-fixes). - net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls (git-fixes). - net: stmmac: skip only stmmac_ptp_register when resume from suspend (git-fixes). - net: sxgbe: fix return value of __setup handler (git-fixes). - net: systemport: Add global locking for descriptor lifecycle (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - netdevsim: do not overwrite read only ethtool parms (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nvme: add APIs for stopping/starting admin queue (bsc#1201651). - nvme: apply nvme API to quiesce/unquiesce admin queue (bsc#1201651). - nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue is reallocated (bsc#1201651). - nvme: paring quiesce/unquiesce (bsc#1201651). - nvme: prepare for pairing quiescing and unquiescing (bsc#1201651). - nvme: wait until quiesce is done (bsc#1201651). - octeontx2-af: Do not fixup all VF action entries (git-fixes). - octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes). - octeontx2-af: cn10k: Do not enable RPM loopback for LPC interfaces (git-fixes). - octeontx2-pf: Forward error codes to VF (git-fixes). - page_alloc: fix invalid watemark check on a negative value (git fixes (mm/pgalloc)). - perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578). - perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability attribute (jsc#SLE-24578). - perf/amd/ibs: Cascade pmu init functions' return value (jsc#SLE-24578). - perf/amd/ibs: Use ->is_visible callback for dynamic attributes (jsc#SLE-24578). - pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux() (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - posix_cpu_timers: fix race between exit_itimers() and /proc/pid/timers (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - ppp: ensure minimum packet size in ppp_write() (git-fixes). - qede: validate non LSO skb length (git-fixes). - r8152: fix a WOL issue (git-fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - reset: Fix devm bulk optional exclusive control getter (git-fixes). - rocker: fix a sleeping in atomic bug (git-fixes). - rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258). - sched/core: Do not requeue task on CPU excluded from cpus_mask (bnc#1199356). - scsi: avoid to quiesce sdev->request_queue two times (bsc#1201651). - scsi: core: sd: Add silence_suspend flag to suppress some PM messages (git-fixes). - scsi: iscsi: Exclude zero from the endpoint ID range (git-fixes). - scsi: lpfc: Fix mailbox command failure during driver initialization (git-fixes). - scsi: make sure that request queue queiesce and unquiesce balanced (bsc#1201651). - scsi: scsi_debug: Do not call kcalloc() if size arg is zero (git-fixes). - scsi: scsi_debug: Fix type in min_t to avoid stack OOB (git-fixes). - scsi: scsi_debug: Fix zone transition to full condition (git-fixes). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: sd: Fix sd_do_mode_sense() buffer length handling (git-fixes). - scsi: ufs: Fix a deadlock in the error handler (git-fixes). - scsi: ufs: Fix runtime PM messages never-ending cycle (git-fixes). - scsi: ufs: Remove dead code (git-fixes). - scsi: ufs: core: scsi_get_lba() error fix (git-fixes). - serial: 8250: Fix PM usage_count for console handover (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570) - spi: amd: Limit max transfer and message size (git-fixes). - spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers (git-fixes). - spi: tegra210-quad: add acpi support (jsc#SLE-24570) - spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570) - spi: tegra210-quad: combined sequence mode (jsc#SLE-24570) - spi: tegra210-quad: use device_reset method (jsc#SLE-24570) - spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570) - supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682) Mark rvu_cptpf.ko and rvu_cptvf.ko as supported. - supported.conf: rvu_mbox as supported (jsc#SLE-24682) - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes). - tee: fix put order in teedev_close_context() (git-fixes). - tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes). - tun: fix bonding active backup with arp monitoring (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: serial: ftdi_sio: add Belimo device ids (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - veth: Do not record rx queue hint in veth_xmit (git-fixes). - veth: ensure skb entering GRO are not cloned (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit (git-fixes). - vt: fix memory overlapping when deleting chars in the buffer (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: mac80211_hwsim: set virtio device ready in probe() (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1190497). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) The following package changes have been done: - bind-utils-9.16.31-150400.5.6.1 updated - dracut-mkinitrd-deprecated-055+suse.279.g3b3c36b2-150400.3.5.1 updated - dracut-055+suse.279.g3b3c36b2-150400.3.5.1 updated - glibc-locale-base-2.31-150300.37.1 updated - glibc-locale-2.31-150300.37.1 updated - glibc-2.31-150300.37.1 updated - gpg2-2.2.27-150300.3.5.1 updated - hwinfo-21.82-150400.3.3.1 updated - kernel-default-5.14.21-150400.24.18.1 updated - libldb2-2.4.3-150400.4.8.1 updated - libncurses6-6.1-150000.5.12.1 updated - libpcre2-8-0-10.39-150400.4.6.1 updated - libsystemd0-249.11-150400.8.5.1 updated - libudev1-249.11-150400.8.5.1 updated - libxml2-2-2.9.14-150400.5.7.1 updated - libyaml-cpp0_6-0.6.3-150400.4.3.1 updated - libzypp-17.30.2-150400.3.3.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - permissions-20201225-150400.5.8.1 updated - python3-bind-9.16.31-150400.5.6.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 updated - systemd-sysvinit-249.11-150400.8.5.1 updated - systemd-249.11-150400.8.5.1 updated - tar-1.34-150000.3.18.1 updated - terminfo-base-6.1-150000.5.12.1 updated - terminfo-6.1-150000.5.12.1 updated - udev-249.11-150400.8.5.1 updated - xen-libs-4.16.1_06-150400.4.8.1 updated - zypper-1.14.53-150400.3.3.1 updated From sle-updates at lists.suse.com Thu Aug 25 07:17:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 09:17:02 +0200 (CEST) Subject: SUSE-RU-2022:2888-1: important: Recommended update for xfsprogs Message-ID: <20220825071702.BC8FAFF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for xfsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2888-1 Rating: important References: #1138227 #1138247 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for xfsprogs fixes the following issues: - mkfs: validate extent size hint parameters (bsc#1138247) - xfs_repair: fix root inode's parent when it's invalid for a short-form directory (bsc#1138227) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2888=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2888=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xfsprogs-debuginfo-4.15.0-3.18.1 xfsprogs-debugsource-4.15.0-3.18.1 xfsprogs-devel-4.15.0-3.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xfsprogs-4.15.0-3.18.1 xfsprogs-debuginfo-4.15.0-3.18.1 xfsprogs-debugsource-4.15.0-3.18.1 References: https://bugzilla.suse.com/1138227 https://bugzilla.suse.com/1138247 From sle-updates at lists.suse.com Thu Aug 25 07:17:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 09:17:44 +0200 (CEST) Subject: SUSE-RU-2022:2889-1: important: Recommended update for emacs-apel Message-ID: <20220825071744.D5B63FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for emacs-apel ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2889-1 Rating: important References: #1197714 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for emacs-apel fixes the following issues: - Fix build issue on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197714) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2889=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2889=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2889=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2889=1 Package List: - openSUSE Leap 15.4 (noarch): emacs-apel-10.8-150000.3.3.1 - openSUSE Leap 15.3 (noarch): emacs-apel-10.8-150000.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): emacs-apel-10.8-150000.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): emacs-apel-10.8-150000.3.3.1 References: https://bugzilla.suse.com/1197714 From sle-updates at lists.suse.com Thu Aug 25 07:35:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 09:35:03 +0200 (CEST) Subject: SUSE-CU-2022:1891-1: Security update of suse/sle15 Message-ID: <20220825073503.897BEFF0F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1891-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.178 Container Release : 9.5.178 Severity : important Type : security References : 1202020 CVE-2022-2509 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2882-1 Released: Wed Aug 24 10:34:31 2022 Summary: Security update for gnutls Type: security Severity: important References: 1202020,CVE-2022-2509 This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). The following package changes have been done: - libgnutls30-hmac-3.6.7-150200.14.19.2 updated - libgnutls30-3.6.7-150200.14.19.2 updated From sle-updates at lists.suse.com Thu Aug 25 10:15:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 12:15:44 +0200 (CEST) Subject: SUSE-SU-2022:2891-1: important: Security update for freerdp Message-ID: <20220825101544.5530CFF0F@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2891-1 Rating: important References: #1191895 Cross-References: CVE-2021-41159 CVE-2022-41160 CVSS scores: CVE-2021-41159 (NVD) : 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N CVE-2021-41159 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2021-41159: Fixed improper validation of client input (bsc#1191895). - CVE-2022-41160: Fixed improper region checks (bsc#1191895). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2891=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2891=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2891=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): freerdp-2.1.2-150200.15.18.1 freerdp-debuginfo-2.1.2-150200.15.18.1 freerdp-debugsource-2.1.2-150200.15.18.1 freerdp-devel-2.1.2-150200.15.18.1 freerdp-proxy-2.1.2-150200.15.18.1 freerdp-proxy-debuginfo-2.1.2-150200.15.18.1 freerdp-server-2.1.2-150200.15.18.1 freerdp-server-debuginfo-2.1.2-150200.15.18.1 freerdp-wayland-2.1.2-150200.15.18.1 freerdp-wayland-debuginfo-2.1.2-150200.15.18.1 libfreerdp2-2.1.2-150200.15.18.1 libfreerdp2-debuginfo-2.1.2-150200.15.18.1 libuwac0-0-2.1.2-150200.15.18.1 libuwac0-0-debuginfo-2.1.2-150200.15.18.1 libwinpr2-2.1.2-150200.15.18.1 libwinpr2-debuginfo-2.1.2-150200.15.18.1 uwac0-0-devel-2.1.2-150200.15.18.1 winpr2-devel-2.1.2-150200.15.18.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): freerdp-2.1.2-150200.15.18.1 freerdp-debuginfo-2.1.2-150200.15.18.1 freerdp-debugsource-2.1.2-150200.15.18.1 freerdp-devel-2.1.2-150200.15.18.1 freerdp-proxy-2.1.2-150200.15.18.1 freerdp-proxy-debuginfo-2.1.2-150200.15.18.1 libfreerdp2-2.1.2-150200.15.18.1 libfreerdp2-debuginfo-2.1.2-150200.15.18.1 libwinpr2-2.1.2-150200.15.18.1 libwinpr2-debuginfo-2.1.2-150200.15.18.1 winpr2-devel-2.1.2-150200.15.18.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): freerdp-2.1.2-150200.15.18.1 freerdp-debuginfo-2.1.2-150200.15.18.1 freerdp-debugsource-2.1.2-150200.15.18.1 freerdp-devel-2.1.2-150200.15.18.1 freerdp-proxy-2.1.2-150200.15.18.1 freerdp-proxy-debuginfo-2.1.2-150200.15.18.1 libfreerdp2-2.1.2-150200.15.18.1 libfreerdp2-debuginfo-2.1.2-150200.15.18.1 libwinpr2-2.1.2-150200.15.18.1 libwinpr2-debuginfo-2.1.2-150200.15.18.1 winpr2-devel-2.1.2-150200.15.18.1 References: https://www.suse.com/security/cve/CVE-2021-41159.html https://www.suse.com/security/cve/CVE-2022-41160.html https://bugzilla.suse.com/1191895 From sle-updates at lists.suse.com Thu Aug 25 10:16:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 12:16:17 +0200 (CEST) Subject: SUSE-SU-2022:2890-1: important: Security update for freerdp Message-ID: <20220825101617.53A81FF0F@maintenance.suse.de> SUSE Security Update: Security update for freerdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2890-1 Rating: important References: #1191895 Cross-References: CVE-2021-41159 CVE-2022-41160 CVSS scores: CVE-2021-41159 (NVD) : 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N CVE-2021-41159 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for freerdp fixes the following issues: - CVE-2021-41159: Fixed improper validation of client input (bsc#1191895). - CVE-2022-41160: Fixed improper region checks (bsc#1191895). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2890=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2890=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): freerdp-2.1.2-12.26.1 freerdp-debuginfo-2.1.2-12.26.1 freerdp-debugsource-2.1.2-12.26.1 freerdp-proxy-2.1.2-12.26.1 freerdp-server-2.1.2-12.26.1 libfreerdp2-2.1.2-12.26.1 libfreerdp2-debuginfo-2.1.2-12.26.1 libwinpr2-2.1.2-12.26.1 libwinpr2-debuginfo-2.1.2-12.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): freerdp-debuginfo-2.1.2-12.26.1 freerdp-debugsource-2.1.2-12.26.1 freerdp-devel-2.1.2-12.26.1 libfreerdp2-2.1.2-12.26.1 libfreerdp2-debuginfo-2.1.2-12.26.1 libwinpr2-2.1.2-12.26.1 libwinpr2-debuginfo-2.1.2-12.26.1 winpr2-devel-2.1.2-12.26.1 References: https://www.suse.com/security/cve/CVE-2021-41159.html https://www.suse.com/security/cve/CVE-2022-41160.html https://bugzilla.suse.com/1191895 From sle-updates at lists.suse.com Thu Aug 25 13:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 15:16:06 +0200 (CEST) Subject: SUSE-SU-2022:2896-1: moderate: Security update for raptor Message-ID: <20220825131606.DBA56FF0F@maintenance.suse.de> SUSE Security Update: Security update for raptor ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2896-1 Rating: moderate References: #1178903 Cross-References: CVE-2020-25713 CVSS scores: CVE-2020-25713 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25713 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for raptor fixes the following issues: - CVE-2020-25713: Fixed an out of bounds access triggered via a malformed input file (bsc#1178903). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2896=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2896=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2896=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2896=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2896=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libraptor-devel-2.0.15-150200.9.12.1 libraptor2-0-2.0.15-150200.9.12.1 libraptor2-0-debuginfo-2.0.15-150200.9.12.1 raptor-2.0.15-150200.9.12.1 raptor-debuginfo-2.0.15-150200.9.12.1 raptor-debugsource-2.0.15-150200.9.12.1 - openSUSE Leap 15.4 (x86_64): libraptor2-0-32bit-2.0.15-150200.9.12.1 libraptor2-0-32bit-debuginfo-2.0.15-150200.9.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libraptor-devel-2.0.15-150200.9.12.1 libraptor2-0-2.0.15-150200.9.12.1 libraptor2-0-debuginfo-2.0.15-150200.9.12.1 raptor-2.0.15-150200.9.12.1 raptor-debuginfo-2.0.15-150200.9.12.1 raptor-debugsource-2.0.15-150200.9.12.1 - openSUSE Leap 15.3 (x86_64): libraptor2-0-32bit-2.0.15-150200.9.12.1 libraptor2-0-32bit-debuginfo-2.0.15-150200.9.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libraptor-devel-2.0.15-150200.9.12.1 libraptor2-0-2.0.15-150200.9.12.1 libraptor2-0-debuginfo-2.0.15-150200.9.12.1 raptor-2.0.15-150200.9.12.1 raptor-debuginfo-2.0.15-150200.9.12.1 raptor-debugsource-2.0.15-150200.9.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libraptor-devel-2.0.15-150200.9.12.1 libraptor2-0-2.0.15-150200.9.12.1 libraptor2-0-debuginfo-2.0.15-150200.9.12.1 raptor-2.0.15-150200.9.12.1 raptor-debuginfo-2.0.15-150200.9.12.1 raptor-debugsource-2.0.15-150200.9.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libraptor-devel-2.0.15-150200.9.12.1 libraptor2-0-2.0.15-150200.9.12.1 libraptor2-0-debuginfo-2.0.15-150200.9.12.1 raptor-2.0.15-150200.9.12.1 raptor-debuginfo-2.0.15-150200.9.12.1 raptor-debugsource-2.0.15-150200.9.12.1 References: https://www.suse.com/security/cve/CVE-2020-25713.html https://bugzilla.suse.com/1178903 From sle-updates at lists.suse.com Thu Aug 25 13:17:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 15:17:25 +0200 (CEST) Subject: SUSE-SU-2022:2895-1: moderate: Security update for raptor Message-ID: <20220825131725.605E2FF0F@maintenance.suse.de> SUSE Security Update: Security update for raptor ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2895-1 Rating: moderate References: #1178903 Cross-References: CVE-2020-25713 CVSS scores: CVE-2020-25713 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25713 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for raptor fixes the following issues: - CVE-2020-25713: Fixed an out of bounds access triggered via a malformed input file (bsc#1178903). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2895=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2895=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2895=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): raptor-2.0.15-5.6.1 raptor-debuginfo-2.0.15-5.6.1 raptor-debugsource-2.0.15-5.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libraptor-devel-2.0.15-5.6.1 raptor-2.0.15-5.6.1 raptor-debuginfo-2.0.15-5.6.1 raptor-debugsource-2.0.15-5.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libraptor2-0-2.0.15-5.6.1 libraptor2-0-debuginfo-2.0.15-5.6.1 raptor-debuginfo-2.0.15-5.6.1 raptor-debugsource-2.0.15-5.6.1 References: https://www.suse.com/security/cve/CVE-2020-25713.html https://bugzilla.suse.com/1178903 From sle-updates at lists.suse.com Thu Aug 25 13:18:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 15:18:10 +0200 (CEST) Subject: SUSE-SU-2022:2893-1: important: Security update for postgresql10 Message-ID: <20220825131810.AFAE9FF0F@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2893-1 Rating: important References: #1179945 #1183168 #1185952 #1187751 #1190177 #1190740 #1192516 #1195680 #1199475 #1202368 Cross-References: CVE-2021-23214 CVE-2021-23222 CVE-2022-1552 CVE-2022-2625 CVSS scores: CVE-2021-23214 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-23222 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-1552 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 6 fixes is now available. Description: This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to 10.21: - CVE-2022-1552: Confined additional operations within "security restricted operation" sandboxes (bsc#1199475). - Upgrade to 10.20 (bsc#1195680) - Add constraints file with 12GB of memory for s390x as a workaround (boo#1190740) - Upgrade to version 10.19 (bsc#1192516): - CVE-2021-23214: Made the server reject extraneous data after an SSL or GSS encryption handshake - CVE-2021-23222: Made libpq reject extraneous data after an SSL or GSS encryption handshake - Fix for build with llvm12 on s390x. (bsc#1185952) - Re-enable 'icu' for PostgreSQL 10. (bsc#1179945) - Add postgresqlXX-server-devel as a dependency for postgresql13-server-devel. (bsc#1187751) - Upgrade to version 10.18. (bsc#1190177) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2893=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2893=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2893=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2893=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2893=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2893=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2893=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2893=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2893=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2893=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libecpg6-10.22-150000.4.42.1 libecpg6-debuginfo-10.22-150000.4.42.1 libpq5-10.22-150000.4.42.1 libpq5-debuginfo-10.22-150000.4.42.1 postgresql10-10.22-150000.4.42.1 postgresql10-contrib-10.22-150000.4.42.1 postgresql10-contrib-debuginfo-10.22-150000.4.42.1 postgresql10-debuginfo-10.22-150000.4.42.1 postgresql10-debugsource-10.22-150000.4.42.1 postgresql10-devel-10.22-150000.4.42.1 postgresql10-devel-debuginfo-10.22-150000.4.42.1 postgresql10-plperl-10.22-150000.4.42.1 postgresql10-plperl-debuginfo-10.22-150000.4.42.1 postgresql10-plpython-10.22-150000.4.42.1 postgresql10-plpython-debuginfo-10.22-150000.4.42.1 postgresql10-pltcl-10.22-150000.4.42.1 postgresql10-pltcl-debuginfo-10.22-150000.4.42.1 postgresql10-server-10.22-150000.4.42.1 postgresql10-server-debuginfo-10.22-150000.4.42.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 postgresql10-docs-10.22-150000.4.42.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libpq5-32bit-10.22-150000.4.42.1 libpq5-32bit-debuginfo-10.22-150000.4.42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libecpg6-10.22-150000.4.42.1 libecpg6-debuginfo-10.22-150000.4.42.1 libpq5-10.22-150000.4.42.1 libpq5-debuginfo-10.22-150000.4.42.1 postgresql10-10.22-150000.4.42.1 postgresql10-contrib-10.22-150000.4.42.1 postgresql10-contrib-debuginfo-10.22-150000.4.42.1 postgresql10-debuginfo-10.22-150000.4.42.1 postgresql10-debugsource-10.22-150000.4.42.1 postgresql10-devel-10.22-150000.4.42.1 postgresql10-devel-debuginfo-10.22-150000.4.42.1 postgresql10-plperl-10.22-150000.4.42.1 postgresql10-plperl-debuginfo-10.22-150000.4.42.1 postgresql10-plpython-10.22-150000.4.42.1 postgresql10-plpython-debuginfo-10.22-150000.4.42.1 postgresql10-pltcl-10.22-150000.4.42.1 postgresql10-pltcl-debuginfo-10.22-150000.4.42.1 postgresql10-server-10.22-150000.4.42.1 postgresql10-server-debuginfo-10.22-150000.4.42.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 postgresql10-docs-10.22-150000.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libecpg6-10.22-150000.4.42.1 libecpg6-debuginfo-10.22-150000.4.42.1 libpq5-10.22-150000.4.42.1 libpq5-debuginfo-10.22-150000.4.42.1 postgresql10-10.22-150000.4.42.1 postgresql10-contrib-10.22-150000.4.42.1 postgresql10-contrib-debuginfo-10.22-150000.4.42.1 postgresql10-debuginfo-10.22-150000.4.42.1 postgresql10-debugsource-10.22-150000.4.42.1 postgresql10-devel-10.22-150000.4.42.1 postgresql10-devel-debuginfo-10.22-150000.4.42.1 postgresql10-plperl-10.22-150000.4.42.1 postgresql10-plperl-debuginfo-10.22-150000.4.42.1 postgresql10-plpython-10.22-150000.4.42.1 postgresql10-plpython-debuginfo-10.22-150000.4.42.1 postgresql10-pltcl-10.22-150000.4.42.1 postgresql10-pltcl-debuginfo-10.22-150000.4.42.1 postgresql10-server-10.22-150000.4.42.1 postgresql10-server-debuginfo-10.22-150000.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 postgresql10-docs-10.22-150000.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libpq5-32bit-10.22-150000.4.42.1 libpq5-32bit-debuginfo-10.22-150000.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libecpg6-10.22-150000.4.42.1 libecpg6-debuginfo-10.22-150000.4.42.1 libpq5-10.22-150000.4.42.1 libpq5-debuginfo-10.22-150000.4.42.1 postgresql10-10.22-150000.4.42.1 postgresql10-contrib-10.22-150000.4.42.1 postgresql10-contrib-debuginfo-10.22-150000.4.42.1 postgresql10-debuginfo-10.22-150000.4.42.1 postgresql10-debugsource-10.22-150000.4.42.1 postgresql10-devel-10.22-150000.4.42.1 postgresql10-devel-debuginfo-10.22-150000.4.42.1 postgresql10-plperl-10.22-150000.4.42.1 postgresql10-plperl-debuginfo-10.22-150000.4.42.1 postgresql10-plpython-10.22-150000.4.42.1 postgresql10-plpython-debuginfo-10.22-150000.4.42.1 postgresql10-pltcl-10.22-150000.4.42.1 postgresql10-pltcl-debuginfo-10.22-150000.4.42.1 postgresql10-server-10.22-150000.4.42.1 postgresql10-server-debuginfo-10.22-150000.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 postgresql10-docs-10.22-150000.4.42.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libpq5-32bit-10.22-150000.4.42.1 libpq5-32bit-debuginfo-10.22-150000.4.42.1 - SUSE Enterprise Storage 6 (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 - SUSE CaaS Platform 4.0 (noarch): postgresql-12.0.1-150000.8.19.1 postgresql-contrib-12.0.1-150000.8.19.1 postgresql-devel-12.0.1-150000.8.19.1 postgresql-docs-12.0.1-150000.8.19.1 postgresql-plperl-12.0.1-150000.8.19.1 postgresql-plpython-12.0.1-150000.8.19.1 postgresql-pltcl-12.0.1-150000.8.19.1 postgresql-server-12.0.1-150000.8.19.1 postgresql-server-devel-12.0.1-150000.8.19.1 References: https://www.suse.com/security/cve/CVE-2021-23214.html https://www.suse.com/security/cve/CVE-2021-23222.html https://www.suse.com/security/cve/CVE-2022-1552.html https://www.suse.com/security/cve/CVE-2022-2625.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1183168 https://bugzilla.suse.com/1185952 https://bugzilla.suse.com/1187751 https://bugzilla.suse.com/1190177 https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1192516 https://bugzilla.suse.com/1195680 https://bugzilla.suse.com/1199475 https://bugzilla.suse.com/1202368 From sle-updates at lists.suse.com Thu Aug 25 13:19:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 15:19:53 +0200 (CEST) Subject: SUSE-SU-2022:2892-1: important: Security update for the Linux Kernel Message-ID: <20220825131953.78050FF0F@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2892-1 Rating: important References: #1178134 #1196616 #1196867 #1198829 #1199364 #1199647 #1199648 #1199665 #1199670 #1199695 #1200521 #1200598 #1200644 #1200651 #1200762 #1200910 #1201196 #1201206 #1201251 #1201381 #1201429 #1201442 #1201458 #1201635 #1201636 #1201644 #1201645 #1201664 #1201672 #1201673 #1201676 #1201742 #1201752 #1201846 #1201930 #1201940 #1201941 #1201954 #1201956 #1201958 #1202087 #1202154 #1202312 SLE-24559 Cross-References: CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1116 CVE-2022-1462 CVE-2022-20166 CVE-2022-21505 CVE-2022-2318 CVE-2022-26365 CVE-2022-2639 CVE-2022-29581 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-36946 CVSS scores: CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 ______________________________________________________________________________ An update that solves 17 vulnerabilities, contains one feature and has 26 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs could lead to a use-after-free (bnc#1201429). - CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458). - CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). - CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647). - CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251). - CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762). The following non-security bugs were fixed: - Fix bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ("x86/entry: Remove skip_r11rcx") too. - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes). - ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes). - ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes). - ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes). - ASoC: Remove unused hw_write_t type (git-fixes). - ASoC: cs47l15: Fix event generation for low power mux control (git-fixes). - ASoC: madera: Fix event generation for OUT1 demux (git-fixes). - ASoC: madera: Fix event generation for rate controls (git-fixes). - ASoC: ops: Fix off by one in range control validation (git-fixes). - ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes). - ASoC: wm5110: Fix DRE control (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Fixed a regression where smart batteries would not be detected on Mac (bsc#1201206). - Fixed an issue where qla2xxx would prevent nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - Fix 1201644, 1201664, 1201672, 1201673, 1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ("x86/entry: Remove skip_r11rcx") too. - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes). - KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes). - KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes) - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes). - KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes). - KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes). - KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes). - KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes). - NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Belimo device ids (git-fixes). - arm64 module: set plt* section addresses to 0x0 (git-fixes) - arm64: asm: Add new-style position independent function annotations (git-fixes) - arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes) - arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes) - arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes) - arm64: dts: marvell: espressobin: add ethernet alias (git-fixes) - arm64: dts: mcbin: support 2W SFP modules (git-fixes) - arm64: fix compat syscall return truncation (git-fixes) - arm64: fix inline asm in load_unaligned_zeropad() (git-fixes) - arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes) - arm64: module: remove (NOLOAD) from linker script (git-fixes) - arm64: module: rework special section handling (git-fixes) - arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes) - arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes) - arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes) - arm64: stackleak: fix current_top_of_stack() (git-fixes) - arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes) - arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes) - ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ax88179_178a: add ethtool_op_get_ts_info() (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes). - block: Fix fsync always failed if once failed (git-fixes). - block: Fix wrong offset in bio_truncate() (git-fixes). - block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364). - bpf: enable BPF type format (BTF) (jsc#SLE-24559). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: m_can: process interrupt only when not runtime suspended (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes) - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb4: Fix the -Wmisleading-indentation warning (git-fixes). - dm btree remove: assign new_root only when removal succeeds (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes). - dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: conditionally disable "recalculate" feature (git-fixes). - dm integrity: fix a crash if "recalculate" used without "internal_hash" (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm integrity: fix the maximum number of arguments (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm persistent data: packed struct should have an aligned() attribute too (git-fixes). - dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes). - dm snapshot: fix crash with transient storage and zero chunk size (git-fixes). - dm snapshot: flush merged data before committing metadata (git-fixes). - dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes). - dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm verity: fix FEC for RS roots unaligned to block size (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes). - dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - drbd: fix potential silent data corruption (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/net: Fix kABI in tun.c (git-fixes). - drivers: net: fix memory leak in atusb_probe (git-fixes). - drivers: net: fix memory leak in peak_usb_create_dev (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes). - drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes). - drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes). - drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - fbcon: Disallow setting font bigger than screen size (git-fixes). - fbcon: Prevent that screen size is smaller than font size (git-fixes). - fbdev: fbmem: Fix logo center image dx issue (git-fixes). - fbmem: Check virtual screen sizes in fb_set_var() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - ftgmac100: Restart MAC HW once (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: pca953x: only use single read/write for No AI mode (git-fixes). - gpio: pca953x: use the correct range when do regmap sync (git-fixes). - gpio: pca953x: use the correct register address when regcache sync during init (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364). - hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364). - hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364). - hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364). - hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364). - i2c: Fix a potential use after free (git-fixes). - i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: cadence: Unregister the clk notifier in error path (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - ida: do not use BUG_ON() for debugging (git-fixes). - igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes). - ima: Fix potential memory leak in ima_init_crypto() (git-fixes). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - kABI workaround for rtsx_usb (git-fixes). - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - lib/string.c: implement stpcpy (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1178134). - macvlan: remove redundant null check on data (git-fixes). - md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md: Set prev_flush_start and flush_bio in an atomic way (git-fixes). - md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: rc: increase rc-mm tolerance and add debug message (git-fixes). - media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes). - media: rtl28xxu: add missing sleep before probing slave demod (git-fixes). - media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes). - media: smipcie: fix interrupt handling and IR timeout (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes). - media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes). - media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memregion: Fix memregion_free() fallback definition (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes). - misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes). - misc: rtsx_usb: use separate command and response buffers (git-fixes). - mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364). - net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364). - net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net/sonic: Fix some resource leaks in error handling paths (git-fixes). - net: ag71xx: remove unnecessary MTU reservation (git-fixes). - net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes). - net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes). - net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes). - net: amd-xgbe: Reset link when the link never comes back (git-fixes). - net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes). - net: axienet: Handle deferred probe on clock properly (git-fixes). - net: dsa: b53: fix an off by one in checking "vlan->vid" (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes). - net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes). - net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes). - net: enetc: keep RX ring consumer index in sync with hardware (git-fixes). - net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes). - net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes). - net: ftgmac100: Fix crash when removing driver (git-fixes). - net: hdlc_x25: Return meaningful error code in x25_open (git-fixes). - net: hns3: fix error mask definition of flow director (git-fixes). - net: hso: bail out on interrupt URB allocation failure (git-fixes). - net: lapbether: Prevent racing when checking whether the netif is running (git-fixes). - net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes). - net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes). - net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes). - net: macb: add function to disable all macb clocks (git-fixes). - net: macb: restore cmp registers on resume path (git-fixes). - net: macb: unprepare clocks in case of failure (git-fixes). - net: mscc: Fix OF_MDIO config check (git-fixes). - net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes). - net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes). - net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes). - net: stmmac: Modify configuration method of EEE timers (git-fixes). - net: stmmac: Use resolved link config in mac_link_up() (git-fixes). - net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes). - net: stmmac: stop each tx channel independently (git-fixes). - net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes). - net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes). - net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: usb: use eth_hw_addr_set() (git-fixes). - nvme: consider also host_iface when checking ip options (bsc#1199670). - octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes). - octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes). - power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes). - powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761). - powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761). - powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761). - profiling: fix shift-out-of-bounds bugs (git fixes). - r8169: fix accessing unset transport header (git-fixes). - random: document add_hwgenerator_randomness() with other input functions (git-fixes). - random: fix typo in comments (git-fixes). - random: remove useless header comment (git fixes). - raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes) - sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)). - sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)). - scsi: core: Fix error handling of scsi_host_alloc() (git-fixes). - scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes). - scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes). - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes). - scsi: sd: Fix potential NULL pointer dereference (git-fixes). - scsi: ufs: Release clock if DMA map fails (git-fixes). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes). - serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes). - serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes). - serial: stm32: Clear prev values before setting RTS delays (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: ixp4xx/npe: Fix unused match warning (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes). - spi: amd: Limit max transfer and message size (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - sysctl: Fix data races in proc_dointvec() (git-fixes). - sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes). - sysctl: Fix data races in proc_dointvec_minmax() (git-fixes). - sysctl: Fix data races in proc_douintvec() (git-fixes). - sysctl: Fix data races in proc_douintvec_minmax() (git-fixes). - sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)). - usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes). - usb: dwc3: gadget: Fix event pending check (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: typec: add missing uevent when partner support PD (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: fix memory leak in error case (git-fixes). - video: of_display_timing.h: include errno.h (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_mmio: Add missing PM calls to freeze/restore (git-fixes). - virtio_mmio: Restore guest page size on resume (git-fixes). - watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - x86/bugs: Remove apostrophe typo (bsc#1178134). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-2892=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2892=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2892=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.99.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.99.1 dlm-kmp-rt-5.3.18-150300.99.1 dlm-kmp-rt-debuginfo-5.3.18-150300.99.1 gfs2-kmp-rt-5.3.18-150300.99.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.99.1 kernel-rt-5.3.18-150300.99.1 kernel-rt-debuginfo-5.3.18-150300.99.1 kernel-rt-debugsource-5.3.18-150300.99.1 kernel-rt-devel-5.3.18-150300.99.1 kernel-rt-devel-debuginfo-5.3.18-150300.99.1 kernel-rt_debug-debuginfo-5.3.18-150300.99.1 kernel-rt_debug-debugsource-5.3.18-150300.99.1 kernel-rt_debug-devel-5.3.18-150300.99.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.99.1 kernel-syms-rt-5.3.18-150300.99.1 ocfs2-kmp-rt-5.3.18-150300.99.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.99.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.99.1 kernel-source-rt-5.3.18-150300.99.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.99.1 kernel-rt-debuginfo-5.3.18-150300.99.1 kernel-rt-debugsource-5.3.18-150300.99.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.99.1 kernel-rt-debuginfo-5.3.18-150300.99.1 kernel-rt-debugsource-5.3.18-150300.99.1 References: https://www.suse.com/security/cve/CVE-2020-36516.html https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2022-1116.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-21505.html https://www.suse.com/security/cve/CVE-2022-2318.html https://www.suse.com/security/cve/CVE-2022-26365.html https://www.suse.com/security/cve/CVE-2022-2639.html https://www.suse.com/security/cve/CVE-2022-29581.html https://www.suse.com/security/cve/CVE-2022-33740.html https://www.suse.com/security/cve/CVE-2022-33741.html https://www.suse.com/security/cve/CVE-2022-33742.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1196616 https://bugzilla.suse.com/1196867 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1199364 https://bugzilla.suse.com/1199647 https://bugzilla.suse.com/1199648 https://bugzilla.suse.com/1199665 https://bugzilla.suse.com/1199670 https://bugzilla.suse.com/1199695 https://bugzilla.suse.com/1200521 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200644 https://bugzilla.suse.com/1200651 https://bugzilla.suse.com/1200762 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201196 https://bugzilla.suse.com/1201206 https://bugzilla.suse.com/1201251 https://bugzilla.suse.com/1201381 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201442 https://bugzilla.suse.com/1201458 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201645 https://bugzilla.suse.com/1201664 https://bugzilla.suse.com/1201672 https://bugzilla.suse.com/1201673 https://bugzilla.suse.com/1201676 https://bugzilla.suse.com/1201742 https://bugzilla.suse.com/1201752 https://bugzilla.suse.com/1201846 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 https://bugzilla.suse.com/1201941 https://bugzilla.suse.com/1201954 https://bugzilla.suse.com/1201956 https://bugzilla.suse.com/1201958 https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1202154 https://bugzilla.suse.com/1202312 From sle-updates at lists.suse.com Thu Aug 25 19:15:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 25 Aug 2022 21:15:43 +0200 (CEST) Subject: SUSE-RU-2022:2897-1: moderate: Recommended update for systemd-presets-branding-SLE Message-ID: <20220825191543.646E5FF0F@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-branding-SLE ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2897-1 Rating: moderate References: SLE-23312 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for systemd-presets-branding-SLE fixes the following issues: - Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2897=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2897=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2897=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2897=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2897=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): systemd-presets-branding-SLE-12.2-10.6.1 - SUSE OpenStack Cloud 9 (noarch): systemd-presets-branding-SLE-12.2-10.6.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): systemd-presets-branding-SLE-12.2-10.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-presets-branding-SLE-12.2-10.6.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): systemd-presets-branding-SLE-12.2-10.6.1 References: From sle-updates at lists.suse.com Thu Aug 25 22:16:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 00:16:01 +0200 (CEST) Subject: SUSE-SU-2022:2900-1: important: Security update for bluez Message-ID: <20220825221601.1ECC2FF18@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2900-1 Rating: important References: #1193227 Cross-References: CVE-2019-8922 CVSS scores: CVE-2019-8922 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-8922 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bluez fixes the following issues: - CVE-2019-8922: Fixed a buffer overflow in the implementation of the Service Discovery Protocol (bsc#1193227). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2900=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2900=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2900=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2900=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2900=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2900=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2900=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2900=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2900=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): bluez-5.13-5.26.1 bluez-debuginfo-5.13-5.26.1 bluez-debugsource-5.13-5.26.1 libbluetooth3-5.13-5.26.1 libbluetooth3-debuginfo-5.13-5.26.1 - SUSE OpenStack Cloud 9 (x86_64): bluez-5.13-5.26.1 bluez-debuginfo-5.13-5.26.1 bluez-debugsource-5.13-5.26.1 libbluetooth3-5.13-5.26.1 libbluetooth3-debuginfo-5.13-5.26.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): bluez-cups-5.13-5.26.1 bluez-cups-debuginfo-5.13-5.26.1 bluez-debuginfo-5.13-5.26.1 bluez-debugsource-5.13-5.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.26.1 bluez-debugsource-5.13-5.26.1 bluez-devel-5.13-5.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bluez-5.13-5.26.1 bluez-debuginfo-5.13-5.26.1 bluez-debugsource-5.13-5.26.1 libbluetooth3-5.13-5.26.1 libbluetooth3-debuginfo-5.13-5.26.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.26.1 bluez-debuginfo-5.13-5.26.1 bluez-debugsource-5.13-5.26.1 libbluetooth3-5.13-5.26.1 libbluetooth3-debuginfo-5.13-5.26.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.13-5.26.1 bluez-debuginfo-5.13-5.26.1 bluez-debugsource-5.13-5.26.1 libbluetooth3-5.13-5.26.1 libbluetooth3-debuginfo-5.13-5.26.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bluez-5.13-5.26.1 bluez-debuginfo-5.13-5.26.1 bluez-debugsource-5.13-5.26.1 libbluetooth3-5.13-5.26.1 libbluetooth3-debuginfo-5.13-5.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bluez-5.13-5.26.1 bluez-debuginfo-5.13-5.26.1 bluez-debugsource-5.13-5.26.1 libbluetooth3-5.13-5.26.1 libbluetooth3-debuginfo-5.13-5.26.1 References: https://www.suse.com/security/cve/CVE-2019-8922.html https://bugzilla.suse.com/1193227 From sle-updates at lists.suse.com Thu Aug 25 22:16:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 00:16:42 +0200 (CEST) Subject: SUSE-SU-2022:2899-1: important: Security update for java-1_8_0-ibm Message-ID: <20220825221642.0F220FF18@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2899-1 Rating: important References: #1201684 #1201685 #1201692 #1201694 #1202427 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21549 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21549 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-34169 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2899=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2899=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2899=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2899=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2899=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2899=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2899=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2899=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-30.93.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-30.93.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr7.11-30.93.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-30.93.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-30.93.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-30.93.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-30.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-30.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-30.93.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-30.93.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-30.93.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-30.93.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-21549.html https://www.suse.com/security/cve/CVE-2022-34169.html https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201685 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 https://bugzilla.suse.com/1202427 From sle-updates at lists.suse.com Thu Aug 25 22:17:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 00:17:46 +0200 (CEST) Subject: SUSE-SU-2022:2898-1: important: Security update for java-1_7_1-ibm Message-ID: <20220825221746.43200FF18@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2898-1 Rating: important References: #1201684 #1201685 #1201692 #1201694 #1202427 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21549 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21549 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-34169 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Updated to Java 7.1 Service Refresh 5 Fix Pack 15 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2898=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2898=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2898=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2898=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2898=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2898=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2898=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2898=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.74.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.74.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr5.15-38.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.74.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.74.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.74.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.74.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.74.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.74.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-21549.html https://www.suse.com/security/cve/CVE-2022-34169.html https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201685 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 https://bugzilla.suse.com/1202427 From sle-updates at lists.suse.com Fri Aug 26 07:16:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 09:16:01 +0200 (CEST) Subject: SUSE-RU-2022:2904-1: moderate: Recommended update for openldap2 Message-ID: <20220826071601.10390FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2904-1 Rating: moderate References: #1198341 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2904=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2904=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2904=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2904=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2904=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2904=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2904=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2904=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2904=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2904=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2904=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2904=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2904=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2904=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2904=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2904=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2904=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2904=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-2.4.46-150200.14.11.2 openldap2-back-meta-2.4.46-150200.14.11.2 openldap2-back-meta-debuginfo-2.4.46-150200.14.11.2 openldap2-back-perl-2.4.46-150200.14.11.2 openldap2-back-perl-debuginfo-2.4.46-150200.14.11.2 openldap2-back-sock-2.4.46-150200.14.11.2 openldap2-back-sock-debuginfo-2.4.46-150200.14.11.2 openldap2-back-sql-2.4.46-150200.14.11.2 openldap2-back-sql-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-contrib-2.4.46-150200.14.11.2 openldap2-contrib-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 openldap2-ppolicy-check-password-1.2-150200.14.11.2 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.11.2 - openSUSE Leap 15.4 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - openSUSE Leap 15.4 (noarch): libldap-data-2.4.46-150200.14.11.2 openldap2-doc-2.4.46-150200.14.11.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-2.4.46-150200.14.11.2 openldap2-back-meta-2.4.46-150200.14.11.2 openldap2-back-meta-debuginfo-2.4.46-150200.14.11.2 openldap2-back-perl-2.4.46-150200.14.11.2 openldap2-back-perl-debuginfo-2.4.46-150200.14.11.2 openldap2-back-sock-2.4.46-150200.14.11.2 openldap2-back-sock-debuginfo-2.4.46-150200.14.11.2 openldap2-back-sql-2.4.46-150200.14.11.2 openldap2-back-sql-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-contrib-2.4.46-150200.14.11.2 openldap2-contrib-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 openldap2-ppolicy-check-password-1.2-150200.14.11.2 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.11.2 - openSUSE Leap 15.3 (noarch): libldap-data-2.4.46-150200.14.11.2 openldap2-doc-2.4.46-150200.14.11.2 - openSUSE Leap 15.3 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-2.4.46-150200.14.11.2 openldap2-back-meta-2.4.46-150200.14.11.2 openldap2-back-meta-debuginfo-2.4.46-150200.14.11.2 openldap2-back-perl-2.4.46-150200.14.11.2 openldap2-back-perl-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-contrib-2.4.46-150200.14.11.2 openldap2-contrib-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 openldap2-ppolicy-check-password-1.2-150200.14.11.2 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.11.2 - SUSE Manager Server 4.1 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - SUSE Manager Server 4.1 (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Manager Retail Branch Server 4.1 (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-2.4.46-150200.14.11.2 openldap2-back-meta-2.4.46-150200.14.11.2 openldap2-back-meta-debuginfo-2.4.46-150200.14.11.2 openldap2-back-perl-2.4.46-150200.14.11.2 openldap2-back-perl-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-contrib-2.4.46-150200.14.11.2 openldap2-contrib-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 openldap2-ppolicy-check-password-1.2-150200.14.11.2 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.11.2 - SUSE Manager Proxy 4.1 (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Manager Proxy 4.1 (x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-2.4.46-150200.14.11.2 openldap2-back-meta-2.4.46-150200.14.11.2 openldap2-back-meta-debuginfo-2.4.46-150200.14.11.2 openldap2-back-perl-2.4.46-150200.14.11.2 openldap2-back-perl-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-contrib-2.4.46-150200.14.11.2 openldap2-contrib-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 openldap2-ppolicy-check-password-1.2-150200.14.11.2 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.11.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-2.4.46-150200.14.11.2 openldap2-back-meta-2.4.46-150200.14.11.2 openldap2-back-meta-debuginfo-2.4.46-150200.14.11.2 openldap2-back-perl-2.4.46-150200.14.11.2 openldap2-back-perl-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-contrib-2.4.46-150200.14.11.2 openldap2-contrib-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 openldap2-ppolicy-check-password-1.2-150200.14.11.2 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.11.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-2.4.46-150200.14.11.2 openldap2-back-meta-2.4.46-150200.14.11.2 openldap2-back-meta-debuginfo-2.4.46-150200.14.11.2 openldap2-back-perl-2.4.46-150200.14.11.2 openldap2-back-perl-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-contrib-2.4.46-150200.14.11.2 openldap2-contrib-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 openldap2-ppolicy-check-password-1.2-150200.14.11.2 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.11.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-150200.14.11.2 openldap2-back-meta-2.4.46-150200.14.11.2 openldap2-back-meta-debuginfo-2.4.46-150200.14.11.2 openldap2-back-perl-2.4.46-150200.14.11.2 openldap2-back-perl-debuginfo-2.4.46-150200.14.11.2 openldap2-contrib-2.4.46-150200.14.11.2 openldap2-contrib-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-ppolicy-check-password-1.2-150200.14.11.2 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.11.2 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Micro 5.2 (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 - SUSE Linux Enterprise Micro 5.1 (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libldap-data-2.4.46-150200.14.11.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libldap-2_4-2-2.4.46-150200.14.11.2 libldap-2_4-2-debuginfo-2.4.46-150200.14.11.2 openldap2-2.4.46-150200.14.11.2 openldap2-back-meta-2.4.46-150200.14.11.2 openldap2-back-meta-debuginfo-2.4.46-150200.14.11.2 openldap2-back-perl-2.4.46-150200.14.11.2 openldap2-back-perl-debuginfo-2.4.46-150200.14.11.2 openldap2-client-2.4.46-150200.14.11.2 openldap2-client-debuginfo-2.4.46-150200.14.11.2 openldap2-contrib-2.4.46-150200.14.11.2 openldap2-contrib-debuginfo-2.4.46-150200.14.11.2 openldap2-debuginfo-2.4.46-150200.14.11.2 openldap2-debugsource-2.4.46-150200.14.11.2 openldap2-devel-2.4.46-150200.14.11.2 openldap2-devel-static-2.4.46-150200.14.11.2 openldap2-ppolicy-check-password-1.2-150200.14.11.2 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.11.2 - SUSE Enterprise Storage 7 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.11.2 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.11.2 openldap2-devel-32bit-2.4.46-150200.14.11.2 - SUSE Enterprise Storage 7 (noarch): libldap-data-2.4.46-150200.14.11.2 References: https://bugzilla.suse.com/1198341 From sle-updates at lists.suse.com Fri Aug 26 07:16:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 09:16:41 +0200 (CEST) Subject: SUSE-RU-2022:2906-1: moderate: Recommended update for openldap2 Message-ID: <20220826071641.08FF1FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2906-1 Rating: moderate References: #1198341 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2906=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2906=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): openldap2-doc-2.4.41-18.92.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libldap-2_4-2-2.4.41-18.92.1 libldap-2_4-2-32bit-2.4.41-18.92.1 libldap-2_4-2-debuginfo-2.4.41-18.92.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.92.1 openldap2-2.4.41-18.92.1 openldap2-back-meta-2.4.41-18.92.1 openldap2-back-meta-debuginfo-2.4.41-18.92.1 openldap2-client-2.4.41-18.92.1 openldap2-client-debuginfo-2.4.41-18.92.1 openldap2-debuginfo-2.4.41-18.92.1 openldap2-debugsource-2.4.41-18.92.1 openldap2-ppolicy-check-password-1.2-18.92.1 openldap2-ppolicy-check-password-debuginfo-1.2-18.92.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libldap-2_4-2-2.4.41-18.92.1 libldap-2_4-2-32bit-2.4.41-18.92.1 libldap-2_4-2-debuginfo-2.4.41-18.92.1 libldap-2_4-2-debuginfo-32bit-2.4.41-18.92.1 openldap2-2.4.41-18.92.1 openldap2-back-meta-2.4.41-18.92.1 openldap2-back-meta-debuginfo-2.4.41-18.92.1 openldap2-client-2.4.41-18.92.1 openldap2-client-debuginfo-2.4.41-18.92.1 openldap2-debuginfo-2.4.41-18.92.1 openldap2-debugsource-2.4.41-18.92.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): openldap2-doc-2.4.41-18.92.1 References: https://bugzilla.suse.com/1198341 From sle-updates at lists.suse.com Fri Aug 26 07:17:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 09:17:12 +0200 (CEST) Subject: SUSE-RU-2022:2903-1: moderate: Recommended update for Mesa Message-ID: <20220826071712.0DA4BFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2903-1 Rating: moderate References: #1197045 #1197046 #1200965 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for Mesa fixes the following issues: - Change default driver from 'iris' back to 'i965' for Intel Gen8-11 hardware; that way we also use the same driver used by X and Mesa (bsc#1200965, bsc#1197045, bsc#1197046) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2903=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2903=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2903=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2903=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): Mesa-21.2.4-150400.68.3.1 Mesa-KHR-devel-21.2.4-150400.68.3.1 Mesa-debugsource-21.2.4-150400.68.3.1 Mesa-devel-21.2.4-150400.68.3.1 Mesa-dri-21.2.4-150400.68.3.1 Mesa-dri-debuginfo-21.2.4-150400.68.3.1 Mesa-dri-devel-21.2.4-150400.68.3.1 Mesa-drivers-debugsource-21.2.4-150400.68.3.1 Mesa-libEGL-devel-21.2.4-150400.68.3.1 Mesa-libEGL1-21.2.4-150400.68.3.1 Mesa-libEGL1-debuginfo-21.2.4-150400.68.3.1 Mesa-libGL-devel-21.2.4-150400.68.3.1 Mesa-libGL1-21.2.4-150400.68.3.1 Mesa-libGL1-debuginfo-21.2.4-150400.68.3.1 Mesa-libGLESv1_CM-devel-21.2.4-150400.68.3.1 Mesa-libGLESv2-devel-21.2.4-150400.68.3.1 Mesa-libGLESv3-devel-21.2.4-150400.68.3.1 Mesa-libglapi-devel-21.2.4-150400.68.3.1 Mesa-libglapi0-21.2.4-150400.68.3.1 Mesa-libglapi0-debuginfo-21.2.4-150400.68.3.1 libOSMesa-devel-21.2.4-150400.68.3.1 libOSMesa8-21.2.4-150400.68.3.1 libOSMesa8-debuginfo-21.2.4-150400.68.3.1 libgbm-devel-21.2.4-150400.68.3.1 libgbm1-21.2.4-150400.68.3.1 libgbm1-debuginfo-21.2.4-150400.68.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): Mesa-dri-nouveau-21.2.4-150400.68.3.1 Mesa-dri-nouveau-debuginfo-21.2.4-150400.68.3.1 Mesa-gallium-21.2.4-150400.68.3.1 Mesa-gallium-debuginfo-21.2.4-150400.68.3.1 Mesa-libOpenCL-21.2.4-150400.68.3.1 Mesa-libOpenCL-debuginfo-21.2.4-150400.68.3.1 Mesa-libva-21.2.4-150400.68.3.1 Mesa-libva-debuginfo-21.2.4-150400.68.3.1 libXvMC_nouveau-21.2.4-150400.68.3.1 libXvMC_nouveau-debuginfo-21.2.4-150400.68.3.1 libXvMC_r600-21.2.4-150400.68.3.1 libXvMC_r600-debuginfo-21.2.4-150400.68.3.1 libvdpau_nouveau-21.2.4-150400.68.3.1 libvdpau_nouveau-debuginfo-21.2.4-150400.68.3.1 libvdpau_r300-21.2.4-150400.68.3.1 libvdpau_r300-debuginfo-21.2.4-150400.68.3.1 libvdpau_r600-21.2.4-150400.68.3.1 libvdpau_r600-debuginfo-21.2.4-150400.68.3.1 libvdpau_radeonsi-21.2.4-150400.68.3.1 libvdpau_radeonsi-debuginfo-21.2.4-150400.68.3.1 libxatracker-devel-1.0.0-150400.68.3.1 libxatracker2-1.0.0-150400.68.3.1 libxatracker2-debuginfo-1.0.0-150400.68.3.1 - openSUSE Leap 15.4 (aarch64 x86_64): Mesa-libVulkan-devel-21.2.4-150400.68.3.1 Mesa-libd3d-21.2.4-150400.68.3.1 Mesa-libd3d-debuginfo-21.2.4-150400.68.3.1 Mesa-libd3d-devel-21.2.4-150400.68.3.1 Mesa-vulkan-device-select-21.2.4-150400.68.3.1 Mesa-vulkan-device-select-debuginfo-21.2.4-150400.68.3.1 Mesa-vulkan-overlay-21.2.4-150400.68.3.1 Mesa-vulkan-overlay-debuginfo-21.2.4-150400.68.3.1 libvulkan_lvp-21.2.4-150400.68.3.1 libvulkan_lvp-debuginfo-21.2.4-150400.68.3.1 libvulkan_radeon-21.2.4-150400.68.3.1 libvulkan_radeon-debuginfo-21.2.4-150400.68.3.1 - openSUSE Leap 15.4 (aarch64): Mesa-dri-vc4-21.2.4-150400.68.3.1 Mesa-dri-vc4-debuginfo-21.2.4-150400.68.3.1 libvulkan_broadcom-21.2.4-150400.68.3.1 libvulkan_broadcom-debuginfo-21.2.4-150400.68.3.1 libvulkan_freedreno-21.2.4-150400.68.3.1 libvulkan_freedreno-debuginfo-21.2.4-150400.68.3.1 - openSUSE Leap 15.4 (x86_64): Mesa-32bit-21.2.4-150400.68.3.1 Mesa-dri-32bit-21.2.4-150400.68.3.1 Mesa-dri-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-dri-nouveau-32bit-21.2.4-150400.68.3.1 Mesa-dri-nouveau-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-gallium-32bit-21.2.4-150400.68.3.1 Mesa-gallium-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-libEGL-devel-32bit-21.2.4-150400.68.3.1 Mesa-libEGL1-32bit-21.2.4-150400.68.3.1 Mesa-libEGL1-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-libGL-devel-32bit-21.2.4-150400.68.3.1 Mesa-libGL1-32bit-21.2.4-150400.68.3.1 Mesa-libGL1-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-libGLESv1_CM-devel-32bit-21.2.4-150400.68.3.1 Mesa-libGLESv2-devel-32bit-21.2.4-150400.68.3.1 Mesa-libd3d-32bit-21.2.4-150400.68.3.1 Mesa-libd3d-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-libd3d-devel-32bit-21.2.4-150400.68.3.1 Mesa-libglapi-devel-32bit-21.2.4-150400.68.3.1 Mesa-libglapi0-32bit-21.2.4-150400.68.3.1 Mesa-libglapi0-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-vulkan-device-select-32bit-21.2.4-150400.68.3.1 Mesa-vulkan-device-select-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-vulkan-overlay-32bit-21.2.4-150400.68.3.1 Mesa-vulkan-overlay-32bit-debuginfo-21.2.4-150400.68.3.1 libOSMesa-devel-32bit-21.2.4-150400.68.3.1 libOSMesa8-32bit-21.2.4-150400.68.3.1 libOSMesa8-32bit-debuginfo-21.2.4-150400.68.3.1 libXvMC_nouveau-32bit-21.2.4-150400.68.3.1 libXvMC_nouveau-32bit-debuginfo-21.2.4-150400.68.3.1 libXvMC_r600-32bit-21.2.4-150400.68.3.1 libXvMC_r600-32bit-debuginfo-21.2.4-150400.68.3.1 libgbm-devel-32bit-21.2.4-150400.68.3.1 libgbm1-32bit-21.2.4-150400.68.3.1 libgbm1-32bit-debuginfo-21.2.4-150400.68.3.1 libvdpau_nouveau-32bit-21.2.4-150400.68.3.1 libvdpau_nouveau-32bit-debuginfo-21.2.4-150400.68.3.1 libvdpau_r300-32bit-21.2.4-150400.68.3.1 libvdpau_r300-32bit-debuginfo-21.2.4-150400.68.3.1 libvdpau_r600-32bit-21.2.4-150400.68.3.1 libvdpau_r600-32bit-debuginfo-21.2.4-150400.68.3.1 libvdpau_radeonsi-32bit-21.2.4-150400.68.3.1 libvdpau_radeonsi-32bit-debuginfo-21.2.4-150400.68.3.1 libvulkan_intel-21.2.4-150400.68.3.1 libvulkan_intel-32bit-21.2.4-150400.68.3.1 libvulkan_intel-32bit-debuginfo-21.2.4-150400.68.3.1 libvulkan_intel-debuginfo-21.2.4-150400.68.3.1 libvulkan_radeon-32bit-21.2.4-150400.68.3.1 libvulkan_radeon-32bit-debuginfo-21.2.4-150400.68.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): Mesa-dri-nouveau-21.2.4-150400.68.3.1 Mesa-dri-nouveau-debuginfo-21.2.4-150400.68.3.1 Mesa-drivers-debugsource-21.2.4-150400.68.3.1 libXvMC_nouveau-21.2.4-150400.68.3.1 libXvMC_nouveau-debuginfo-21.2.4-150400.68.3.1 libvdpau_nouveau-21.2.4-150400.68.3.1 libvdpau_nouveau-debuginfo-21.2.4-150400.68.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): Mesa-debugsource-21.2.4-150400.68.3.1 libOSMesa8-32bit-21.2.4-150400.68.3.1 libOSMesa8-32bit-debuginfo-21.2.4-150400.68.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): Mesa-21.2.4-150400.68.3.1 Mesa-KHR-devel-21.2.4-150400.68.3.1 Mesa-debugsource-21.2.4-150400.68.3.1 Mesa-devel-21.2.4-150400.68.3.1 Mesa-dri-21.2.4-150400.68.3.1 Mesa-dri-debuginfo-21.2.4-150400.68.3.1 Mesa-dri-devel-21.2.4-150400.68.3.1 Mesa-drivers-debugsource-21.2.4-150400.68.3.1 Mesa-libEGL-devel-21.2.4-150400.68.3.1 Mesa-libEGL1-21.2.4-150400.68.3.1 Mesa-libEGL1-debuginfo-21.2.4-150400.68.3.1 Mesa-libGL-devel-21.2.4-150400.68.3.1 Mesa-libGL1-21.2.4-150400.68.3.1 Mesa-libGL1-debuginfo-21.2.4-150400.68.3.1 Mesa-libGLESv1_CM-devel-21.2.4-150400.68.3.1 Mesa-libGLESv2-devel-21.2.4-150400.68.3.1 Mesa-libGLESv3-devel-21.2.4-150400.68.3.1 Mesa-libglapi-devel-21.2.4-150400.68.3.1 Mesa-libglapi0-21.2.4-150400.68.3.1 Mesa-libglapi0-debuginfo-21.2.4-150400.68.3.1 libOSMesa-devel-21.2.4-150400.68.3.1 libOSMesa8-21.2.4-150400.68.3.1 libOSMesa8-debuginfo-21.2.4-150400.68.3.1 libgbm-devel-21.2.4-150400.68.3.1 libgbm1-21.2.4-150400.68.3.1 libgbm1-debuginfo-21.2.4-150400.68.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le x86_64): Mesa-gallium-21.2.4-150400.68.3.1 Mesa-gallium-debuginfo-21.2.4-150400.68.3.1 Mesa-libva-21.2.4-150400.68.3.1 Mesa-libva-debuginfo-21.2.4-150400.68.3.1 libvdpau_r300-21.2.4-150400.68.3.1 libvdpau_r300-debuginfo-21.2.4-150400.68.3.1 libvdpau_r600-21.2.4-150400.68.3.1 libvdpau_r600-debuginfo-21.2.4-150400.68.3.1 libxatracker-devel-1.0.0-150400.68.3.1 libxatracker2-1.0.0-150400.68.3.1 libxatracker2-debuginfo-1.0.0-150400.68.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): Mesa-vulkan-device-select-21.2.4-150400.68.3.1 Mesa-vulkan-device-select-debuginfo-21.2.4-150400.68.3.1 Mesa-vulkan-overlay-21.2.4-150400.68.3.1 Mesa-vulkan-overlay-debuginfo-21.2.4-150400.68.3.1 libvulkan_lvp-21.2.4-150400.68.3.1 libvulkan_lvp-debuginfo-21.2.4-150400.68.3.1 libvulkan_radeon-21.2.4-150400.68.3.1 libvulkan_radeon-debuginfo-21.2.4-150400.68.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): Mesa-32bit-21.2.4-150400.68.3.1 Mesa-dri-32bit-21.2.4-150400.68.3.1 Mesa-dri-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-gallium-32bit-21.2.4-150400.68.3.1 Mesa-gallium-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-libEGL1-32bit-21.2.4-150400.68.3.1 Mesa-libEGL1-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-libGL1-32bit-21.2.4-150400.68.3.1 Mesa-libGL1-32bit-debuginfo-21.2.4-150400.68.3.1 Mesa-libVulkan-devel-21.2.4-150400.68.3.1 Mesa-libd3d-21.2.4-150400.68.3.1 Mesa-libd3d-debuginfo-21.2.4-150400.68.3.1 Mesa-libd3d-devel-21.2.4-150400.68.3.1 Mesa-libglapi0-32bit-21.2.4-150400.68.3.1 Mesa-libglapi0-32bit-debuginfo-21.2.4-150400.68.3.1 libgbm1-32bit-21.2.4-150400.68.3.1 libgbm1-32bit-debuginfo-21.2.4-150400.68.3.1 libvdpau_radeonsi-21.2.4-150400.68.3.1 libvdpau_radeonsi-debuginfo-21.2.4-150400.68.3.1 libvulkan_intel-21.2.4-150400.68.3.1 libvulkan_intel-debuginfo-21.2.4-150400.68.3.1 References: https://bugzilla.suse.com/1197045 https://bugzilla.suse.com/1197046 https://bugzilla.suse.com/1200965 From sle-updates at lists.suse.com Fri Aug 26 07:17:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 09:17:56 +0200 (CEST) Subject: SUSE-RU-2022:2905-1: moderate: Recommended update for openldap2 Message-ID: <20220826071756.E9714FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2905-1 Rating: moderate References: #1198341 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2905=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2905=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2905=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2905=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2905=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2905=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2905=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2905=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2905=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2905=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-2.4.46-150000.9.74.3 openldap2-back-meta-2.4.46-150000.9.74.3 openldap2-back-meta-debuginfo-2.4.46-150000.9.74.3 openldap2-back-perl-2.4.46-150000.9.74.3 openldap2-back-perl-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 openldap2-ppolicy-check-password-1.2-150000.9.74.3 openldap2-ppolicy-check-password-debuginfo-1.2-150000.9.74.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-2.4.46-150000.9.74.3 openldap2-back-meta-2.4.46-150000.9.74.3 openldap2-back-meta-debuginfo-2.4.46-150000.9.74.3 openldap2-back-perl-2.4.46-150000.9.74.3 openldap2-back-perl-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 openldap2-ppolicy-check-password-1.2-150000.9.74.3 openldap2-ppolicy-check-password-debuginfo-1.2-150000.9.74.3 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 - SUSE Linux Enterprise Server for SAP 15 (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-2.4.46-150000.9.74.3 openldap2-back-meta-2.4.46-150000.9.74.3 openldap2-back-meta-debuginfo-2.4.46-150000.9.74.3 openldap2-back-perl-2.4.46-150000.9.74.3 openldap2-back-perl-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 openldap2-ppolicy-check-password-1.2-150000.9.74.3 openldap2-ppolicy-check-password-debuginfo-1.2-150000.9.74.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-2.4.46-150000.9.74.3 openldap2-back-meta-2.4.46-150000.9.74.3 openldap2-back-meta-debuginfo-2.4.46-150000.9.74.3 openldap2-back-perl-2.4.46-150000.9.74.3 openldap2-back-perl-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 openldap2-ppolicy-check-password-1.2-150000.9.74.3 openldap2-ppolicy-check-password-debuginfo-1.2-150000.9.74.3 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-2.4.46-150000.9.74.3 openldap2-back-meta-2.4.46-150000.9.74.3 openldap2-back-meta-debuginfo-2.4.46-150000.9.74.3 openldap2-back-perl-2.4.46-150000.9.74.3 openldap2-back-perl-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 openldap2-ppolicy-check-password-1.2-150000.9.74.3 openldap2-ppolicy-check-password-debuginfo-1.2-150000.9.74.3 - SUSE Linux Enterprise Server 15-LTSS (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 openldap2-ppolicy-check-password-1.2-150000.9.74.3 openldap2-ppolicy-check-password-debuginfo-1.2-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 openldap2-ppolicy-check-password-1.2-150000.9.74.3 openldap2-ppolicy-check-password-debuginfo-1.2-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-2.4.46-150000.9.74.3 openldap2-back-meta-2.4.46-150000.9.74.3 openldap2-back-meta-debuginfo-2.4.46-150000.9.74.3 openldap2-back-perl-2.4.46-150000.9.74.3 openldap2-back-perl-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 openldap2-ppolicy-check-password-1.2-150000.9.74.3 openldap2-ppolicy-check-password-debuginfo-1.2-150000.9.74.3 - SUSE Enterprise Storage 6 (x86_64): libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 - SUSE Enterprise Storage 6 (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE CaaS Platform 4.0 (noarch): libldap-data-2.4.46-150000.9.74.3 - SUSE CaaS Platform 4.0 (x86_64): libldap-2_4-2-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-2.4.46-150000.9.74.3 libldap-2_4-2-32bit-debuginfo-2.4.46-150000.9.74.3 libldap-2_4-2-debuginfo-2.4.46-150000.9.74.3 openldap2-2.4.46-150000.9.74.3 openldap2-back-meta-2.4.46-150000.9.74.3 openldap2-back-meta-debuginfo-2.4.46-150000.9.74.3 openldap2-back-perl-2.4.46-150000.9.74.3 openldap2-back-perl-debuginfo-2.4.46-150000.9.74.3 openldap2-client-2.4.46-150000.9.74.3 openldap2-client-debuginfo-2.4.46-150000.9.74.3 openldap2-debuginfo-2.4.46-150000.9.74.3 openldap2-debugsource-2.4.46-150000.9.74.3 openldap2-devel-2.4.46-150000.9.74.3 openldap2-devel-32bit-2.4.46-150000.9.74.3 openldap2-devel-static-2.4.46-150000.9.74.3 openldap2-ppolicy-check-password-1.2-150000.9.74.3 openldap2-ppolicy-check-password-debuginfo-1.2-150000.9.74.3 References: https://bugzilla.suse.com/1198341 From sle-updates at lists.suse.com Fri Aug 26 07:18:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 09:18:37 +0200 (CEST) Subject: SUSE-RU-2022:2907-1: moderate: Recommended update for openldap2 Message-ID: <20220826071837.43BCFFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2907-1 Rating: moderate References: #1198341 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2907=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2907=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2907=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2907=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2907=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2907=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openldap2-doc-2.4.41-22.13.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libldap-2_4-2-2.4.41-22.13.1 libldap-2_4-2-32bit-2.4.41-22.13.1 libldap-2_4-2-debuginfo-2.4.41-22.13.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.13.1 openldap2-2.4.41-22.13.1 openldap2-back-meta-2.4.41-22.13.1 openldap2-back-meta-debuginfo-2.4.41-22.13.1 openldap2-client-2.4.41-22.13.1 openldap2-client-debuginfo-2.4.41-22.13.1 openldap2-debuginfo-2.4.41-22.13.1 openldap2-debugsource-2.4.41-22.13.1 openldap2-ppolicy-check-password-1.2-22.13.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.13.1 - SUSE OpenStack Cloud 9 (x86_64): libldap-2_4-2-2.4.41-22.13.1 libldap-2_4-2-32bit-2.4.41-22.13.1 libldap-2_4-2-debuginfo-2.4.41-22.13.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.13.1 openldap2-2.4.41-22.13.1 openldap2-back-meta-2.4.41-22.13.1 openldap2-back-meta-debuginfo-2.4.41-22.13.1 openldap2-client-2.4.41-22.13.1 openldap2-client-debuginfo-2.4.41-22.13.1 openldap2-debuginfo-2.4.41-22.13.1 openldap2-debugsource-2.4.41-22.13.1 openldap2-ppolicy-check-password-1.2-22.13.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.13.1 - SUSE OpenStack Cloud 9 (noarch): openldap2-doc-2.4.41-22.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openldap2-back-perl-2.4.41-22.13.1 openldap2-back-perl-debuginfo-2.4.41-22.13.1 openldap2-debuginfo-2.4.41-22.13.1 openldap2-debugsource-2.4.41-22.13.1 openldap2-devel-2.4.41-22.13.1 openldap2-devel-static-2.4.41-22.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libldap-2_4-2-2.4.41-22.13.1 libldap-2_4-2-debuginfo-2.4.41-22.13.1 openldap2-2.4.41-22.13.1 openldap2-back-meta-2.4.41-22.13.1 openldap2-back-meta-debuginfo-2.4.41-22.13.1 openldap2-client-2.4.41-22.13.1 openldap2-client-debuginfo-2.4.41-22.13.1 openldap2-debuginfo-2.4.41-22.13.1 openldap2-debugsource-2.4.41-22.13.1 openldap2-ppolicy-check-password-1.2-22.13.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): openldap2-doc-2.4.41-22.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libldap-2_4-2-32bit-2.4.41-22.13.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-22.13.1 libldap-2_4-2-debuginfo-2.4.41-22.13.1 openldap2-2.4.41-22.13.1 openldap2-back-meta-2.4.41-22.13.1 openldap2-back-meta-debuginfo-2.4.41-22.13.1 openldap2-client-2.4.41-22.13.1 openldap2-client-debuginfo-2.4.41-22.13.1 openldap2-debuginfo-2.4.41-22.13.1 openldap2-debugsource-2.4.41-22.13.1 openldap2-ppolicy-check-password-1.2-22.13.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.13.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libldap-2_4-2-32bit-2.4.41-22.13.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.13.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): openldap2-doc-2.4.41-22.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.41-22.13.1 libldap-2_4-2-debuginfo-2.4.41-22.13.1 openldap2-2.4.41-22.13.1 openldap2-back-meta-2.4.41-22.13.1 openldap2-back-meta-debuginfo-2.4.41-22.13.1 openldap2-client-2.4.41-22.13.1 openldap2-client-debuginfo-2.4.41-22.13.1 openldap2-debuginfo-2.4.41-22.13.1 openldap2-debugsource-2.4.41-22.13.1 openldap2-ppolicy-check-password-1.2-22.13.1 openldap2-ppolicy-check-password-debuginfo-1.2-22.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libldap-2_4-2-32bit-2.4.41-22.13.1 libldap-2_4-2-debuginfo-32bit-2.4.41-22.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): openldap2-doc-2.4.41-22.13.1 References: https://bugzilla.suse.com/1198341 From sle-updates at lists.suse.com Fri Aug 26 07:19:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 09:19:12 +0200 (CEST) Subject: SUSE-RU-2022:2901-1: moderate: Recommended update for elfutils Message-ID: <20220826071912.AE72FFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for elfutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2901-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2901=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2901=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): debuginfod-client-0.185-150400.5.3.1 debuginfod-client-debuginfo-0.185-150400.5.3.1 debuginfod-dummy-client-0.185-150400.5.3.1 debuginfod-dummy-client-debuginfo-0.185-150400.5.3.1 elfutils-0.185-150400.5.3.1 elfutils-debuginfo-0.185-150400.5.3.1 elfutils-debuginfod-0.185-150400.5.3.1 elfutils-debuginfod-debuginfo-0.185-150400.5.3.1 elfutils-debuginfod-debugsource-0.185-150400.5.3.1 elfutils-debugsource-0.185-150400.5.3.1 libasm-devel-0.185-150400.5.3.1 libasm1-0.185-150400.5.3.1 libasm1-debuginfo-0.185-150400.5.3.1 libdebuginfod-devel-0.185-150400.5.3.1 libdebuginfod-dummy-devel-0.185-150400.5.3.1 libdebuginfod1-0.185-150400.5.3.1 libdebuginfod1-debuginfo-0.185-150400.5.3.1 libdebuginfod1-dummy-0.185-150400.5.3.1 libdebuginfod1-dummy-debuginfo-0.185-150400.5.3.1 libdw-devel-0.185-150400.5.3.1 libdw1-0.185-150400.5.3.1 libdw1-debuginfo-0.185-150400.5.3.1 libelf-devel-0.185-150400.5.3.1 libelf1-0.185-150400.5.3.1 libelf1-debuginfo-0.185-150400.5.3.1 - openSUSE Leap 15.4 (x86_64): libasm1-32bit-0.185-150400.5.3.1 libasm1-32bit-debuginfo-0.185-150400.5.3.1 libdw1-32bit-0.185-150400.5.3.1 libdw1-32bit-debuginfo-0.185-150400.5.3.1 libelf-devel-32bit-0.185-150400.5.3.1 libelf1-32bit-0.185-150400.5.3.1 libelf1-32bit-debuginfo-0.185-150400.5.3.1 - openSUSE Leap 15.4 (noarch): elfutils-lang-0.185-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): debuginfod-client-0.185-150400.5.3.1 debuginfod-client-debuginfo-0.185-150400.5.3.1 elfutils-0.185-150400.5.3.1 elfutils-debuginfo-0.185-150400.5.3.1 elfutils-debuginfod-0.185-150400.5.3.1 elfutils-debuginfod-debuginfo-0.185-150400.5.3.1 elfutils-debuginfod-debugsource-0.185-150400.5.3.1 elfutils-debugsource-0.185-150400.5.3.1 libasm-devel-0.185-150400.5.3.1 libasm1-0.185-150400.5.3.1 libasm1-debuginfo-0.185-150400.5.3.1 libdebuginfod1-0.185-150400.5.3.1 libdebuginfod1-debuginfo-0.185-150400.5.3.1 libdw-devel-0.185-150400.5.3.1 libdw1-0.185-150400.5.3.1 libdw1-debuginfo-0.185-150400.5.3.1 libelf-devel-0.185-150400.5.3.1 libelf1-0.185-150400.5.3.1 libelf1-debuginfo-0.185-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): elfutils-lang-0.185-150400.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libdw1-32bit-0.185-150400.5.3.1 libdw1-32bit-debuginfo-0.185-150400.5.3.1 libelf1-32bit-0.185-150400.5.3.1 libelf1-32bit-debuginfo-0.185-150400.5.3.1 References: From sle-updates at lists.suse.com Fri Aug 26 07:19:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 09:19:42 +0200 (CEST) Subject: SUSE-RU-2022:2902-1: moderate: Recommended update for Mesa Message-ID: <20220826071942.D2F1AFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for Mesa ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2902-1 Rating: moderate References: #1197045 #1197046 #1200965 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for Mesa fixes the following issues: - Change default driver from 'iris' back to 'i965' for Intel Gen8-11 hardware; that way we also use the same driver used by X and Mesa (bsc#1200965, bsc#1197045, bsc#1197046) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2902=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2902=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2902=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2902=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2902=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): Mesa-20.2.4-150300.59.3.1 Mesa-KHR-devel-20.2.4-150300.59.3.1 Mesa-debugsource-20.2.4-150300.59.3.1 Mesa-devel-20.2.4-150300.59.3.1 Mesa-dri-20.2.4-150300.59.3.1 Mesa-dri-debuginfo-20.2.4-150300.59.3.1 Mesa-dri-devel-20.2.4-150300.59.3.1 Mesa-drivers-debugsource-20.2.4-150300.59.3.1 Mesa-libEGL-devel-20.2.4-150300.59.3.1 Mesa-libEGL1-20.2.4-150300.59.3.1 Mesa-libEGL1-debuginfo-20.2.4-150300.59.3.1 Mesa-libGL-devel-20.2.4-150300.59.3.1 Mesa-libGL1-20.2.4-150300.59.3.1 Mesa-libGL1-debuginfo-20.2.4-150300.59.3.1 Mesa-libGLESv1_CM-devel-20.2.4-150300.59.3.1 Mesa-libGLESv2-devel-20.2.4-150300.59.3.1 Mesa-libGLESv3-devel-20.2.4-150300.59.3.1 Mesa-libglapi-devel-20.2.4-150300.59.3.1 Mesa-libglapi0-20.2.4-150300.59.3.1 Mesa-libglapi0-debuginfo-20.2.4-150300.59.3.1 libOSMesa-devel-20.2.4-150300.59.3.1 libOSMesa8-20.2.4-150300.59.3.1 libOSMesa8-debuginfo-20.2.4-150300.59.3.1 libgbm-devel-20.2.4-150300.59.3.1 libgbm1-20.2.4-150300.59.3.1 libgbm1-debuginfo-20.2.4-150300.59.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): Mesa-dri-nouveau-20.2.4-150300.59.3.1 Mesa-dri-nouveau-debuginfo-20.2.4-150300.59.3.1 Mesa-gallium-20.2.4-150300.59.3.1 Mesa-gallium-debuginfo-20.2.4-150300.59.3.1 Mesa-libOpenCL-20.2.4-150300.59.3.1 Mesa-libOpenCL-debuginfo-20.2.4-150300.59.3.1 Mesa-libva-20.2.4-150300.59.3.1 Mesa-libva-debuginfo-20.2.4-150300.59.3.1 libXvMC_nouveau-20.2.4-150300.59.3.1 libXvMC_nouveau-debuginfo-20.2.4-150300.59.3.1 libXvMC_r600-20.2.4-150300.59.3.1 libXvMC_r600-debuginfo-20.2.4-150300.59.3.1 libvdpau_nouveau-20.2.4-150300.59.3.1 libvdpau_nouveau-debuginfo-20.2.4-150300.59.3.1 libvdpau_r300-20.2.4-150300.59.3.1 libvdpau_r300-debuginfo-20.2.4-150300.59.3.1 libvdpau_r600-20.2.4-150300.59.3.1 libvdpau_r600-debuginfo-20.2.4-150300.59.3.1 libvdpau_radeonsi-20.2.4-150300.59.3.1 libvdpau_radeonsi-debuginfo-20.2.4-150300.59.3.1 libxatracker-devel-1.0.0-150300.59.3.1 libxatracker2-1.0.0-150300.59.3.1 libxatracker2-debuginfo-1.0.0-150300.59.3.1 - openSUSE Leap 15.3 (aarch64 x86_64): Mesa-libd3d-20.2.4-150300.59.3.1 Mesa-libd3d-debuginfo-20.2.4-150300.59.3.1 Mesa-libd3d-devel-20.2.4-150300.59.3.1 - openSUSE Leap 15.3 (aarch64): Mesa-dri-vc4-20.2.4-150300.59.3.1 Mesa-dri-vc4-debuginfo-20.2.4-150300.59.3.1 - openSUSE Leap 15.3 (x86_64): Mesa-32bit-20.2.4-150300.59.3.1 Mesa-dri-32bit-20.2.4-150300.59.3.1 Mesa-dri-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-dri-nouveau-32bit-20.2.4-150300.59.3.1 Mesa-dri-nouveau-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-gallium-32bit-20.2.4-150300.59.3.1 Mesa-gallium-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-libEGL-devel-32bit-20.2.4-150300.59.3.1 Mesa-libEGL1-32bit-20.2.4-150300.59.3.1 Mesa-libEGL1-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-libGL-devel-32bit-20.2.4-150300.59.3.1 Mesa-libGL1-32bit-20.2.4-150300.59.3.1 Mesa-libGL1-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-libGLESv1_CM-devel-32bit-20.2.4-150300.59.3.1 Mesa-libGLESv2-devel-32bit-20.2.4-150300.59.3.1 Mesa-libVulkan-devel-20.2.4-150300.59.3.1 Mesa-libd3d-32bit-20.2.4-150300.59.3.1 Mesa-libd3d-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-libd3d-devel-32bit-20.2.4-150300.59.3.1 Mesa-libglapi-devel-32bit-20.2.4-150300.59.3.1 Mesa-libglapi0-32bit-20.2.4-150300.59.3.1 Mesa-libglapi0-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-vulkan-device-select-20.2.4-150300.59.3.1 Mesa-vulkan-device-select-32bit-20.2.4-150300.59.3.1 Mesa-vulkan-device-select-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-vulkan-device-select-debuginfo-20.2.4-150300.59.3.1 Mesa-vulkan-overlay-20.2.4-150300.59.3.1 Mesa-vulkan-overlay-32bit-20.2.4-150300.59.3.1 Mesa-vulkan-overlay-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-vulkan-overlay-debuginfo-20.2.4-150300.59.3.1 libOSMesa-devel-32bit-20.2.4-150300.59.3.1 libOSMesa8-32bit-20.2.4-150300.59.3.1 libOSMesa8-32bit-debuginfo-20.2.4-150300.59.3.1 libXvMC_nouveau-32bit-20.2.4-150300.59.3.1 libXvMC_nouveau-32bit-debuginfo-20.2.4-150300.59.3.1 libXvMC_r600-32bit-20.2.4-150300.59.3.1 libXvMC_r600-32bit-debuginfo-20.2.4-150300.59.3.1 libgbm-devel-32bit-20.2.4-150300.59.3.1 libgbm1-32bit-20.2.4-150300.59.3.1 libgbm1-32bit-debuginfo-20.2.4-150300.59.3.1 libvdpau_nouveau-32bit-20.2.4-150300.59.3.1 libvdpau_nouveau-32bit-debuginfo-20.2.4-150300.59.3.1 libvdpau_r300-32bit-20.2.4-150300.59.3.1 libvdpau_r300-32bit-debuginfo-20.2.4-150300.59.3.1 libvdpau_r600-32bit-20.2.4-150300.59.3.1 libvdpau_r600-32bit-debuginfo-20.2.4-150300.59.3.1 libvdpau_radeonsi-32bit-20.2.4-150300.59.3.1 libvdpau_radeonsi-32bit-debuginfo-20.2.4-150300.59.3.1 libvulkan_intel-20.2.4-150300.59.3.1 libvulkan_intel-32bit-20.2.4-150300.59.3.1 libvulkan_intel-32bit-debuginfo-20.2.4-150300.59.3.1 libvulkan_intel-debuginfo-20.2.4-150300.59.3.1 libvulkan_radeon-20.2.4-150300.59.3.1 libvulkan_radeon-32bit-20.2.4-150300.59.3.1 libvulkan_radeon-32bit-debuginfo-20.2.4-150300.59.3.1 libvulkan_radeon-debuginfo-20.2.4-150300.59.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): Mesa-dri-nouveau-20.2.4-150300.59.3.1 Mesa-dri-nouveau-debuginfo-20.2.4-150300.59.3.1 Mesa-drivers-debugsource-20.2.4-150300.59.3.1 libXvMC_nouveau-20.2.4-150300.59.3.1 libvdpau_nouveau-20.2.4-150300.59.3.1 libvdpau_nouveau-debuginfo-20.2.4-150300.59.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): Mesa-debugsource-20.2.4-150300.59.3.1 libOSMesa8-32bit-20.2.4-150300.59.3.1 libOSMesa8-32bit-debuginfo-20.2.4-150300.59.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): Mesa-20.2.4-150300.59.3.1 Mesa-KHR-devel-20.2.4-150300.59.3.1 Mesa-debugsource-20.2.4-150300.59.3.1 Mesa-devel-20.2.4-150300.59.3.1 Mesa-dri-20.2.4-150300.59.3.1 Mesa-dri-debuginfo-20.2.4-150300.59.3.1 Mesa-dri-devel-20.2.4-150300.59.3.1 Mesa-drivers-debugsource-20.2.4-150300.59.3.1 Mesa-libEGL-devel-20.2.4-150300.59.3.1 Mesa-libEGL1-20.2.4-150300.59.3.1 Mesa-libEGL1-debuginfo-20.2.4-150300.59.3.1 Mesa-libGL-devel-20.2.4-150300.59.3.1 Mesa-libGL1-20.2.4-150300.59.3.1 Mesa-libGL1-debuginfo-20.2.4-150300.59.3.1 Mesa-libGLESv1_CM-devel-20.2.4-150300.59.3.1 Mesa-libGLESv2-devel-20.2.4-150300.59.3.1 Mesa-libGLESv3-devel-20.2.4-150300.59.3.1 Mesa-libglapi-devel-20.2.4-150300.59.3.1 Mesa-libglapi0-20.2.4-150300.59.3.1 Mesa-libglapi0-debuginfo-20.2.4-150300.59.3.1 libOSMesa-devel-20.2.4-150300.59.3.1 libOSMesa8-20.2.4-150300.59.3.1 libOSMesa8-debuginfo-20.2.4-150300.59.3.1 libgbm-devel-20.2.4-150300.59.3.1 libgbm1-20.2.4-150300.59.3.1 libgbm1-debuginfo-20.2.4-150300.59.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le x86_64): Mesa-gallium-20.2.4-150300.59.3.1 Mesa-gallium-debuginfo-20.2.4-150300.59.3.1 Mesa-libva-20.2.4-150300.59.3.1 Mesa-libva-debuginfo-20.2.4-150300.59.3.1 libvdpau_r300-20.2.4-150300.59.3.1 libvdpau_r300-debuginfo-20.2.4-150300.59.3.1 libvdpau_r600-20.2.4-150300.59.3.1 libvdpau_r600-debuginfo-20.2.4-150300.59.3.1 libxatracker-devel-1.0.0-150300.59.3.1 libxatracker2-1.0.0-150300.59.3.1 libxatracker2-debuginfo-1.0.0-150300.59.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): Mesa-32bit-20.2.4-150300.59.3.1 Mesa-dri-32bit-20.2.4-150300.59.3.1 Mesa-dri-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-gallium-32bit-20.2.4-150300.59.3.1 Mesa-gallium-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-libEGL1-32bit-20.2.4-150300.59.3.1 Mesa-libEGL1-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-libGL1-32bit-20.2.4-150300.59.3.1 Mesa-libGL1-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-libVulkan-devel-20.2.4-150300.59.3.1 Mesa-libd3d-20.2.4-150300.59.3.1 Mesa-libd3d-debuginfo-20.2.4-150300.59.3.1 Mesa-libd3d-devel-20.2.4-150300.59.3.1 Mesa-libglapi0-32bit-20.2.4-150300.59.3.1 Mesa-libglapi0-32bit-debuginfo-20.2.4-150300.59.3.1 Mesa-vulkan-device-select-20.2.4-150300.59.3.1 Mesa-vulkan-device-select-debuginfo-20.2.4-150300.59.3.1 Mesa-vulkan-overlay-20.2.4-150300.59.3.1 Mesa-vulkan-overlay-debuginfo-20.2.4-150300.59.3.1 libgbm1-32bit-20.2.4-150300.59.3.1 libgbm1-32bit-debuginfo-20.2.4-150300.59.3.1 libvdpau_radeonsi-20.2.4-150300.59.3.1 libvdpau_radeonsi-debuginfo-20.2.4-150300.59.3.1 libvulkan_intel-20.2.4-150300.59.3.1 libvulkan_intel-debuginfo-20.2.4-150300.59.3.1 libvulkan_radeon-20.2.4-150300.59.3.1 libvulkan_radeon-debuginfo-20.2.4-150300.59.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): Mesa-debugsource-20.2.4-150300.59.3.1 libgbm1-20.2.4-150300.59.3.1 libgbm1-debuginfo-20.2.4-150300.59.3.1 References: https://bugzilla.suse.com/1197045 https://bugzilla.suse.com/1197046 https://bugzilla.suse.com/1200965 From sle-updates at lists.suse.com Fri Aug 26 13:16:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 15:16:18 +0200 (CEST) Subject: SUSE-SU-2022:2910-1: important: Security update for the Linux Kernel Message-ID: <20220826131618.1D062FF18@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2910-1 Rating: important References: #1065729 #1103269 #1114648 #1190812 #1195775 #1195926 #1196616 #1196867 #1198484 #1198829 #1199665 #1199695 #1200442 #1200598 #1200644 #1200651 #1200910 #1201019 #1201196 #1201381 #1201429 #1201635 #1201636 #1201644 #1201651 #1201705 #1201742 #1201752 #1201930 #1201940 #1201941 #1201954 #1201958 #1202087 #1202154 #1202312 Cross-References: CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655 CVE-2021-33656 CVE-2022-1462 CVE-2022-20166 CVE-2022-2639 CVE-2022-29581 CVE-2022-36946 CVSS scores: CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 10 vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616). - CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940). - CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665). - CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598). - CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910). - CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs could lead to a use-after-free (bnc#1201429). - CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636). - CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635). - CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829). The following non-security bugs were fixed: - Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442) - Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes). - Fixed an issue where qla2xxx would prevent nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958). - Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019). - KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930). - PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - arch_topology: Do not set llc_sibling if llc_id is invalid (git-fixes). - blk-cgroup: synchronize blkg creation against policy deactivation (git-fixes). - blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes). - blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes). - block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes). - bnxt_en: Re-write PCI BARs after PCI fatal error (git-fixes). - bnxt_en: Remove the setting of dev_port (git-fixes). - crypto: qat - disable registration of algorithms (git-fixes). - crypto: qat - fix memory leak in RSA (git-fixes). - crypto: qat - remove dma_free_coherent() for DH (git-fixes). - crypto: qat - remove dma_free_coherent() for RSA (git-fixes). - crypto: qat - set to zero DH parameters before free (git-fixes). - cxgb3/l2t: Fix undefined behaviour (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm integrity: fix error code in dm_integrity_ctr() (git-fixes). - dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm: fix mempool NULL pointer race when completing IO (git-fixes). - do not call utsname() after ->nsproxy is NULL (bsc#1201196). - ehea: fix error return code in ehea_restart_qps() (git-fixes). - fsl_lpuart: Do not enable interrupts too early (git-fixes). - hex2bin: fix access beyond string end (git-fixes). - hex2bin: make the function hex_to_bin constant-time (git-fixes). - irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes). - kernel-obs-build: include qemu_fw_cfg (boo#1201705) - kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930). - latent_entropy: avoid build error when plugin cflags are not set (git-fixes). - lib/hexdump.c: return -EINVAL in case of error in hex2bin() (git-fixes). - linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes). - linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes). - linux/random.h: Use false with bool (git-fixes). - lkdtm: Disable return thunks in rodata.c (bsc#1114648). - md-raid: destroy the bitmap after destroying the thread (git-fixes). - media: dib8000: Fix a memleak in dib8000_init() (git-fixes). - media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes). - media: uvcvideo: fix division by zero at stream start (git-fixes). - mvpp2: suppress warning (git-fixes). - net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes). - net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove (git-fixes). - net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes). - net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes). - net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes). - net: fec: check DMA addressing limitations (git-fixes). - net: fec: fix the potential memory leak in fec_enet_init() (git-fixes). - net: fec_ptp: add clock rate zero check (git-fixes). - net: hamradio: fix memory leak in mkiss_close (git-fixes). - net: korina: fix kfree of rx/tx descriptor array (git-fixes). - net: ll_temac: Fix TX BD buffer overwrite (git-fixes). - net: ll_temac: Fix bug causing buffer descriptor overrun (git-fixes). - net: ll_temac: Fix race condition causing TX hang (git-fixes). - net: macb: mark device wake capable when "magic-packet" property present (git-fixes). - net: mdio: octeon: Fix some double free issues (git-fixes). - net: mdio: thunder: Fix a double free issue in the .remove function (git-fixes). - net: stmmac: Fix misuses of GENMASK macro (git-fixes). - net: stmmac: dwmac1000: Disable ACS if enhanced descs are not used (git-fixes). - net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes). - net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes). - net: usb: ax88179_178a: Fix packet receiving (git-fixes). - net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes). - net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes). - net: xilinx_emaclite: Do not print real IOMEM pointer (git-fixes). - netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes). - pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes). - powerpc/64: Move paca allocation later in boot (bsc#1190812). - powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes). - powerpc/fadump: make crash memory ranges array allocation generic (bsc#1103269 ltc#169948 git-fixes). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: Staticify functions without prototypes (bsc#1065729). - powerpc/powernv: Use darn instruction for get_random_seed() on Power9 (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes). - random: always fill buffer in get_random_bytes_wait (git-fixes). - random: fix crash on multiple early calls to (git-fixes) - rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775) - rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775) - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484) Let's iron out the reduced initrd optimisation in Tumbleweed. Build full blown dracut initrd with systemd for SLE15 SP4. - scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (git-fixes). - scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201958). - scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201958). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201958). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201651). - scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201958). - scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201958). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201651). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201958). - scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201651). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201651). - scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201958). - scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201958). - scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201958). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201958). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201651). - scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201958). - scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201958). - scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201651). - scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201958). - scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201958). - scsi: qla2xxx: edif: Fix no login after app start (bsc#1201958). - scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201958). - scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201958). - scsi: qla2xxx: edif: Fix session thrash (bsc#1201958). - scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201958). - scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201958). - scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201958). - scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201958). - scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201958). - scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201958). - scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201958). - scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201958). - scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201958). - scsi: qla2xxx: edif: bsg refactor (bsc#1201958). - serial: mvebu-uart: correctly report configured baudrate value (git-fixes). - tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes). - usbnet: fix memory allocation in helpers. - usbnet: fix memory leak in error case (git-fixes). - vrf: Fix IPv6 with qdisc and xfrm (git-fixes). - x86/entry: Remove skip_r11rcx (bsc#1201644). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1114648). - xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381). - xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-2910=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.97.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.97.1 dlm-kmp-rt-4.12.14-10.97.1 dlm-kmp-rt-debuginfo-4.12.14-10.97.1 gfs2-kmp-rt-4.12.14-10.97.1 gfs2-kmp-rt-debuginfo-4.12.14-10.97.1 kernel-rt-4.12.14-10.97.1 kernel-rt-base-4.12.14-10.97.1 kernel-rt-base-debuginfo-4.12.14-10.97.1 kernel-rt-debuginfo-4.12.14-10.97.1 kernel-rt-debugsource-4.12.14-10.97.1 kernel-rt-devel-4.12.14-10.97.1 kernel-rt-devel-debuginfo-4.12.14-10.97.1 kernel-rt_debug-4.12.14-10.97.1 kernel-rt_debug-debuginfo-4.12.14-10.97.1 kernel-rt_debug-debugsource-4.12.14-10.97.1 kernel-rt_debug-devel-4.12.14-10.97.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.97.1 kernel-syms-rt-4.12.14-10.97.1 ocfs2-kmp-rt-4.12.14-10.97.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.97.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.97.1 kernel-source-rt-4.12.14-10.97.1 References: https://www.suse.com/security/cve/CVE-2020-36516.html https://www.suse.com/security/cve/CVE-2020-36557.html https://www.suse.com/security/cve/CVE-2020-36558.html https://www.suse.com/security/cve/CVE-2021-33655.html https://www.suse.com/security/cve/CVE-2021-33656.html https://www.suse.com/security/cve/CVE-2022-1462.html https://www.suse.com/security/cve/CVE-2022-20166.html https://www.suse.com/security/cve/CVE-2022-2639.html https://www.suse.com/security/cve/CVE-2022-29581.html https://www.suse.com/security/cve/CVE-2022-36946.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1103269 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1190812 https://bugzilla.suse.com/1195775 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1196616 https://bugzilla.suse.com/1196867 https://bugzilla.suse.com/1198484 https://bugzilla.suse.com/1198829 https://bugzilla.suse.com/1199665 https://bugzilla.suse.com/1199695 https://bugzilla.suse.com/1200442 https://bugzilla.suse.com/1200598 https://bugzilla.suse.com/1200644 https://bugzilla.suse.com/1200651 https://bugzilla.suse.com/1200910 https://bugzilla.suse.com/1201019 https://bugzilla.suse.com/1201196 https://bugzilla.suse.com/1201381 https://bugzilla.suse.com/1201429 https://bugzilla.suse.com/1201635 https://bugzilla.suse.com/1201636 https://bugzilla.suse.com/1201644 https://bugzilla.suse.com/1201651 https://bugzilla.suse.com/1201705 https://bugzilla.suse.com/1201742 https://bugzilla.suse.com/1201752 https://bugzilla.suse.com/1201930 https://bugzilla.suse.com/1201940 https://bugzilla.suse.com/1201941 https://bugzilla.suse.com/1201954 https://bugzilla.suse.com/1201958 https://bugzilla.suse.com/1202087 https://bugzilla.suse.com/1202154 https://bugzilla.suse.com/1202312 From sle-updates at lists.suse.com Fri Aug 26 13:19:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 15:19:46 +0200 (CEST) Subject: SUSE-SU-2022:2912-1: important: Security update for postgresql13 Message-ID: <20220826131946.E2200FF18@maintenance.suse.de> SUSE Security Update: Security update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2912-1 Rating: important References: #1198166 #1202368 Cross-References: CVE-2022-2625 CVSS scores: CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for postgresql13 fixes the following issues: - Update to 13.8: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2912=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2912=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-debugsource-13.8-3.24.1 postgresql13-devel-13.8-3.24.1 postgresql13-devel-debuginfo-13.8-3.24.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql13-server-devel-13.8-3.24.1 postgresql13-server-devel-debuginfo-13.8-3.24.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-13.8-3.24.1 postgresql13-contrib-13.8-3.24.1 postgresql13-contrib-debuginfo-13.8-3.24.1 postgresql13-debuginfo-13.8-3.24.1 postgresql13-debugsource-13.8-3.24.1 postgresql13-plperl-13.8-3.24.1 postgresql13-plperl-debuginfo-13.8-3.24.1 postgresql13-plpython-13.8-3.24.1 postgresql13-plpython-debuginfo-13.8-3.24.1 postgresql13-pltcl-13.8-3.24.1 postgresql13-pltcl-debuginfo-13.8-3.24.1 postgresql13-server-13.8-3.24.1 postgresql13-server-debuginfo-13.8-3.24.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql13-docs-13.8-3.24.1 References: https://www.suse.com/security/cve/CVE-2022-2625.html https://bugzilla.suse.com/1198166 https://bugzilla.suse.com/1202368 From sle-updates at lists.suse.com Fri Aug 26 13:20:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 15:20:29 +0200 (CEST) Subject: SUSE-SU-2022:2914-1: important: Security update for postgresql10 Message-ID: <20220826132029.94B37FF18@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2914-1 Rating: important References: #1202368 Cross-References: CVE-2022-2625 CVSS scores: CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2914=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2914=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2914=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2914=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2914=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2914=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2914=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2914=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): postgresql10-docs-10.22-4.31.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): postgresql10-10.22-4.31.1 postgresql10-contrib-10.22-4.31.1 postgresql10-contrib-debuginfo-10.22-4.31.1 postgresql10-debuginfo-10.22-4.31.1 postgresql10-debugsource-10.22-4.31.1 postgresql10-plperl-10.22-4.31.1 postgresql10-plperl-debuginfo-10.22-4.31.1 postgresql10-plpython-10.22-4.31.1 postgresql10-plpython-debuginfo-10.22-4.31.1 postgresql10-pltcl-10.22-4.31.1 postgresql10-pltcl-debuginfo-10.22-4.31.1 postgresql10-server-10.22-4.31.1 postgresql10-server-debuginfo-10.22-4.31.1 - SUSE OpenStack Cloud 9 (x86_64): postgresql10-10.22-4.31.1 postgresql10-contrib-10.22-4.31.1 postgresql10-contrib-debuginfo-10.22-4.31.1 postgresql10-debuginfo-10.22-4.31.1 postgresql10-debugsource-10.22-4.31.1 postgresql10-plperl-10.22-4.31.1 postgresql10-plperl-debuginfo-10.22-4.31.1 postgresql10-plpython-10.22-4.31.1 postgresql10-plpython-debuginfo-10.22-4.31.1 postgresql10-pltcl-10.22-4.31.1 postgresql10-pltcl-debuginfo-10.22-4.31.1 postgresql10-server-10.22-4.31.1 postgresql10-server-debuginfo-10.22-4.31.1 - SUSE OpenStack Cloud 9 (noarch): postgresql10-docs-10.22-4.31.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql10-debugsource-10.22-4.31.1 postgresql10-devel-10.22-4.31.1 postgresql10-devel-debuginfo-10.22-4.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): postgresql10-10.22-4.31.1 postgresql10-contrib-10.22-4.31.1 postgresql10-contrib-debuginfo-10.22-4.31.1 postgresql10-debuginfo-10.22-4.31.1 postgresql10-debugsource-10.22-4.31.1 postgresql10-plperl-10.22-4.31.1 postgresql10-plperl-debuginfo-10.22-4.31.1 postgresql10-plpython-10.22-4.31.1 postgresql10-plpython-debuginfo-10.22-4.31.1 postgresql10-pltcl-10.22-4.31.1 postgresql10-pltcl-debuginfo-10.22-4.31.1 postgresql10-server-10.22-4.31.1 postgresql10-server-debuginfo-10.22-4.31.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): postgresql10-docs-10.22-4.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql10-10.22-4.31.1 postgresql10-contrib-10.22-4.31.1 postgresql10-contrib-debuginfo-10.22-4.31.1 postgresql10-debuginfo-10.22-4.31.1 postgresql10-debugsource-10.22-4.31.1 postgresql10-plperl-10.22-4.31.1 postgresql10-plperl-debuginfo-10.22-4.31.1 postgresql10-plpython-10.22-4.31.1 postgresql10-plpython-debuginfo-10.22-4.31.1 postgresql10-pltcl-10.22-4.31.1 postgresql10-pltcl-debuginfo-10.22-4.31.1 postgresql10-server-10.22-4.31.1 postgresql10-server-debuginfo-10.22-4.31.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql10-docs-10.22-4.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): postgresql10-10.22-4.31.1 postgresql10-contrib-10.22-4.31.1 postgresql10-contrib-debuginfo-10.22-4.31.1 postgresql10-debuginfo-10.22-4.31.1 postgresql10-debugsource-10.22-4.31.1 postgresql10-plperl-10.22-4.31.1 postgresql10-plperl-debuginfo-10.22-4.31.1 postgresql10-plpython-10.22-4.31.1 postgresql10-plpython-debuginfo-10.22-4.31.1 postgresql10-pltcl-10.22-4.31.1 postgresql10-pltcl-debuginfo-10.22-4.31.1 postgresql10-server-10.22-4.31.1 postgresql10-server-debuginfo-10.22-4.31.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): postgresql10-docs-10.22-4.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): postgresql10-10.22-4.31.1 postgresql10-contrib-10.22-4.31.1 postgresql10-contrib-debuginfo-10.22-4.31.1 postgresql10-debuginfo-10.22-4.31.1 postgresql10-debugsource-10.22-4.31.1 postgresql10-plperl-10.22-4.31.1 postgresql10-plperl-debuginfo-10.22-4.31.1 postgresql10-plpython-10.22-4.31.1 postgresql10-plpython-debuginfo-10.22-4.31.1 postgresql10-pltcl-10.22-4.31.1 postgresql10-pltcl-debuginfo-10.22-4.31.1 postgresql10-server-10.22-4.31.1 postgresql10-server-debuginfo-10.22-4.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): postgresql10-docs-10.22-4.31.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): postgresql10-docs-10.22-4.31.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): postgresql10-10.22-4.31.1 postgresql10-contrib-10.22-4.31.1 postgresql10-contrib-debuginfo-10.22-4.31.1 postgresql10-debuginfo-10.22-4.31.1 postgresql10-debugsource-10.22-4.31.1 postgresql10-plperl-10.22-4.31.1 postgresql10-plperl-debuginfo-10.22-4.31.1 postgresql10-plpython-10.22-4.31.1 postgresql10-plpython-debuginfo-10.22-4.31.1 postgresql10-pltcl-10.22-4.31.1 postgresql10-pltcl-debuginfo-10.22-4.31.1 postgresql10-server-10.22-4.31.1 postgresql10-server-debuginfo-10.22-4.31.1 References: https://www.suse.com/security/cve/CVE-2022-2625.html https://bugzilla.suse.com/1202368 From sle-updates at lists.suse.com Fri Aug 26 13:21:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 15:21:18 +0200 (CEST) Subject: SUSE-SU-2022:2908-1: important: Security update for python-lxml Message-ID: <20220826132118.DAE8FFF18@maintenance.suse.de> SUSE Security Update: Security update for python-lxml ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2908-1 Rating: important References: #1201253 Cross-References: CVE-2022-2309 CVSS scores: CVE-2022-2309 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2309 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2908=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2908=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2908=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2908=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2908=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2908=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2908=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2908=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2908=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2908=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2908=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2908=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2908=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2908=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - openSUSE Leap 15.4 (noarch): python3-lxml-doc-4.7.1-150200.3.10.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Manager Proxy 4.1 (x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python-lxml-debuginfo-4.7.1-150200.3.10.1 python-lxml-debugsource-4.7.1-150200.3.10.1 python2-lxml-4.7.1-150200.3.10.1 python2-lxml-debuginfo-4.7.1-150200.3.10.1 python2-lxml-devel-4.7.1-150200.3.10.1 python3-lxml-4.7.1-150200.3.10.1 python3-lxml-debuginfo-4.7.1-150200.3.10.1 python3-lxml-devel-4.7.1-150200.3.10.1 References: https://www.suse.com/security/cve/CVE-2022-2309.html https://bugzilla.suse.com/1201253 From sle-updates at lists.suse.com Fri Aug 26 13:22:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 15:22:05 +0200 (CEST) Subject: SUSE-SU-2022:2909-1: important: Security update for libcroco Message-ID: <20220826132205.AA2B7FF18@maintenance.suse.de> SUSE Security Update: Security update for libcroco ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2909-1 Rating: important References: #1171685 Cross-References: CVE-2020-12825 CVSS scores: CVE-2020-12825 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2020-12825 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcroco fixes the following issues: - CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2909=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2909=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2909=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2909=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2909=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2909=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2909=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2909=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE OpenStack Cloud 9 (x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libcroco-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 libcroco-devel-0.6.11-12.6.45 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libcroco-0_6-3-0.6.11-12.6.45 libcroco-0_6-3-32bit-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-0.6.11-12.6.45 libcroco-0_6-3-debuginfo-32bit-0.6.11-12.6.45 libcroco-debuginfo-0.6.11-12.6.45 libcroco-debugsource-0.6.11-12.6.45 References: https://www.suse.com/security/cve/CVE-2020-12825.html https://bugzilla.suse.com/1171685 From sle-updates at lists.suse.com Fri Aug 26 13:22:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 15:22:46 +0200 (CEST) Subject: SUSE-SU-2022:2911-1: important: Security update for gstreamer-plugins-good Message-ID: <20220826132246.DF6DCFF18@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2911-1 Rating: important References: #1201688 #1201693 #1201702 #1201704 #1201706 #1201707 #1201708 Cross-References: CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 CVSS scores: CVE-2022-1920 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1920 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1921 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1921 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1922 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1922 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1923 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1923 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1924 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1924 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1925 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1925 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-2122 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2122 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2911=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2911=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2911=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2911=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2911=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2911=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2911=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): gstreamer-plugins-good-lang-1.8.3-16.6.2 - SUSE OpenStack Cloud Crowbar 9 (x86_64): gstreamer-plugins-good-1.8.3-16.6.2 gstreamer-plugins-good-debuginfo-1.8.3-16.6.2 gstreamer-plugins-good-debugsource-1.8.3-16.6.2 - SUSE OpenStack Cloud 9 (noarch): gstreamer-plugins-good-lang-1.8.3-16.6.2 - SUSE OpenStack Cloud 9 (x86_64): gstreamer-plugins-good-1.8.3-16.6.2 gstreamer-plugins-good-debuginfo-1.8.3-16.6.2 gstreamer-plugins-good-debugsource-1.8.3-16.6.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gstreamer-plugins-good-1.8.3-16.6.2 gstreamer-plugins-good-debuginfo-1.8.3-16.6.2 gstreamer-plugins-good-debugsource-1.8.3-16.6.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): gstreamer-plugins-good-lang-1.8.3-16.6.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.8.3-16.6.2 gstreamer-plugins-good-debuginfo-1.8.3-16.6.2 gstreamer-plugins-good-debugsource-1.8.3-16.6.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): gstreamer-plugins-good-lang-1.8.3-16.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.8.3-16.6.2 gstreamer-plugins-good-debuginfo-1.8.3-16.6.2 gstreamer-plugins-good-debugsource-1.8.3-16.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): gstreamer-plugins-good-lang-1.8.3-16.6.2 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): gstreamer-plugins-good-lang-1.8.3-16.6.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gstreamer-plugins-good-1.8.3-16.6.2 gstreamer-plugins-good-debuginfo-1.8.3-16.6.2 gstreamer-plugins-good-debugsource-1.8.3-16.6.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gstreamer-plugins-good-1.8.3-16.6.2 gstreamer-plugins-good-debuginfo-1.8.3-16.6.2 gstreamer-plugins-good-debugsource-1.8.3-16.6.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): gstreamer-plugins-good-lang-1.8.3-16.6.2 References: https://www.suse.com/security/cve/CVE-2022-1920.html https://www.suse.com/security/cve/CVE-2022-1921.html https://www.suse.com/security/cve/CVE-2022-1922.html https://www.suse.com/security/cve/CVE-2022-1923.html https://www.suse.com/security/cve/CVE-2022-1924.html https://www.suse.com/security/cve/CVE-2022-1925.html https://www.suse.com/security/cve/CVE-2022-2122.html https://bugzilla.suse.com/1201688 https://bugzilla.suse.com/1201693 https://bugzilla.suse.com/1201702 https://bugzilla.suse.com/1201704 https://bugzilla.suse.com/1201706 https://bugzilla.suse.com/1201707 https://bugzilla.suse.com/1201708 From sle-updates at lists.suse.com Fri Aug 26 13:23:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 15:23:58 +0200 (CEST) Subject: SUSE-SU-2022:2915-1: important: Security update for webkit2gtk3 Message-ID: <20220826132358.DF36FFF18@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2915-1 Rating: important References: #1201980 Cross-References: CVE-2022-32792 CVE-2022-32816 CVSS scores: CVE-2022-32792 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2022-32816 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.36.5 (bsc#1201980): - Add support for PAC proxy in the WebDriver implementation. - Fix video playback when loaded through custom URIs, this fixes video playback in the Yelp documentation browser. - Fix WebKitWebView::context-menu when using GTK4. - Fix LTO builds with GCC. - Fix several crashes and rendering issues. - Security fixes: - CVE-2022-32792: Fixed processing maliciously crafted web content may lead to arbitrary code execution. - CVE-2022-32816: Fixed visiting a website that frames malicious content may lead to UI spoofing. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2915=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2915=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2915=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2915=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2915=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2915=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2915=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2915=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.5-2.107.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-2.107.2 libwebkit2gtk-4_0-37-2.36.5-2.107.2 libwebkit2gtk-4_0-37-debuginfo-2.36.5-2.107.2 typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-2.107.2 webkit2gtk3-debugsource-2.36.5-2.107.2 - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.36.5-2.107.2 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.36.5-2.107.2 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.36.5-2.107.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-2.107.2 libwebkit2gtk-4_0-37-2.36.5-2.107.2 libwebkit2gtk-4_0-37-debuginfo-2.36.5-2.107.2 typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-2.107.2 webkit2gtk3-debugsource-2.36.5-2.107.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2 webkit2gtk3-debugsource-2.36.5-2.107.2 webkit2gtk3-devel-2.36.5-2.107.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.5-2.107.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-2.107.2 libwebkit2gtk-4_0-37-2.36.5-2.107.2 libwebkit2gtk-4_0-37-debuginfo-2.36.5-2.107.2 typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-2.107.2 webkit2gtk3-debugsource-2.36.5-2.107.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.36.5-2.107.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.5-2.107.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-2.107.2 libwebkit2gtk-4_0-37-2.36.5-2.107.2 libwebkit2gtk-4_0-37-debuginfo-2.36.5-2.107.2 typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-2.107.2 webkit2gtk3-debugsource-2.36.5-2.107.2 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.36.5-2.107.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.5-2.107.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-2.107.2 libwebkit2gtk-4_0-37-2.36.5-2.107.2 libwebkit2gtk-4_0-37-debuginfo-2.36.5-2.107.2 typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-2.107.2 webkit2gtk3-debugsource-2.36.5-2.107.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.36.5-2.107.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.5-2.107.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-2.107.2 libwebkit2gtk-4_0-37-2.36.5-2.107.2 libwebkit2gtk-4_0-37-debuginfo-2.36.5-2.107.2 typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2-4_0-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-2.107.2 webkit2gtk3-debugsource-2.36.5-2.107.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.5-2.107.2 libjavascriptcoregtk-4_0-18-debuginfo-2.36.5-2.107.2 libwebkit2gtk-4_0-37-2.36.5-2.107.2 libwebkit2gtk-4_0-37-debuginfo-2.36.5-2.107.2 typelib-1_0-JavaScriptCore-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2-4_0-2.36.5-2.107.2 typelib-1_0-WebKit2WebExtension-4_0-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-2.36.5-2.107.2 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.5-2.107.2 webkit2gtk3-debugsource-2.36.5-2.107.2 webkit2gtk3-devel-2.36.5-2.107.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.5-2.107.2 References: https://www.suse.com/security/cve/CVE-2022-32792.html https://www.suse.com/security/cve/CVE-2022-32816.html https://bugzilla.suse.com/1201980 From sle-updates at lists.suse.com Fri Aug 26 16:16:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 18:16:12 +0200 (CEST) Subject: SUSE-RU-2022:2916-1: critical: Recommended update for aws-efs-utils Message-ID: <20220826161612.3A48AFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for aws-efs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2916-1 Rating: critical References: Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for aws-efs-utils fixes the following issues: - Fix missing binaries from the previous update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2916=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2916=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2916=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2916=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2916=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2916=1 Package List: - openSUSE Leap 15.4 (noarch): aws-efs-utils-1.31.3-150100.4.5.1 - openSUSE Leap 15.3 (noarch): aws-efs-utils-1.31.3-150100.4.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): aws-efs-utils-1.31.3-150100.4.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): aws-efs-utils-1.31.3-150100.4.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): aws-efs-utils-1.31.3-150100.4.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): aws-efs-utils-1.31.3-150100.4.5.1 References: From sle-updates at lists.suse.com Fri Aug 26 16:16:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 18:16:44 +0200 (CEST) Subject: SUSE-RU-2022:2917-1: moderate: Recommended update for spacecmd Message-ID: <20220826161644.57DA3FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for spacecmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2917-1 Rating: moderate References: #1003449 #1013876 #1013938 #1015882 #1024406 #1027426 #1044719 #1063419 #1070372 #1076578 #1080290 #1081151 #1083294 #1085667 #1088070 #1094190 #1103090 #1103696 #1104034 #1109023 #1111542 #1125610 #1125744 #1127389 #1129243 #1130077 #1135881 #1138454 #1148311 #1153090 #1153277 #1154940 #1155372 #1163871 #1167907 #1169664 #1171281 #1171687 #1172709 #1173557 #1175889 #1176823 #1179566 #1180583 #1180584 #1180585 #1181124 #1181223 #1186581 #1188042 #1188977 #1190462 #1190512 #1194363 #1194909 #1197507 #1197689 #1200591 #1201003 #769106 #769108 #776615 #879904 #887879 #889605 #892707 #902494 #908849 #926318 #932288 #945380 #948245 #977264 #987798 Affected Products: SUSE Manager Ubuntu 22.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has 74 recommended fixes can now be installed. Description: This update for spacecmd fixes the following issues: Provide spacecmd version 4.3.14-1 and mention all the already fixed issues. - version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz - Mention already fixed issues: * bsc#1197507, bsc#1197689, bsc#1194909, bsc#1190462, bsc#1194363, bsc#1190512, bsc#1188977, bsc#1188042, bsc#1181223, bsc#1186581, bsc#1181124, bsc#1180583, bsc#1180585, bsc#1176823, bsc#1180584, bsc#1179566, bsc#1169664, bsc#1167907, bsc#1175889, bsc#1173557, bsc#1172709, bsc#1171281, bsc#1171687, bsc#1163871, bsc#1155372, bsc#1154940, bsc#1153090, bsc#1153277, bsc#1138454, bsc#1148311, bsc#1135881, bsc#1130077, bsc#1125744, bsc#1129243, bsc#1127389, bsc#1125610, bsc#987798, bsc#1111542, bsc#1109023, bsc#1104034, bsc#1103696, bsc#1103090, bsc#1094190, bsc#1088070, bsc#1085667, bsc#1083294, bsc#1076578, bsc#1081151, bsc#1080290, bsc#1063419, bsc#1070372, bsc#1044719, bsc#1015882, bsc#1013876, bsc#1027426, bsc#1024406, bsc#1013938, bsc#1003449, bsc#977264, bsc#948245, bsc#945380, bsc#932288, bsc#926318, bsc#908849, bsc#887879, bsc#902494, bsc#879904, bsc#892707, bsc#889605, bsc#776615, bsc#769106, bsc#769108, FATE#311619, FATE#314858. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-22.04-CLIENT-TOOLS-BETA-2022-2917=1 Package List: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS-BETA (all): spacecmd-4.3.14-2.3.1 References: https://bugzilla.suse.com/1003449 https://bugzilla.suse.com/1013876 https://bugzilla.suse.com/1013938 https://bugzilla.suse.com/1015882 https://bugzilla.suse.com/1024406 https://bugzilla.suse.com/1027426 https://bugzilla.suse.com/1044719 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1070372 https://bugzilla.suse.com/1076578 https://bugzilla.suse.com/1080290 https://bugzilla.suse.com/1081151 https://bugzilla.suse.com/1083294 https://bugzilla.suse.com/1085667 https://bugzilla.suse.com/1088070 https://bugzilla.suse.com/1094190 https://bugzilla.suse.com/1103090 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1109023 https://bugzilla.suse.com/1111542 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1127389 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1135881 https://bugzilla.suse.com/1138454 https://bugzilla.suse.com/1148311 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1167907 https://bugzilla.suse.com/1169664 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1173557 https://bugzilla.suse.com/1175889 https://bugzilla.suse.com/1176823 https://bugzilla.suse.com/1179566 https://bugzilla.suse.com/1180583 https://bugzilla.suse.com/1180584 https://bugzilla.suse.com/1180585 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1190512 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1197689 https://bugzilla.suse.com/1200591 https://bugzilla.suse.com/1201003 https://bugzilla.suse.com/769106 https://bugzilla.suse.com/769108 https://bugzilla.suse.com/776615 https://bugzilla.suse.com/879904 https://bugzilla.suse.com/887879 https://bugzilla.suse.com/889605 https://bugzilla.suse.com/892707 https://bugzilla.suse.com/902494 https://bugzilla.suse.com/908849 https://bugzilla.suse.com/926318 https://bugzilla.suse.com/932288 https://bugzilla.suse.com/945380 https://bugzilla.suse.com/948245 https://bugzilla.suse.com/977264 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Fri Aug 26 16:23:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 18:23:03 +0200 (CEST) Subject: SUSE-RU-2022:15025-1: moderate: Recommended update for spacecmd Message-ID: <20220826162303.25F7EFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for spacecmd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15025-1 Rating: moderate References: #1003449 #1013876 #1013938 #1015882 #1024406 #1027426 #1044719 #1063419 #1070372 #1076578 #1080290 #1081151 #1083294 #1085667 #1088070 #1094190 #1103090 #1103696 #1104034 #1109023 #1111542 #1125610 #1125744 #1127389 #1129243 #1130077 #1135881 #1138454 #1148311 #1153090 #1153277 #1154940 #1155372 #1163871 #1167907 #1169664 #1171281 #1171687 #1172709 #1173557 #1175889 #1176823 #1179566 #1180583 #1180584 #1180585 #1181124 #1181223 #1186581 #1188042 #1188977 #1190462 #1190512 #1194363 #1194909 #1197507 #1197689 #1200591 #1201003 #769106 #769108 #776615 #879904 #887879 #889605 #892707 #902494 #908849 #926318 #932288 #945380 #948245 #977264 #987798 Affected Products: SUSE Manager Ubuntu 22.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has 74 recommended fixes can now be installed. Description: This update for spacecmd fixes the following issues: Provide spacecmd version 4.3.14-1 and mention all the already fixed issues. - version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz - Mention already fixed issues: * bsc#1003449, bsc#977264, bsc#948245, bsc#945380, bsc#932288, bsc#926318, bsc#1070372, bsc#1044719, bsc#1015882, bsc#1013876, bsc#1027426, bsc#1024406, bsc#1013938, bsc#1083294, bsc#1085667, bsc#1076578, bsc#1081151, bsc#1080290, bsc#1063419, bsc#1104034, bsc#1103696, bsc#1103090, bsc#1094190, bsc#1088070, bsc#1125744, bsc#1129243, bsc#1127389, bsc#1125610, bsc#987798, bsc#1111542, bsc#1109023, bsc#1154940, bsc#1153090, bsc#1153277, bsc#1138454, bsc#1148311, bsc#1135881, bsc#1130077, bsc#1173557, bsc#1172709, bsc#1171281, bsc#1171687, bsc#1163871, bsc#1155372, bsc#1180585, bsc#1176823, bsc#1180584, bsc#1179566, bsc#1169664, bsc#1167907, bsc#1175889, bsc#1188977, bsc#1188042, bsc#1186581, bsc#1181124, bsc#1180583, bsc#908849, bsc#887879, bsc#902494, bsc#879904, bsc#892707, bsc#889605, bsc#776615, bsc#769106, bsc#769108, FATE#311619, FATE#314858. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS: zypper in -t patch suse-ubu224ct-client-tools-202208-15025=1 Package List: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS (all): spacecmd-4.3.14-2.3.2 References: https://bugzilla.suse.com/1003449 https://bugzilla.suse.com/1013876 https://bugzilla.suse.com/1013938 https://bugzilla.suse.com/1015882 https://bugzilla.suse.com/1024406 https://bugzilla.suse.com/1027426 https://bugzilla.suse.com/1044719 https://bugzilla.suse.com/1063419 https://bugzilla.suse.com/1070372 https://bugzilla.suse.com/1076578 https://bugzilla.suse.com/1080290 https://bugzilla.suse.com/1081151 https://bugzilla.suse.com/1083294 https://bugzilla.suse.com/1085667 https://bugzilla.suse.com/1088070 https://bugzilla.suse.com/1094190 https://bugzilla.suse.com/1103090 https://bugzilla.suse.com/1103696 https://bugzilla.suse.com/1104034 https://bugzilla.suse.com/1109023 https://bugzilla.suse.com/1111542 https://bugzilla.suse.com/1125610 https://bugzilla.suse.com/1125744 https://bugzilla.suse.com/1127389 https://bugzilla.suse.com/1129243 https://bugzilla.suse.com/1130077 https://bugzilla.suse.com/1135881 https://bugzilla.suse.com/1138454 https://bugzilla.suse.com/1148311 https://bugzilla.suse.com/1153090 https://bugzilla.suse.com/1153277 https://bugzilla.suse.com/1154940 https://bugzilla.suse.com/1155372 https://bugzilla.suse.com/1163871 https://bugzilla.suse.com/1167907 https://bugzilla.suse.com/1169664 https://bugzilla.suse.com/1171281 https://bugzilla.suse.com/1171687 https://bugzilla.suse.com/1172709 https://bugzilla.suse.com/1173557 https://bugzilla.suse.com/1175889 https://bugzilla.suse.com/1176823 https://bugzilla.suse.com/1179566 https://bugzilla.suse.com/1180583 https://bugzilla.suse.com/1180584 https://bugzilla.suse.com/1180585 https://bugzilla.suse.com/1181124 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1190462 https://bugzilla.suse.com/1190512 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1197507 https://bugzilla.suse.com/1197689 https://bugzilla.suse.com/1200591 https://bugzilla.suse.com/1201003 https://bugzilla.suse.com/769106 https://bugzilla.suse.com/769108 https://bugzilla.suse.com/776615 https://bugzilla.suse.com/879904 https://bugzilla.suse.com/887879 https://bugzilla.suse.com/889605 https://bugzilla.suse.com/892707 https://bugzilla.suse.com/902494 https://bugzilla.suse.com/908849 https://bugzilla.suse.com/926318 https://bugzilla.suse.com/932288 https://bugzilla.suse.com/945380 https://bugzilla.suse.com/948245 https://bugzilla.suse.com/977264 https://bugzilla.suse.com/987798 From sle-updates at lists.suse.com Fri Aug 26 16:29:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 18:29:11 +0200 (CEST) Subject: SUSE-SU-2022:2919-1: important: Security update for gnutls Message-ID: <20220826162911.0EAF4FF18@maintenance.suse.de> SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2919-1 Rating: important References: #1190698 #1198979 #1202020 Cross-References: CVE-2022-2509 CVSS scores: CVE-2022-2509 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-2509 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). Non-security fixes: - FIPS: Check minimum keylength for symmetric key generation [bsc#1190698] - FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698] - FIPS: Provides interface for running library self tests on-demand [bsc#1198979] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2919=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2919=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gnutls-3.7.3-150400.4.10.1 gnutls-debuginfo-3.7.3-150400.4.10.1 gnutls-debugsource-3.7.3-150400.4.10.1 gnutls-guile-3.7.3-150400.4.10.1 gnutls-guile-debuginfo-3.7.3-150400.4.10.1 libgnutls-devel-3.7.3-150400.4.10.1 libgnutls30-3.7.3-150400.4.10.1 libgnutls30-debuginfo-3.7.3-150400.4.10.1 libgnutls30-hmac-3.7.3-150400.4.10.1 libgnutlsxx-devel-3.7.3-150400.4.10.1 libgnutlsxx28-3.7.3-150400.4.10.1 libgnutlsxx28-debuginfo-3.7.3-150400.4.10.1 - openSUSE Leap 15.4 (x86_64): libgnutls-devel-32bit-3.7.3-150400.4.10.1 libgnutls30-32bit-3.7.3-150400.4.10.1 libgnutls30-32bit-debuginfo-3.7.3-150400.4.10.1 libgnutls30-hmac-32bit-3.7.3-150400.4.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gnutls-3.7.3-150400.4.10.1 gnutls-debuginfo-3.7.3-150400.4.10.1 gnutls-debugsource-3.7.3-150400.4.10.1 libgnutls-devel-3.7.3-150400.4.10.1 libgnutls30-3.7.3-150400.4.10.1 libgnutls30-debuginfo-3.7.3-150400.4.10.1 libgnutls30-hmac-3.7.3-150400.4.10.1 libgnutlsxx-devel-3.7.3-150400.4.10.1 libgnutlsxx28-3.7.3-150400.4.10.1 libgnutlsxx28-debuginfo-3.7.3-150400.4.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libgnutls30-32bit-3.7.3-150400.4.10.1 libgnutls30-32bit-debuginfo-3.7.3-150400.4.10.1 libgnutls30-hmac-32bit-3.7.3-150400.4.10.1 References: https://www.suse.com/security/cve/CVE-2022-2509.html https://bugzilla.suse.com/1190698 https://bugzilla.suse.com/1198979 https://bugzilla.suse.com/1202020 From sle-updates at lists.suse.com Fri Aug 26 16:29:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 18:29:55 +0200 (CEST) Subject: SUSE-RU-2022:2921-1: important: Recommended update for systemd Message-ID: <20220826162955.DED58FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2921-1 Rating: important References: #1195059 PED-944 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2921=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2921=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2921=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2921=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2921=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nss-mymachines-246.16-150300.7.51.1 nss-mymachines-debuginfo-246.16-150300.7.51.1 nss-resolve-246.16-150300.7.51.1 nss-resolve-debuginfo-246.16-150300.7.51.1 systemd-logger-246.16-150300.7.51.1 - openSUSE Leap 15.4 (x86_64): nss-mymachines-32bit-246.16-150300.7.51.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.51.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.51.1 libsystemd0-debuginfo-246.16-150300.7.51.1 libudev-devel-246.16-150300.7.51.1 libudev1-246.16-150300.7.51.1 libudev1-debuginfo-246.16-150300.7.51.1 nss-myhostname-246.16-150300.7.51.1 nss-myhostname-debuginfo-246.16-150300.7.51.1 nss-mymachines-246.16-150300.7.51.1 nss-mymachines-debuginfo-246.16-150300.7.51.1 nss-resolve-246.16-150300.7.51.1 nss-resolve-debuginfo-246.16-150300.7.51.1 nss-systemd-246.16-150300.7.51.1 nss-systemd-debuginfo-246.16-150300.7.51.1 systemd-246.16-150300.7.51.1 systemd-container-246.16-150300.7.51.1 systemd-container-debuginfo-246.16-150300.7.51.1 systemd-coredump-246.16-150300.7.51.1 systemd-coredump-debuginfo-246.16-150300.7.51.1 systemd-debuginfo-246.16-150300.7.51.1 systemd-debugsource-246.16-150300.7.51.1 systemd-devel-246.16-150300.7.51.1 systemd-doc-246.16-150300.7.51.1 systemd-journal-remote-246.16-150300.7.51.1 systemd-journal-remote-debuginfo-246.16-150300.7.51.1 systemd-logger-246.16-150300.7.51.1 systemd-network-246.16-150300.7.51.1 systemd-network-debuginfo-246.16-150300.7.51.1 systemd-sysvinit-246.16-150300.7.51.1 udev-246.16-150300.7.51.1 udev-debuginfo-246.16-150300.7.51.1 - openSUSE Leap 15.3 (x86_64): libsystemd0-32bit-246.16-150300.7.51.1 libsystemd0-32bit-debuginfo-246.16-150300.7.51.1 libudev-devel-32bit-246.16-150300.7.51.1 libudev1-32bit-246.16-150300.7.51.1 libudev1-32bit-debuginfo-246.16-150300.7.51.1 nss-myhostname-32bit-246.16-150300.7.51.1 nss-myhostname-32bit-debuginfo-246.16-150300.7.51.1 nss-mymachines-32bit-246.16-150300.7.51.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.51.1 systemd-32bit-246.16-150300.7.51.1 systemd-32bit-debuginfo-246.16-150300.7.51.1 - openSUSE Leap 15.3 (noarch): systemd-lang-246.16-150300.7.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.51.1 libsystemd0-debuginfo-246.16-150300.7.51.1 libudev-devel-246.16-150300.7.51.1 libudev1-246.16-150300.7.51.1 libudev1-debuginfo-246.16-150300.7.51.1 systemd-246.16-150300.7.51.1 systemd-container-246.16-150300.7.51.1 systemd-container-debuginfo-246.16-150300.7.51.1 systemd-coredump-246.16-150300.7.51.1 systemd-coredump-debuginfo-246.16-150300.7.51.1 systemd-debuginfo-246.16-150300.7.51.1 systemd-debugsource-246.16-150300.7.51.1 systemd-devel-246.16-150300.7.51.1 systemd-doc-246.16-150300.7.51.1 systemd-journal-remote-246.16-150300.7.51.1 systemd-journal-remote-debuginfo-246.16-150300.7.51.1 systemd-sysvinit-246.16-150300.7.51.1 udev-246.16-150300.7.51.1 udev-debuginfo-246.16-150300.7.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-150300.7.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-150300.7.51.1 libsystemd0-32bit-debuginfo-246.16-150300.7.51.1 libudev1-32bit-246.16-150300.7.51.1 libudev1-32bit-debuginfo-246.16-150300.7.51.1 systemd-32bit-246.16-150300.7.51.1 systemd-32bit-debuginfo-246.16-150300.7.51.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.51.1 libsystemd0-debuginfo-246.16-150300.7.51.1 libudev1-246.16-150300.7.51.1 libudev1-debuginfo-246.16-150300.7.51.1 systemd-246.16-150300.7.51.1 systemd-container-246.16-150300.7.51.1 systemd-container-debuginfo-246.16-150300.7.51.1 systemd-debuginfo-246.16-150300.7.51.1 systemd-debugsource-246.16-150300.7.51.1 systemd-journal-remote-246.16-150300.7.51.1 systemd-journal-remote-debuginfo-246.16-150300.7.51.1 systemd-sysvinit-246.16-150300.7.51.1 udev-246.16-150300.7.51.1 udev-debuginfo-246.16-150300.7.51.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.51.1 libsystemd0-debuginfo-246.16-150300.7.51.1 libudev1-246.16-150300.7.51.1 libudev1-debuginfo-246.16-150300.7.51.1 systemd-246.16-150300.7.51.1 systemd-container-246.16-150300.7.51.1 systemd-container-debuginfo-246.16-150300.7.51.1 systemd-debuginfo-246.16-150300.7.51.1 systemd-debugsource-246.16-150300.7.51.1 systemd-journal-remote-246.16-150300.7.51.1 systemd-journal-remote-debuginfo-246.16-150300.7.51.1 systemd-sysvinit-246.16-150300.7.51.1 udev-246.16-150300.7.51.1 udev-debuginfo-246.16-150300.7.51.1 References: https://bugzilla.suse.com/1195059 From sle-updates at lists.suse.com Fri Aug 26 16:30:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 18:30:35 +0200 (CEST) Subject: SUSE-RU-2022:2920-1: important: Recommended update for systemd Message-ID: <20220826163035.EF0B9FF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2920-1 Rating: important References: #1195059 #1201795 PED-944 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2920=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2920=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.12-150400.8.10.1 libsystemd0-debuginfo-249.12-150400.8.10.1 libudev1-249.12-150400.8.10.1 libudev1-debuginfo-249.12-150400.8.10.1 nss-myhostname-249.12-150400.8.10.1 nss-myhostname-debuginfo-249.12-150400.8.10.1 nss-systemd-249.12-150400.8.10.1 nss-systemd-debuginfo-249.12-150400.8.10.1 systemd-249.12-150400.8.10.1 systemd-container-249.12-150400.8.10.1 systemd-container-debuginfo-249.12-150400.8.10.1 systemd-coredump-249.12-150400.8.10.1 systemd-coredump-debuginfo-249.12-150400.8.10.1 systemd-debuginfo-249.12-150400.8.10.1 systemd-debugsource-249.12-150400.8.10.1 systemd-devel-249.12-150400.8.10.1 systemd-doc-249.12-150400.8.10.1 systemd-experimental-249.12-150400.8.10.1 systemd-experimental-debuginfo-249.12-150400.8.10.1 systemd-journal-remote-249.12-150400.8.10.1 systemd-journal-remote-debuginfo-249.12-150400.8.10.1 systemd-network-249.12-150400.8.10.1 systemd-network-debuginfo-249.12-150400.8.10.1 systemd-portable-249.12-150400.8.10.1 systemd-portable-debuginfo-249.12-150400.8.10.1 systemd-sysvinit-249.12-150400.8.10.1 systemd-testsuite-249.12-150400.8.10.1 systemd-testsuite-debuginfo-249.12-150400.8.10.1 udev-249.12-150400.8.10.1 udev-debuginfo-249.12-150400.8.10.1 - openSUSE Leap 15.4 (x86_64): libsystemd0-32bit-249.12-150400.8.10.1 libsystemd0-32bit-debuginfo-249.12-150400.8.10.1 libudev1-32bit-249.12-150400.8.10.1 libudev1-32bit-debuginfo-249.12-150400.8.10.1 nss-myhostname-32bit-249.12-150400.8.10.1 nss-myhostname-32bit-debuginfo-249.12-150400.8.10.1 systemd-32bit-249.12-150400.8.10.1 systemd-32bit-debuginfo-249.12-150400.8.10.1 - openSUSE Leap 15.4 (noarch): systemd-lang-249.12-150400.8.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.12-150400.8.10.1 libsystemd0-debuginfo-249.12-150400.8.10.1 libudev1-249.12-150400.8.10.1 libudev1-debuginfo-249.12-150400.8.10.1 systemd-249.12-150400.8.10.1 systemd-container-249.12-150400.8.10.1 systemd-container-debuginfo-249.12-150400.8.10.1 systemd-coredump-249.12-150400.8.10.1 systemd-coredump-debuginfo-249.12-150400.8.10.1 systemd-debuginfo-249.12-150400.8.10.1 systemd-debugsource-249.12-150400.8.10.1 systemd-devel-249.12-150400.8.10.1 systemd-doc-249.12-150400.8.10.1 systemd-sysvinit-249.12-150400.8.10.1 udev-249.12-150400.8.10.1 udev-debuginfo-249.12-150400.8.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-lang-249.12-150400.8.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libsystemd0-32bit-249.12-150400.8.10.1 libsystemd0-32bit-debuginfo-249.12-150400.8.10.1 libudev1-32bit-249.12-150400.8.10.1 libudev1-32bit-debuginfo-249.12-150400.8.10.1 systemd-32bit-249.12-150400.8.10.1 systemd-32bit-debuginfo-249.12-150400.8.10.1 References: https://bugzilla.suse.com/1195059 https://bugzilla.suse.com/1201795 From sle-updates at lists.suse.com Fri Aug 26 19:15:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 21:15:53 +0200 (CEST) Subject: SUSE-SU-2022:2923-1: important: Security update for keepalived Message-ID: <20220826191553.9CC12FF18@maintenance.suse.de> SUSE Security Update: Security update for keepalived ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2923-1 Rating: important References: #1193115 Cross-References: CVE-2021-44225 CVSS scores: CVE-2021-44225 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-44225 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for keepalived fixes the following issues: - CVE-2021-44225: Fix a potential privilege escalation due to insufficient control in the D-Bus policy (bsc#1193115). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2923=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2923=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2923=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-2923=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): keepalived-2.0.19-150100.3.6.1 keepalived-debuginfo-2.0.19-150100.3.6.1 keepalived-debugsource-2.0.19-150100.3.6.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): keepalived-2.0.19-150100.3.6.1 keepalived-debuginfo-2.0.19-150100.3.6.1 keepalived-debugsource-2.0.19-150100.3.6.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): keepalived-2.0.19-150100.3.6.1 keepalived-debuginfo-2.0.19-150100.3.6.1 keepalived-debugsource-2.0.19-150100.3.6.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): keepalived-2.0.19-150100.3.6.1 keepalived-debuginfo-2.0.19-150100.3.6.1 keepalived-debugsource-2.0.19-150100.3.6.1 References: https://www.suse.com/security/cve/CVE-2021-44225.html https://bugzilla.suse.com/1193115 From sle-updates at lists.suse.com Fri Aug 26 19:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 26 Aug 2022 21:16:32 +0200 (CEST) Subject: SUSE-SU-2022:2922-1: important: Security update for libyang Message-ID: <20220826191632.755E8FF18@maintenance.suse.de> SUSE Security Update: Security update for libyang ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2922-1 Rating: important References: #1186377 Cross-References: CVE-2021-28905 CVSS scores: CVE-2021-28905 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28905 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libyang fixes the following issues: - CVE-2021-28905: Fixed a reachable assertion which could be exploited by an attacker to cause a denial of service (bsc#1186377). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2922=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2922=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2922=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2922=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libyang-cpp-devel-1.0.184-150300.3.3.1 libyang-cpp1-1.0.184-150300.3.3.1 libyang-cpp1-debuginfo-1.0.184-150300.3.3.1 libyang-debuginfo-1.0.184-150300.3.3.1 libyang-debugsource-1.0.184-150300.3.3.1 libyang-devel-1.0.184-150300.3.3.1 libyang-extentions-1.0.184-150300.3.3.1 libyang-extentions-debuginfo-1.0.184-150300.3.3.1 libyang1-1.0.184-150300.3.3.1 libyang1-debuginfo-1.0.184-150300.3.3.1 python3-yang-1.0.184-150300.3.3.1 python3-yang-debuginfo-1.0.184-150300.3.3.1 yang-tools-1.0.184-150300.3.3.1 yang-tools-debuginfo-1.0.184-150300.3.3.1 - openSUSE Leap 15.4 (noarch): libyang-doc-1.0.184-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libyang-cpp-devel-1.0.184-150300.3.3.1 libyang-cpp1-1.0.184-150300.3.3.1 libyang-cpp1-debuginfo-1.0.184-150300.3.3.1 libyang-debuginfo-1.0.184-150300.3.3.1 libyang-debugsource-1.0.184-150300.3.3.1 libyang-devel-1.0.184-150300.3.3.1 libyang-extentions-1.0.184-150300.3.3.1 libyang-extentions-debuginfo-1.0.184-150300.3.3.1 libyang1-1.0.184-150300.3.3.1 libyang1-debuginfo-1.0.184-150300.3.3.1 python3-yang-1.0.184-150300.3.3.1 python3-yang-debuginfo-1.0.184-150300.3.3.1 yang-tools-1.0.184-150300.3.3.1 yang-tools-debuginfo-1.0.184-150300.3.3.1 - openSUSE Leap 15.3 (noarch): libyang-doc-1.0.184-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libyang-debuginfo-1.0.184-150300.3.3.1 libyang-debugsource-1.0.184-150300.3.3.1 libyang-extentions-1.0.184-150300.3.3.1 libyang-extentions-debuginfo-1.0.184-150300.3.3.1 libyang1-1.0.184-150300.3.3.1 libyang1-debuginfo-1.0.184-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libyang-debuginfo-1.0.184-150300.3.3.1 libyang-debugsource-1.0.184-150300.3.3.1 libyang-extentions-1.0.184-150300.3.3.1 libyang-extentions-debuginfo-1.0.184-150300.3.3.1 libyang1-1.0.184-150300.3.3.1 libyang1-debuginfo-1.0.184-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-28905.html https://bugzilla.suse.com/1186377 From sle-updates at lists.suse.com Sat Aug 27 07:15:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 09:15:13 +0200 (CEST) Subject: SUSE-CU-2022:1907-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20220827071513.9ADF2FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1907-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-4.2.15 , suse/sle-micro/5.3/toolbox:latest Container Release : 4.2.15 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - systemd-249.12-150400.8.10.1 updated From sle-updates at lists.suse.com Sat Aug 27 07:25:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 09:25:58 +0200 (CEST) Subject: SUSE-CU-2022:1908-1: Recommended update of suse/sles12sp4 Message-ID: <20220827072558.7AB8DFF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1908-1 Container Tags : suse/sles12sp4:26.495 , suse/sles12sp4:latest Container Release : 26.495 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2907-1 Released: Fri Aug 26 05:32:06 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - base-container-licenses-3.0-1.309 updated - container-suseconnect-2.0.0-1.196 updated - libldap-2_4-2-2.4.41-22.13.1 updated From sle-updates at lists.suse.com Sat Aug 27 07:34:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 09:34:23 +0200 (CEST) Subject: SUSE-CU-2022:1909-1: Recommended update of suse/sles12sp5 Message-ID: <20220827073423.DD559FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1909-1 Container Tags : suse/sles12sp5:6.5.369 , suse/sles12sp5:latest Container Release : 6.5.369 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2907-1 Released: Fri Aug 26 05:32:06 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-2_4-2-2.4.41-22.13.1 updated From sle-updates at lists.suse.com Sat Aug 27 07:56:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 09:56:32 +0200 (CEST) Subject: SUSE-CU-2022:1910-1: Recommended update of suse/sle15 Message-ID: <20220827075632.088B5FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1910-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.599 Container Release : 4.22.599 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2905-1 Released: Fri Aug 26 05:30:33 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-2_4-2-2.4.46-150000.9.74.3 updated - libldap-data-2.4.46-150000.9.74.3 updated From sle-updates at lists.suse.com Sat Aug 27 08:15:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:15:46 +0200 (CEST) Subject: SUSE-CU-2022:1911-1: Recommended update of suse/sle15 Message-ID: <20220827081546.CDB1BFF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1911-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.660 Container Release : 6.2.660 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2905-1 Released: Fri Aug 26 05:30:33 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-2_4-2-2.4.46-150000.9.74.3 updated - libldap-data-2.4.46-150000.9.74.3 updated From sle-updates at lists.suse.com Sat Aug 27 08:31:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:31:14 +0200 (CEST) Subject: SUSE-CU-2022:1912-1: Recommended update of suse/sle15 Message-ID: <20220827083114.2A960FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1912-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.179 Container Release : 9.5.179 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated From sle-updates at lists.suse.com Sat Aug 27 08:37:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:37:13 +0200 (CEST) Subject: SUSE-CU-2022:1913-1: Recommended update of bci/bci-init Message-ID: <20220827083713.5C7C4FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1913-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.18.10 Container Release : 18.10 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-17.20.17 updated From sle-updates at lists.suse.com Sat Aug 27 08:37:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:37:19 +0200 (CEST) Subject: SUSE-CU-2022:1914-1: Recommended update of bci/bci-init Message-ID: <20220827083719.5205AFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1914-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.18.13 Container Release : 18.13 Severity : important Type : recommended References : 1195059 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory The following package changes have been done: - libsystemd0-246.16-150300.7.51.1 updated - libudev1-246.16-150300.7.51.1 updated - systemd-246.16-150300.7.51.1 updated - udev-246.16-150300.7.51.1 updated - container:sles15-image-15.0.0-17.20.18 updated From sle-updates at lists.suse.com Sat Aug 27 08:44:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:44:54 +0200 (CEST) Subject: SUSE-CU-2022:1917-1: Recommended update of bci/nodejs Message-ID: <20220827084454.BDA8BFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1917-1 Container Tags : bci/node:12 , bci/node:12-16.147 , bci/nodejs:12 , bci/nodejs:12-16.147 Container Release : 16.147 Severity : important Type : recommended References : 1195059 1198341 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated - libsystemd0-246.16-150300.7.51.1 updated - libudev1-246.16-150300.7.51.1 updated - container:sles15-image-15.0.0-17.20.17 updated From sle-updates at lists.suse.com Sat Aug 27 08:49:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:49:29 +0200 (CEST) Subject: SUSE-CU-2022:1918-1: Recommended update of bci/python Message-ID: <20220827084929.5D10DFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1918-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.65 Container Release : 18.65 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated From sle-updates at lists.suse.com Sat Aug 27 08:49:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:49:35 +0200 (CEST) Subject: SUSE-CU-2022:1919-1: Recommended update of bci/python Message-ID: <20220827084935.95B92FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1919-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.67 Container Release : 18.67 Severity : important Type : recommended References : 1195059 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory The following package changes have been done: - libsystemd0-246.16-150300.7.51.1 updated - libudev1-246.16-150300.7.51.1 updated - container:sles15-image-15.0.0-17.20.18 updated From sle-updates at lists.suse.com Sat Aug 27 08:58:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:58:39 +0200 (CEST) Subject: SUSE-CU-2022:1920-1: Recommended update of suse/sle15 Message-ID: <20220827085839.CA104FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1920-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.17 , suse/sle15:15.3 , suse/sle15:15.3.17.20.17 Container Release : 17.20.17 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated From sle-updates at lists.suse.com Sat Aug 27 08:58:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:58:45 +0200 (CEST) Subject: SUSE-CU-2022:1921-1: Recommended update of suse/sle15 Message-ID: <20220827085845.A1C57FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1921-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.18 , suse/sle15:15.3 , suse/sle15:15.3.17.20.18 Container Release : 17.20.18 Severity : important Type : recommended References : 1195059 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory The following package changes have been done: - libsystemd0-246.16-150300.7.51.1 updated - libudev1-246.16-150300.7.51.1 updated From sle-updates at lists.suse.com Sat Aug 27 08:59:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 10:59:38 +0200 (CEST) Subject: SUSE-CU-2022:1922-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220827085938.BD2BAFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1922-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-25.12 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-25.12 Container Release : 25.12 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 09:00:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 11:00:37 +0200 (CEST) Subject: SUSE-CU-2022:1923-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220827090037.8187D10017@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1923-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-20.9 , bci/dotnet-aspnet:6.0.8 , bci/dotnet-aspnet:6.0.8-20.9 , bci/dotnet-aspnet:latest Container Release : 20.9 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 09:01:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 11:01:50 +0200 (CEST) Subject: SUSE-CU-2022:1924-1: Recommended update of bci/dotnet-sdk Message-ID: <20220827090150.C8A81FFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1924-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-45.9 , bci/dotnet-sdk:3.1.28 , bci/dotnet-sdk:3.1.28-45.9 Container Release : 45.9 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 09:02:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 11:02:45 +0200 (CEST) Subject: SUSE-CU-2022:1925-1: Recommended update of bci/dotnet-sdk Message-ID: <20220827090245.E05A5FFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1925-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-33.12 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-33.12 Container Release : 33.12 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 09:03:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 11:03:54 +0200 (CEST) Subject: SUSE-CU-2022:1926-1: Recommended update of bci/dotnet-sdk Message-ID: <20220827090354.4BA4DFFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1926-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-22.9 , bci/dotnet-sdk:6.0.8 , bci/dotnet-sdk:6.0.8-22.9 , bci/dotnet-sdk:latest Container Release : 22.9 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 09:04:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 11:04:47 +0200 (CEST) Subject: SUSE-CU-2022:1927-1: Recommended update of bci/dotnet-runtime Message-ID: <20220827090447.E6367FFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1927-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-32.12 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-32.12 Container Release : 32.12 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 09:05:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 11:05:40 +0200 (CEST) Subject: SUSE-CU-2022:1928-1: Recommended update of bci/dotnet-runtime Message-ID: <20220827090540.A5957FFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1928-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-19.9 , bci/dotnet-runtime:6.0.8 , bci/dotnet-runtime:6.0.8-19.9 , bci/dotnet-runtime:latest Container Release : 19.9 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 09:06:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 11:06:54 +0200 (CEST) Subject: SUSE-CU-2022:1929-1: Recommended update of bci/golang Message-ID: <20220827090654.4211AFFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1929-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.9 Container Release : 30.9 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 11:48:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:48:29 +0200 (CEST) Subject: SUSE-CU-2022:1929-1: Recommended update of bci/golang Message-ID: <20220827114829.A1D0FFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1929-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.9 Container Release : 30.9 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 11:49:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:49:42 +0200 (CEST) Subject: SUSE-CU-2022:1930-1: Recommended update of bci/golang Message-ID: <20220827114942.BCF84FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1930-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.11 Container Release : 29.11 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libudev1-249.12-150400.8.10.1 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 11:50:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:50:36 +0200 (CEST) Subject: SUSE-CU-2022:1931-1: Recommended update of bci/golang Message-ID: <20220827115036.43953FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1931-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-16.9 Container Release : 16.9 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libudev1-249.12-150400.8.10.1 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 11:50:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:50:46 +0200 (CEST) Subject: SUSE-CU-2022:1932-1: Recommended update of bci/golang Message-ID: <20220827115046.956ECFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1932-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.8 , bci/golang:latest Container Release : 2.8 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 11:50:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:50:51 +0200 (CEST) Subject: SUSE-CU-2022:1933-1: Recommended update of bci/golang Message-ID: <20220827115051.E33EEFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1933-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.9 , bci/golang:latest Container Release : 2.9 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 11:51:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:51:40 +0200 (CEST) Subject: SUSE-CU-2022:1934-1: Recommended update of bci/bci-init Message-ID: <20220827115140.D88EAFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1934-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.21.8 , bci/bci-init:latest Container Release : 21.8 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 11:51:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:51:44 +0200 (CEST) Subject: SUSE-CU-2022:1935-1: Recommended update of bci/bci-init Message-ID: <20220827115144.46393FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1935-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.21.9 , bci/bci-init:latest Container Release : 21.9 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - systemd-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 11:51:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:51:57 +0200 (CEST) Subject: SUSE-CU-2022:1936-1: Recommended update of bci/bci-minimal Message-ID: <20220827115157.5177AFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1936-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.14.3 , bci/bci-minimal:latest Container Release : 14.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package The following package changes have been done: - libdw1-0.185-150400.5.3.1 updated - libelf1-0.185-150400.5.3.1 updated From sle-updates at lists.suse.com Sat Aug 27 11:52:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:52:40 +0200 (CEST) Subject: SUSE-CU-2022:1937-1: Recommended update of bci/nodejs Message-ID: <20220827115240.838CBFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1937-1 Container Tags : bci/node:14 , bci/node:14-33.9 , bci/nodejs:14 , bci/nodejs:14-33.9 Container Release : 33.9 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 11:52:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:52:44 +0200 (CEST) Subject: SUSE-CU-2022:1938-1: Recommended update of bci/nodejs Message-ID: <20220827115244.317F2FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1938-1 Container Tags : bci/node:14 , bci/node:14-33.10 , bci/nodejs:14 , bci/nodejs:14-33.10 Container Release : 33.10 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 11:53:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:53:23 +0200 (CEST) Subject: SUSE-CU-2022:1939-1: Recommended update of bci/nodejs Message-ID: <20220827115323.7480EFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1939-1 Container Tags : bci/node:16 , bci/node:16-9.9 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-9.9 , bci/nodejs:latest Container Release : 9.9 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 11:53:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:53:27 +0200 (CEST) Subject: SUSE-CU-2022:1940-1: Recommended update of bci/nodejs Message-ID: <20220827115327.0C791FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1940-1 Container Tags : bci/node:16 , bci/node:16-9.10 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-9.10 , bci/nodejs:latest Container Release : 9.10 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 11:55:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:55:11 +0200 (CEST) Subject: SUSE-CU-2022:1941-1: Recommended update of bci/openjdk-devel Message-ID: <20220827115511.59290FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1941-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-34.22 , bci/openjdk-devel:latest Container Release : 34.22 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libudev1-249.12-150400.8.10.1 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:bci-openjdk-11-15.4-30.10 updated From sle-updates at lists.suse.com Sat Aug 27 11:56:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:56:24 +0200 (CEST) Subject: SUSE-CU-2022:1942-1: Recommended update of bci/openjdk Message-ID: <20220827115624.D6DF2FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1942-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-30.9 , bci/openjdk:latest Container Release : 30.9 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 11:56:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:56:29 +0200 (CEST) Subject: SUSE-CU-2022:1943-1: Recommended update of bci/openjdk Message-ID: <20220827115629.D2219FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1943-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-30.10 , bci/openjdk:latest Container Release : 30.10 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libsystemd0-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 11:57:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:57:25 +0200 (CEST) Subject: SUSE-CU-2022:1944-1: Recommended update of suse/pcp Message-ID: <20220827115725.67B19FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1944-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-9.17 , suse/pcp:latest Container Release : 9.17 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:bci-bci-init-15.4-15.4-21.8 updated From sle-updates at lists.suse.com Sat Aug 27 11:57:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:57:29 +0200 (CEST) Subject: SUSE-CU-2022:1945-1: Recommended update of suse/pcp Message-ID: <20220827115729.CC8F7FF18@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1945-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-9.19 , suse/pcp:latest Container Release : 9.19 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - systemd-249.12-150400.8.10.1 updated - container:bci-bci-init-15.4-15.4-21.9 updated From sle-updates at lists.suse.com Sat Aug 27 11:58:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:58:07 +0200 (CEST) Subject: SUSE-CU-2022:1946-1: Recommended update of bci/python Message-ID: <20220827115807.A4993FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1946-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.9 , bci/python:latest Container Release : 5.9 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 11:58:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:58:11 +0200 (CEST) Subject: SUSE-CU-2022:1947-1: Recommended update of bci/python Message-ID: <20220827115811.504A1FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1947-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.10 , bci/python:latest Container Release : 5.10 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 11:58:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:58:46 +0200 (CEST) Subject: SUSE-CU-2022:1948-1: Recommended update of bci/python Message-ID: <20220827115846.9265CFF18@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1948-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.9 Container Release : 28.9 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 11:58:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 13:58:50 +0200 (CEST) Subject: SUSE-CU-2022:1949-1: Recommended update of bci/python Message-ID: <20220827115850.30D94FF18@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1949-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.10 Container Release : 28.10 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 12:20:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:20:15 +0200 (CEST) Subject: SUSE-CU-2022:1949-1: Recommended update of bci/python Message-ID: <20220827122015.AEF8DFFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1949-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.10 Container Release : 28.10 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 12:21:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:21:41 +0200 (CEST) Subject: SUSE-CU-2022:1950-1: Recommended update of bci/ruby Message-ID: <20220827122141.C7DD2FFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1950-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-29.9 , bci/ruby:latest Container Release : 29.9 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 12:21:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:21:48 +0200 (CEST) Subject: SUSE-CU-2022:1951-1: Recommended update of bci/ruby Message-ID: <20220827122148.AF589FFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1951-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-29.10 , bci/ruby:latest Container Release : 29.10 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 12:22:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:22:22 +0200 (CEST) Subject: SUSE-CU-2022:1952-1: Recommended update of bci/rust Message-ID: <20220827122222.1C9A6FFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1952-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.26 Container Release : 9.26 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.12 updated From sle-updates at lists.suse.com Sat Aug 27 12:22:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:22:27 +0200 (CEST) Subject: SUSE-CU-2022:1953-1: Recommended update of bci/rust Message-ID: <20220827122227.01B32FFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1953-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.27 Container Release : 9.27 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libsystemd0-249.12-150400.8.10.1 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 12:22:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:22:50 +0200 (CEST) Subject: SUSE-CU-2022:1954-1: Recommended update of bci/rust Message-ID: <20220827122250.E5AD6FFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1954-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-5.10 Container Release : 5.10 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 12:22:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:22:59 +0200 (CEST) Subject: SUSE-CU-2022:1955-1: Recommended update of bci/rust Message-ID: <20220827122259.883AFFFA7@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1955-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-2.9 , bci/rust:latest Container Release : 2.9 Severity : important Type : recommended References : 1195059 1198341 1201795 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - container:sles15-image-15.0.0-27.11.13 updated From sle-updates at lists.suse.com Sat Aug 27 12:23:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:23:31 +0200 (CEST) Subject: SUSE-CU-2022:1956-1: Recommended update of suse/sle15 Message-ID: <20220827122331.394D6FFA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1956-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.12 , suse/sle15:15.4 , suse/sle15:15.4.27.11.12 Container Release : 27.11.12 Severity : moderate Type : recommended References : 1198341 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) The following package changes have been done: - libdw1-0.185-150400.5.3.1 updated - libelf1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libldap-data-2.4.46-150200.14.11.2 updated From sle-updates at lists.suse.com Sat Aug 27 12:23:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:23:35 +0200 (CEST) Subject: SUSE-CU-2022:1957-1: Recommended update of suse/sle15 Message-ID: <20220827122335.1EFB7FFA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1957-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.13 , suse/sle15:15.4 , suse/sle15:15.4.27.11.13 Container Release : 27.11.13 Severity : important Type : recommended References : 1195059 1201795 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory The following package changes have been done: - libsystemd0-249.12-150400.8.10.1 updated - libudev1-249.12-150400.8.10.1 updated From sle-updates at lists.suse.com Sat Aug 27 12:24:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:24:12 +0200 (CEST) Subject: SUSE-CU-2022:1958-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20220827122412.CD413FFA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1958-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.264 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.264 Severity : important Type : recommended References : 1195059 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory The following package changes have been done: - systemd-246.16-150300.7.51.1 updated - udev-246.16-150300.7.51.1 updated From sle-updates at lists.suse.com Sat Aug 27 12:27:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 14:27:18 +0200 (CEST) Subject: SUSE-CU-2022:1960-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20220827122718.4035FFFA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1960-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.84 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.84 Severity : important Type : recommended References : 1195059 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2921-1 Released: Fri Aug 26 15:17:43 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059 This update for systemd fixes the following issues: - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - tmpfiles: check for the correct directory The following package changes have been done: - systemd-246.16-150300.7.51.1 updated - udev-246.16-150300.7.51.1 updated From sle-updates at lists.suse.com Sat Aug 27 13:15:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 27 Aug 2022 15:15:45 +0200 (CEST) Subject: SUSE-RU-2022:2924-1: moderate: Recommended update for gcc10 Message-ID: <20220827131545.3208CFF18@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2924-1 Rating: moderate References: #1188076 #1195628 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gcc10 fixes the following issues: Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794 * includes remaining regression fixes from the branch * Removes cyclades header use from libsanitizer. [bsc#1188076] - Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628] - Remove sys/rseq.h from include-fixed - Put libstdc++6-pp Requires on the shared library and drop to Recoomends. - Properly adjust license GPL-3.0 WITH GCC-exception-3.1 to GPL-3.0-or-later WITH GCC-exception-3.1 - Remove bits/unistd_ext.h from include-fixed - Force using llvm11 for amdgcn offloading since llvm12 doesn't yet work. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2924=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2924=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2924=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2924=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2924=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cpp10-10.4.0+git2794-150000.1.9.1 cpp10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-arm-gcc10-10.4.0+git2794-150000.1.9.1 cross-arm-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-arm-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-arm-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-hppa-gcc10-10.4.0+git2794-150000.1.9.1 cross-hppa-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-hppa-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-hppa-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-i386-gcc10-10.4.0+git2794-150000.1.9.1 cross-i386-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-i386-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-i386-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-m68k-gcc10-10.4.0+git2794-150000.1.9.1 cross-m68k-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-m68k-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-m68k-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-mips-gcc10-10.4.0+git2794-150000.1.9.1 cross-mips-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-mips-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-mips-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-ppc64-gcc10-10.4.0+git2794-150000.1.9.1 cross-ppc64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-ppc64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-ppc64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-riscv64-gcc10-10.4.0+git2794-150000.1.9.1 cross-riscv64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-riscv64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-riscv64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-sparc-gcc10-10.4.0+git2794-150000.1.9.1 cross-sparc-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-sparc-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-sparc64-gcc10-10.4.0+git2794-150000.1.9.1 cross-sparc64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-sparc64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-sparc64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-sparcv9-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 gcc10-10.4.0+git2794-150000.1.9.1 gcc10-ada-10.4.0+git2794-150000.1.9.1 gcc10-ada-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-c++-10.4.0+git2794-150000.1.9.1 gcc10-c++-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-debugsource-10.4.0+git2794-150000.1.9.1 gcc10-fortran-10.4.0+git2794-150000.1.9.1 gcc10-fortran-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-go-10.4.0+git2794-150000.1.9.1 gcc10-go-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-locale-10.4.0+git2794-150000.1.9.1 gcc10-obj-c++-10.4.0+git2794-150000.1.9.1 gcc10-obj-c++-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-objc-10.4.0+git2794-150000.1.9.1 gcc10-objc-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-testresults-10.4.0+git2794-150000.1.9.1 libada10-10.4.0+git2794-150000.1.9.1 libada10-debuginfo-10.4.0+git2794-150000.1.9.1 libgo16-10.4.0+git2794-150000.1.9.1 libgo16-debuginfo-10.4.0+git2794-150000.1.9.1 libstdc++6-devel-gcc10-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): cross-s390x-gcc10-10.4.0+git2794-150000.1.9.1 cross-s390x-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-s390x-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-s390x-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x): cross-x86_64-gcc10-10.4.0+git2794-150000.1.9.1 cross-x86_64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-x86_64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-x86_64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.4 (ppc64le s390x x86_64): cross-aarch64-gcc10-10.4.0+git2794-150000.1.9.1 cross-aarch64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-aarch64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-aarch64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.4 (aarch64 s390x x86_64): cross-ppc64le-gcc10-10.4.0+git2794-150000.1.9.1 cross-ppc64le-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-ppc64le-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-ppc64le-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 gcc10-d-10.4.0+git2794-150000.1.9.1 gcc10-d-debuginfo-10.4.0+git2794-150000.1.9.1 libgdruntime1-10.4.0+git2794-150000.1.9.1 libgdruntime1-debuginfo-10.4.0+git2794-150000.1.9.1 libgphobos1-10.4.0+git2794-150000.1.9.1 libgphobos1-debuginfo-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.4 (s390x x86_64): gcc10-32bit-10.4.0+git2794-150000.1.9.1 gcc10-ada-32bit-10.4.0+git2794-150000.1.9.1 gcc10-c++-32bit-10.4.0+git2794-150000.1.9.1 gcc10-d-32bit-10.4.0+git2794-150000.1.9.1 gcc10-fortran-32bit-10.4.0+git2794-150000.1.9.1 gcc10-go-32bit-10.4.0+git2794-150000.1.9.1 gcc10-obj-c++-32bit-10.4.0+git2794-150000.1.9.1 gcc10-objc-32bit-10.4.0+git2794-150000.1.9.1 libada10-32bit-10.4.0+git2794-150000.1.9.1 libada10-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 libgdruntime1-32bit-10.4.0+git2794-150000.1.9.1 libgdruntime1-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 libgo16-32bit-10.4.0+git2794-150000.1.9.1 libgo16-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 libgphobos1-32bit-10.4.0+git2794-150000.1.9.1 libgphobos1-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 libstdc++6-devel-gcc10-32bit-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.4 (noarch): gcc10-info-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.4 (x86_64): cross-nvptx-gcc10-10.4.0+git2794-150000.1.9.1 cross-nvptx-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-nvptx-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-nvptx-newlib10-devel-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cpp10-10.4.0+git2794-150000.1.9.1 cpp10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-arm-gcc10-10.4.0+git2794-150000.1.9.1 cross-arm-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-arm-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-arm-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-hppa-gcc10-10.4.0+git2794-150000.1.9.1 cross-hppa-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-hppa-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-hppa-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-i386-gcc10-10.4.0+git2794-150000.1.9.1 cross-i386-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-i386-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-i386-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-m68k-gcc10-10.4.0+git2794-150000.1.9.1 cross-m68k-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-m68k-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-m68k-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-mips-gcc10-10.4.0+git2794-150000.1.9.1 cross-mips-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-mips-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-mips-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-ppc64-gcc10-10.4.0+git2794-150000.1.9.1 cross-ppc64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-ppc64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-ppc64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-riscv64-gcc10-10.4.0+git2794-150000.1.9.1 cross-riscv64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-riscv64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-riscv64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-sparc-gcc10-10.4.0+git2794-150000.1.9.1 cross-sparc-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-sparc-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-sparc64-gcc10-10.4.0+git2794-150000.1.9.1 cross-sparc64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-sparc64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-sparc64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 cross-sparcv9-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 gcc10-10.4.0+git2794-150000.1.9.1 gcc10-ada-10.4.0+git2794-150000.1.9.1 gcc10-ada-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-c++-10.4.0+git2794-150000.1.9.1 gcc10-c++-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-debugsource-10.4.0+git2794-150000.1.9.1 gcc10-fortran-10.4.0+git2794-150000.1.9.1 gcc10-fortran-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-go-10.4.0+git2794-150000.1.9.1 gcc10-go-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-locale-10.4.0+git2794-150000.1.9.1 gcc10-obj-c++-10.4.0+git2794-150000.1.9.1 gcc10-obj-c++-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-objc-10.4.0+git2794-150000.1.9.1 gcc10-objc-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-testresults-10.4.0+git2794-150000.1.9.1 libada10-10.4.0+git2794-150000.1.9.1 libada10-debuginfo-10.4.0+git2794-150000.1.9.1 libgo16-10.4.0+git2794-150000.1.9.1 libgo16-debuginfo-10.4.0+git2794-150000.1.9.1 libstdc++6-devel-gcc10-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): cross-s390x-gcc10-10.4.0+git2794-150000.1.9.1 cross-s390x-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-s390x-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-s390x-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x): cross-x86_64-gcc10-10.4.0+git2794-150000.1.9.1 cross-x86_64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-x86_64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-x86_64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 libstdc++6-pp-gcc10-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.3 (aarch64 s390x x86_64): cross-ppc64le-gcc10-10.4.0+git2794-150000.1.9.1 cross-ppc64le-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-ppc64le-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-ppc64le-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 gcc10-d-10.4.0+git2794-150000.1.9.1 gcc10-d-debuginfo-10.4.0+git2794-150000.1.9.1 libgdruntime1-10.4.0+git2794-150000.1.9.1 libgdruntime1-debuginfo-10.4.0+git2794-150000.1.9.1 libgphobos1-10.4.0+git2794-150000.1.9.1 libgphobos1-debuginfo-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): cross-aarch64-gcc10-10.4.0+git2794-150000.1.9.1 cross-aarch64-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-aarch64-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-aarch64-gcc10-icecream-backend-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.3 (s390x x86_64): gcc10-32bit-10.4.0+git2794-150000.1.9.1 gcc10-ada-32bit-10.4.0+git2794-150000.1.9.1 gcc10-c++-32bit-10.4.0+git2794-150000.1.9.1 gcc10-d-32bit-10.4.0+git2794-150000.1.9.1 gcc10-fortran-32bit-10.4.0+git2794-150000.1.9.1 gcc10-go-32bit-10.4.0+git2794-150000.1.9.1 gcc10-obj-c++-32bit-10.4.0+git2794-150000.1.9.1 gcc10-objc-32bit-10.4.0+git2794-150000.1.9.1 libada10-32bit-10.4.0+git2794-150000.1.9.1 libada10-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 libgdruntime1-32bit-10.4.0+git2794-150000.1.9.1 libgdruntime1-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 libgo16-32bit-10.4.0+git2794-150000.1.9.1 libgo16-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 libgphobos1-32bit-10.4.0+git2794-150000.1.9.1 libgphobos1-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 libstdc++6-devel-gcc10-32bit-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.3 (x86_64): cross-nvptx-gcc10-10.4.0+git2794-150000.1.9.1 cross-nvptx-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-nvptx-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-nvptx-newlib10-devel-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.3 (noarch): gcc10-info-10.4.0+git2794-150000.1.9.1 - openSUSE Leap 15.3 (s390x): libstdc++6-pp-gcc10-32bit-10.4.0+git2794-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cpp10-10.4.0+git2794-150000.1.9.1 cpp10-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-10.4.0+git2794-150000.1.9.1 gcc10-ada-10.4.0+git2794-150000.1.9.1 gcc10-ada-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-c++-10.4.0+git2794-150000.1.9.1 gcc10-c++-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-debugsource-10.4.0+git2794-150000.1.9.1 gcc10-fortran-10.4.0+git2794-150000.1.9.1 gcc10-fortran-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-go-10.4.0+git2794-150000.1.9.1 gcc10-go-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-locale-10.4.0+git2794-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): cross-nvptx-gcc10-10.4.0+git2794-150000.1.9.1 cross-nvptx-gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 cross-nvptx-gcc10-debugsource-10.4.0+git2794-150000.1.9.1 cross-nvptx-newlib10-devel-10.4.0+git2794-150000.1.9.1 gcc10-32bit-10.4.0+git2794-150000.1.9.1 gcc10-ada-32bit-10.4.0+git2794-150000.1.9.1 gcc10-c++-32bit-10.4.0+git2794-150000.1.9.1 gcc10-fortran-32bit-10.4.0+git2794-150000.1.9.1 gcc10-go-32bit-10.4.0+git2794-150000.1.9.1 libstdc++6-devel-gcc10-32bit-10.4.0+git2794-150000.1.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): gcc10-info-10.4.0+git2794-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-debugsource-10.4.0+git2794-150000.1.9.1 libada10-10.4.0+git2794-150000.1.9.1 libada10-debuginfo-10.4.0+git2794-150000.1.9.1 libgo16-10.4.0+git2794-150000.1.9.1 libgo16-debuginfo-10.4.0+git2794-150000.1.9.1 libstdc++6-devel-gcc10-10.4.0+git2794-150000.1.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libada10-32bit-10.4.0+git2794-150000.1.9.1 libada10-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 libgo16-32bit-10.4.0+git2794-150000.1.9.1 libgo16-32bit-debuginfo-10.4.0+git2794-150000.1.9.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): gcc10-debuginfo-10.4.0+git2794-150000.1.9.1 gcc10-debugsource-10.4.0+git2794-150000.1.9.1 References: https://bugzilla.suse.com/1188076 https://bugzilla.suse.com/1195628 From sle-updates at lists.suse.com Mon Aug 29 07:15:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 09:15:25 +0200 (CEST) Subject: SUSE-RU-2022:2925-1: important: Recommended update for audit-secondary Message-ID: <20220829071525.1D638FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for audit-secondary ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2925-1 Rating: important References: #1201519 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for audit-secondary fixes the following issues: - Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2925=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2925=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): audit-3.0.6-150400.4.3.1 audit-audispd-plugins-3.0.6-150400.4.3.1 audit-audispd-plugins-debuginfo-3.0.6-150400.4.3.1 audit-debuginfo-3.0.6-150400.4.3.1 audit-secondary-debugsource-3.0.6-150400.4.3.1 python3-audit-3.0.6-150400.4.3.1 python3-audit-debuginfo-3.0.6-150400.4.3.1 system-group-audit-3.0.6-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): audit-3.0.6-150400.4.3.1 audit-audispd-plugins-3.0.6-150400.4.3.1 audit-audispd-plugins-debuginfo-3.0.6-150400.4.3.1 audit-debuginfo-3.0.6-150400.4.3.1 audit-secondary-debugsource-3.0.6-150400.4.3.1 python3-audit-3.0.6-150400.4.3.1 python3-audit-debuginfo-3.0.6-150400.4.3.1 system-group-audit-3.0.6-150400.4.3.1 References: https://bugzilla.suse.com/1201519 From sle-updates at lists.suse.com Mon Aug 29 13:16:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 15:16:31 +0200 (CEST) Subject: SUSE-RU-2022:2929-1: important: Recommended update for timezone Message-ID: <20220829131631.89E39FE10@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2929-1 Rating: important References: #1202310 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2929=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2929=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2929=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2929=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2929=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2929=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2929=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2929=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2929=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2929=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2929=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2929=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2929=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2929=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2929=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2929=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2929=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2929=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2929=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2929=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2929=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2929=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2929=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2929=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2929=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - openSUSE Leap 15.4 (noarch): timezone-java-2022a-150000.75.10.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - openSUSE Leap 15.3 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Manager Server 4.1 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Manager Retail Branch Server 4.1 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Manager Proxy 4.1 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Manager Proxy 4.1 (x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Enterprise Storage 7 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE Enterprise Storage 6 (noarch): timezone-java-2022a-150000.75.10.1 - SUSE CaaS Platform 4.0 (x86_64): timezone-2022a-150000.75.10.1 timezone-debuginfo-2022a-150000.75.10.1 timezone-debugsource-2022a-150000.75.10.1 - SUSE CaaS Platform 4.0 (noarch): timezone-java-2022a-150000.75.10.1 References: https://bugzilla.suse.com/1202310 From sle-updates at lists.suse.com Mon Aug 29 13:17:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 15:17:20 +0200 (CEST) Subject: SUSE-FU-2022:2927-1: moderate: Feature update for LibreOffice Message-ID: <20220829131720.9FC5DFE10@maintenance.suse.de> SUSE Feature Update: Feature update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2927-1 Rating: moderate References: #1041090 #1183308 #1192616 #1195881 #1196017 #1196212 #1196499 #1197017 SLE-24020 Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that has 8 feature fixes and contains one feature can now be installed. Description: This feature update for LibreOffice provides: abseil-cpp: - Provide abseil-cpp version 20211102.0 as LibreOffice dependency. (jsc#SLE-24020) - Mention already fixed issues. (fate#326485, bsc#1041090) libcuckoo: - Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-24020) libixion: - Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-24020) - Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-24020) - Build with gcc11 and gcc11-c++. (jsc#SLE-24020) - Remove unneeded vulkan dependency libreoffice: - Update LibreOffice from version 7.2.5.1 to 7.3.3.1 (jsc#SLE-23448, jsc#SLE-24020) - Update bundled dependencies: * curl version 7.79.1 * boost from version 1.75 to version 1.77 * gpgme from version 1.13.1 to version 1.16.0 * icu4c from version 69.1 to version 70.1 * libgpg-error from version 1.37 to version 1.43 * libassuan from version 2.5.3 to version 2.5.5 * pdfium from version 4500 to version 4699 * skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to m97-a7230803d64ae9d44f4e1282444801119a3ae967 - Do not depend on serf anymore but use curl. - Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616) - Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212) - Bullets appear larger and green instead of black. (bsc#1195881) - Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499) - Enable GTK3 in KDE with the KDE filepicker. (bsc#1197017) * The GTK3 interface is more stable than the qt5/kf5 one. liborcus: - Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-24020) - Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-24020) - Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-24020) - Build with libtool and use autotools. (jsc#SLE-24020) mdds-2_0: - Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-24020) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-2927=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-2927=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): abseil-cpp-20211102.0-1.12 libixion-0_17-0-0.17.0-1.9 libixion-0_17-0-debuginfo-0.17.0-1.9 libixion-debugsource-0.17.0-1.9 liborcus-0_17-0-0.17.2-1.11 liborcus-0_17-0-debuginfo-0.17.2-1.11 liborcus-debugsource-0.17.2-1.11 libreoffice-7.3.3.1-48.25.7 libreoffice-base-7.3.3.1-48.25.7 libreoffice-base-debuginfo-7.3.3.1-48.25.7 libreoffice-base-drivers-postgresql-7.3.3.1-48.25.7 libreoffice-base-drivers-postgresql-debuginfo-7.3.3.1-48.25.7 libreoffice-calc-7.3.3.1-48.25.7 libreoffice-calc-debuginfo-7.3.3.1-48.25.7 libreoffice-calc-extensions-7.3.3.1-48.25.7 libreoffice-debuginfo-7.3.3.1-48.25.7 libreoffice-debugsource-7.3.3.1-48.25.7 libreoffice-draw-7.3.3.1-48.25.7 libreoffice-draw-debuginfo-7.3.3.1-48.25.7 libreoffice-filters-optional-7.3.3.1-48.25.7 libreoffice-gnome-7.3.3.1-48.25.7 libreoffice-gnome-debuginfo-7.3.3.1-48.25.7 libreoffice-gtk3-7.3.3.1-48.25.7 libreoffice-gtk3-debuginfo-7.3.3.1-48.25.7 libreoffice-impress-7.3.3.1-48.25.7 libreoffice-impress-debuginfo-7.3.3.1-48.25.7 libreoffice-librelogo-7.3.3.1-48.25.7 libreoffice-mailmerge-7.3.3.1-48.25.7 libreoffice-math-7.3.3.1-48.25.7 libreoffice-math-debuginfo-7.3.3.1-48.25.7 libreoffice-officebean-7.3.3.1-48.25.7 libreoffice-officebean-debuginfo-7.3.3.1-48.25.7 libreoffice-pyuno-7.3.3.1-48.25.7 libreoffice-pyuno-debuginfo-7.3.3.1-48.25.7 libreoffice-writer-7.3.3.1-48.25.7 libreoffice-writer-debuginfo-7.3.3.1-48.25.7 libreoffice-writer-extensions-7.3.3.1-48.25.7 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): libreoffice-branding-upstream-7.3.3.1-48.25.7 libreoffice-icon-themes-7.3.3.1-48.25.7 libreoffice-l10n-af-7.3.3.1-48.25.7 libreoffice-l10n-ar-7.3.3.1-48.25.7 libreoffice-l10n-bg-7.3.3.1-48.25.7 libreoffice-l10n-ca-7.3.3.1-48.25.7 libreoffice-l10n-cs-7.3.3.1-48.25.7 libreoffice-l10n-da-7.3.3.1-48.25.7 libreoffice-l10n-de-7.3.3.1-48.25.7 libreoffice-l10n-en-7.3.3.1-48.25.7 libreoffice-l10n-es-7.3.3.1-48.25.7 libreoffice-l10n-fi-7.3.3.1-48.25.7 libreoffice-l10n-fr-7.3.3.1-48.25.7 libreoffice-l10n-gu-7.3.3.1-48.25.7 libreoffice-l10n-hi-7.3.3.1-48.25.7 libreoffice-l10n-hr-7.3.3.1-48.25.7 libreoffice-l10n-hu-7.3.3.1-48.25.7 libreoffice-l10n-it-7.3.3.1-48.25.7 libreoffice-l10n-ja-7.3.3.1-48.25.7 libreoffice-l10n-ko-7.3.3.1-48.25.7 libreoffice-l10n-lt-7.3.3.1-48.25.7 libreoffice-l10n-nb-7.3.3.1-48.25.7 libreoffice-l10n-nl-7.3.3.1-48.25.7 libreoffice-l10n-nn-7.3.3.1-48.25.7 libreoffice-l10n-pl-7.3.3.1-48.25.7 libreoffice-l10n-pt_BR-7.3.3.1-48.25.7 libreoffice-l10n-pt_PT-7.3.3.1-48.25.7 libreoffice-l10n-ro-7.3.3.1-48.25.7 libreoffice-l10n-ru-7.3.3.1-48.25.7 libreoffice-l10n-sk-7.3.3.1-48.25.7 libreoffice-l10n-sv-7.3.3.1-48.25.7 libreoffice-l10n-uk-7.3.3.1-48.25.7 libreoffice-l10n-xh-7.3.3.1-48.25.7 libreoffice-l10n-zh_CN-7.3.3.1-48.25.7 libreoffice-l10n-zh_TW-7.3.3.1-48.25.7 libreoffice-l10n-zu-7.3.3.1-48.25.7 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): abseil-cpp-20211102.0-1.12 abseil-cpp-debuginfo-20211102.0-1.12 abseil-cpp-debugsource-20211102.0-1.12 abseil-cpp-devel-20211102.0-1.12 libcuckoo-devel-0.3-1.12 libixion-0_17-0-0.17.0-1.9 libixion-0_17-0-debuginfo-0.17.0-1.9 libixion-debugsource-0.17.0-1.9 libixion-devel-0.17.0-1.9 liborcus-0_17-0-0.17.2-1.11 liborcus-0_17-0-debuginfo-0.17.2-1.11 liborcus-debugsource-0.17.2-1.11 liborcus-devel-0.17.2-1.11 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): mdds-2_0-devel-2.0.2-1.8 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): libreoffice-debuginfo-7.3.3.1-48.25.7 libreoffice-debugsource-7.3.3.1-48.25.7 libreoffice-sdk-7.3.3.1-48.25.7 libreoffice-sdk-debuginfo-7.3.3.1-48.25.7 References: https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1183308 https://bugzilla.suse.com/1192616 https://bugzilla.suse.com/1195881 https://bugzilla.suse.com/1196017 https://bugzilla.suse.com/1196212 https://bugzilla.suse.com/1196499 https://bugzilla.suse.com/1197017 From sle-updates at lists.suse.com Mon Aug 29 13:18:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 15:18:28 +0200 (CEST) Subject: SUSE-RU-2022:2928-1: moderate: Recommended update for bluez Message-ID: <20220829131828.A2ED8FE10@maintenance.suse.de> SUSE Recommended Update: Recommended update for bluez ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2928-1 Rating: moderate References: #1201060 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of bluez ships the missing bluez-deprecated package. (bsc#1201060) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2928=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2928=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2928=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2928=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bluez-5.62-150400.4.2.1 bluez-cups-5.62-150400.4.2.1 bluez-cups-debuginfo-5.62-150400.4.2.1 bluez-debuginfo-5.62-150400.4.2.1 bluez-debugsource-5.62-150400.4.2.1 bluez-deprecated-5.62-150400.4.2.1 bluez-deprecated-debuginfo-5.62-150400.4.2.1 bluez-devel-5.62-150400.4.2.1 bluez-test-5.62-150400.4.2.1 bluez-test-debuginfo-5.62-150400.4.2.1 libbluetooth3-5.62-150400.4.2.1 libbluetooth3-debuginfo-5.62-150400.4.2.1 - openSUSE Leap 15.4 (noarch): bluez-auto-enable-devices-5.62-150400.4.2.1 - openSUSE Leap 15.4 (x86_64): bluez-devel-32bit-5.62-150400.4.2.1 libbluetooth3-32bit-5.62-150400.4.2.1 libbluetooth3-32bit-debuginfo-5.62-150400.4.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): bluez-cups-5.62-150400.4.2.1 bluez-cups-debuginfo-5.62-150400.4.2.1 bluez-debuginfo-5.62-150400.4.2.1 bluez-debugsource-5.62-150400.4.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.62-150400.4.2.1 bluez-debugsource-5.62-150400.4.2.1 bluez-devel-5.62-150400.4.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): bluez-5.62-150400.4.2.1 bluez-debuginfo-5.62-150400.4.2.1 bluez-debugsource-5.62-150400.4.2.1 bluez-deprecated-5.62-150400.4.2.1 bluez-deprecated-debuginfo-5.62-150400.4.2.1 libbluetooth3-5.62-150400.4.2.1 libbluetooth3-debuginfo-5.62-150400.4.2.1 References: https://bugzilla.suse.com/1201060 From sle-updates at lists.suse.com Mon Aug 29 13:19:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 15:19:05 +0200 (CEST) Subject: SUSE-RU-2022:2930-1: important: Recommended update for timezone Message-ID: <20220829131905.6578CFE10@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2930-1 Rating: important References: #1202310 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2930=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2930=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2930=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2930=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2930=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2930=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2930=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): timezone-2022a-74.61.1 timezone-debuginfo-2022a-74.61.1 timezone-debugsource-2022a-74.61.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): timezone-java-2022a-0.74.61.1 - SUSE OpenStack Cloud 9 (noarch): timezone-java-2022a-0.74.61.1 - SUSE OpenStack Cloud 9 (x86_64): timezone-2022a-74.61.1 timezone-debuginfo-2022a-74.61.1 timezone-debugsource-2022a-74.61.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): timezone-2022a-74.61.1 timezone-debuginfo-2022a-74.61.1 timezone-debugsource-2022a-74.61.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): timezone-java-2022a-0.74.61.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): timezone-2022a-74.61.1 timezone-debuginfo-2022a-74.61.1 timezone-debugsource-2022a-74.61.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): timezone-java-2022a-0.74.61.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022a-74.61.1 timezone-debuginfo-2022a-74.61.1 timezone-debugsource-2022a-74.61.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): timezone-java-2022a-0.74.61.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): timezone-java-2022a-0.74.61.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): timezone-2022a-74.61.1 timezone-debuginfo-2022a-74.61.1 timezone-debugsource-2022a-74.61.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): timezone-java-2022a-0.74.61.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): timezone-2022a-74.61.1 timezone-debuginfo-2022a-74.61.1 timezone-debugsource-2022a-74.61.1 References: https://bugzilla.suse.com/1202310 From sle-updates at lists.suse.com Mon Aug 29 13:19:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 15:19:53 +0200 (CEST) Subject: SUSE-FU-2022:2926-1: moderate: Feature update for LibreOffice Message-ID: <20220829131953.69C66FE10@maintenance.suse.de> SUSE Feature Update: Feature update for LibreOffice ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:2926-1 Rating: moderate References: #1041090 #1183308 #1192616 #1195881 #1196017 #1196212 #1196499 #1197017 MSC-303 SLE-23447 SLE-24021 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 8 feature fixes and contains three features can now be installed. Description: This feature update for LibreOffice provides the following fixes: abseil-cpp: - Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447) - Mention already fixed issues. (fate#326485, bsc#1041090) libcuckoo: - Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447) libixion: - Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447) - Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447) - Build with gcc11 and gcc11-c++. (jsc#SLE-23447) - Remove unneeded vulkan dependency - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) libreoffice: - Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021) * Update bundled dependencies: * gpgme from version 1.13.1 to version 1.16.0 * libgpg-error from version 1.37 to version 1.43 * libassuan from version 2.5.3 to version 2.5.5 * pdfium from version 4500 to version 4699 * skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967 * boost from version 1_75 to version 1_77 * icu4c from version 69_1 to version 70_1 * On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer * New build dependencies: * abseil-cpp-devel * libassuan0 * libcuckoo-devel * libopenjp2 * requrire liborcus-0.17 instead of liborcus-0.16 * requrire mdds-2.0 instead of mdds-1.5 * Do not use serf-1 anymore but use curl instead. * Other fixes: * Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616) * Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212) * Bullets appear larger and green instead of black. (bsc#1195881) * Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017) * Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499) liborcus: - Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447) - Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447) - Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447) - Build with libtool and use autotools. (jsc#SLE-23447) - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) mdds-2_0: - Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447) myspell-dictionaries: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. ucpp: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. xmlsec1: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303) - There are no visible changes for the final user. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2926=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2926=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2926=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-2926=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2926=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2926=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2926=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2926=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2926=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2926=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2926=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2926=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): abseil-cpp-20211102.0-150300.7.3.1 abseil-cpp-debuginfo-20211102.0-150300.7.3.1 abseil-cpp-debugsource-20211102.0-150300.7.3.1 abseil-cpp-devel-20211102.0-150300.7.3.1 libcuckoo-devel-0.3-150300.7.3.1 libixion-0_17-0-0.17.0-150300.11.3.1 libixion-0_17-0-debuginfo-0.17.0-150300.11.3.1 libixion-debuginfo-0.17.0-150300.11.3.1 libixion-debugsource-0.17.0-150300.11.3.1 libixion-devel-0.17.0-150300.11.3.1 libixion-tools-0.17.0-150300.11.3.1 libixion-tools-debuginfo-0.17.0-150300.11.3.1 liborcus-0_17-0-0.17.2-150300.10.3.1 liborcus-0_17-0-debuginfo-0.17.2-150300.10.3.1 liborcus-debuginfo-0.17.2-150300.10.3.1 liborcus-debugsource-0.17.2-150300.10.3.1 liborcus-devel-0.17.2-150300.10.3.1 liborcus-tools-0.17.2-150300.10.3.1 liborcus-tools-debuginfo-0.17.2-150300.10.3.1 libucpp13-1.3.4-150000.3.6.1 libucpp13-debuginfo-1.3.4-150000.3.6.1 libxmlsec1-1-1.2.28-150100.7.11.1 libxmlsec1-1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-gcrypt1-1.2.28-150100.7.11.1 libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-gnutls1-1.2.28-150100.7.11.1 libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-nss1-1.2.28-150100.7.11.1 libxmlsec1-nss1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-openssl1-1.2.28-150100.7.11.1 libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.11.1 myspell-dictionaries-20191219-150000.3.23.1 myspell-lightproof-en-20191219-150000.3.23.1 myspell-lightproof-hu_HU-20191219-150000.3.23.1 myspell-lightproof-pt_BR-20191219-150000.3.23.1 myspell-lightproof-ru_RU-20191219-150000.3.23.1 python3-libixion-0.17.0-150300.11.3.1 python3-libixion-debuginfo-0.17.0-150300.11.3.1 python3-liborcus-0.17.2-150300.10.3.1 python3-liborcus-debuginfo-0.17.2-150300.10.3.1 ucpp-1.3.4-150000.3.6.1 ucpp-debuginfo-1.3.4-150000.3.6.1 ucpp-debugsource-1.3.4-150000.3.6.1 ucpp-devel-1.3.4-150000.3.6.1 xmlsec1-1.2.28-150100.7.11.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 xmlsec1-devel-1.2.28-150100.7.11.1 xmlsec1-gcrypt-devel-1.2.28-150100.7.11.1 xmlsec1-gnutls-devel-1.2.28-150100.7.11.1 xmlsec1-nss-devel-1.2.28-150100.7.11.1 xmlsec1-openssl-devel-1.2.28-150100.7.11.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): libreoffice-7.3.3.1-150300.14.22.21.20 libreoffice-base-7.3.3.1-150300.14.22.21.20 libreoffice-base-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-7.3.3.1-150300.14.22.21.20 libreoffice-calc-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-extensions-7.3.3.1-150300.14.22.21.20 libreoffice-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-debugsource-7.3.3.1-150300.14.22.21.20 libreoffice-draw-7.3.3.1-150300.14.22.21.20 libreoffice-draw-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-filters-optional-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-impress-7.3.3.1-150300.14.22.21.20 libreoffice-impress-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-librelogo-7.3.3.1-150300.14.22.21.20 libreoffice-mailmerge-7.3.3.1-150300.14.22.21.20 libreoffice-math-7.3.3.1-150300.14.22.21.20 libreoffice-math-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-qt5-7.3.3.1-150300.14.22.21.20 libreoffice-qt5-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-doc-7.3.3.1-150300.14.22.21.20 libreoffice-writer-7.3.3.1-150300.14.22.21.20 libreoffice-writer-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-writer-extensions-7.3.3.1-150300.14.22.21.20 libreofficekit-7.3.3.1-150300.14.22.21.20 libreofficekit-devel-7.3.3.1-150300.14.22.21.20 - openSUSE Leap 15.4 (noarch): libreoffice-branding-upstream-7.3.3.1-150300.14.22.21.20 libreoffice-gdb-pretty-printers-7.3.3.1-150300.14.22.21.20 libreoffice-glade-7.3.3.1-150300.14.22.21.20 libreoffice-icon-themes-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-af-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-am-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ar-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-as-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ast-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-be-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn_IN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-br-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-brx-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca_valencia-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ckb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-da-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-de-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dgo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dsb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-el-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en_GB-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en_ZA-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-es-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-et-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fur-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ga-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gd-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gug-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-he-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hsb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-id-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-is-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-it-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ja-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ka-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kab-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-km-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kmr_Latn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ko-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kok-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ks-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mai-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ml-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mni-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-my-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ne-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nso-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-oc-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-om-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-or-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_BR-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_PT-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ro-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ru-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-rw-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sa_IN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sat-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sd-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-si-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sid-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sq-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ss-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-st-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sw_TZ-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-szl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ta-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-te-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-th-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ts-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ug-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ve-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-vec-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-vi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-xh-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_CN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_TW-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zu-7.3.3.1-150300.14.22.21.20 mdds-2_0-devel-2.0.2-150300.7.3.1 myspell-af_NA-20191219-150000.3.23.1 myspell-af_ZA-20191219-150000.3.23.1 myspell-an-20191219-150000.3.23.1 myspell-an_ES-20191219-150000.3.23.1 myspell-ar-20191219-150000.3.23.1 myspell-ar_AE-20191219-150000.3.23.1 myspell-ar_BH-20191219-150000.3.23.1 myspell-ar_DZ-20191219-150000.3.23.1 myspell-ar_EG-20191219-150000.3.23.1 myspell-ar_IQ-20191219-150000.3.23.1 myspell-ar_JO-20191219-150000.3.23.1 myspell-ar_KW-20191219-150000.3.23.1 myspell-ar_LB-20191219-150000.3.23.1 myspell-ar_LY-20191219-150000.3.23.1 myspell-ar_MA-20191219-150000.3.23.1 myspell-ar_OM-20191219-150000.3.23.1 myspell-ar_QA-20191219-150000.3.23.1 myspell-ar_SA-20191219-150000.3.23.1 myspell-ar_SD-20191219-150000.3.23.1 myspell-ar_SY-20191219-150000.3.23.1 myspell-ar_TN-20191219-150000.3.23.1 myspell-ar_YE-20191219-150000.3.23.1 myspell-be_BY-20191219-150000.3.23.1 myspell-bg_BG-20191219-150000.3.23.1 myspell-bn_BD-20191219-150000.3.23.1 myspell-bn_IN-20191219-150000.3.23.1 myspell-bo-20191219-150000.3.23.1 myspell-bo_CN-20191219-150000.3.23.1 myspell-bo_IN-20191219-150000.3.23.1 myspell-br_FR-20191219-150000.3.23.1 myspell-bs-20191219-150000.3.23.1 myspell-bs_BA-20191219-150000.3.23.1 myspell-ca-20191219-150000.3.23.1 myspell-ca_AD-20191219-150000.3.23.1 myspell-ca_ES-20191219-150000.3.23.1 myspell-ca_ES_valencia-20191219-150000.3.23.1 myspell-ca_FR-20191219-150000.3.23.1 myspell-ca_IT-20191219-150000.3.23.1 myspell-cs_CZ-20191219-150000.3.23.1 myspell-da_DK-20191219-150000.3.23.1 myspell-de-20191219-150000.3.23.1 myspell-de_AT-20191219-150000.3.23.1 myspell-de_CH-20191219-150000.3.23.1 myspell-de_DE-20191219-150000.3.23.1 myspell-el_GR-20191219-150000.3.23.1 myspell-en-20191219-150000.3.23.1 myspell-en_AU-20191219-150000.3.23.1 myspell-en_BS-20191219-150000.3.23.1 myspell-en_BZ-20191219-150000.3.23.1 myspell-en_CA-20191219-150000.3.23.1 myspell-en_GB-20191219-150000.3.23.1 myspell-en_GH-20191219-150000.3.23.1 myspell-en_IE-20191219-150000.3.23.1 myspell-en_IN-20191219-150000.3.23.1 myspell-en_JM-20191219-150000.3.23.1 myspell-en_MW-20191219-150000.3.23.1 myspell-en_NA-20191219-150000.3.23.1 myspell-en_NZ-20191219-150000.3.23.1 myspell-en_PH-20191219-150000.3.23.1 myspell-en_TT-20191219-150000.3.23.1 myspell-en_US-20191219-150000.3.23.1 myspell-en_ZA-20191219-150000.3.23.1 myspell-en_ZW-20191219-150000.3.23.1 myspell-es-20191219-150000.3.23.1 myspell-es_AR-20191219-150000.3.23.1 myspell-es_BO-20191219-150000.3.23.1 myspell-es_CL-20191219-150000.3.23.1 myspell-es_CO-20191219-150000.3.23.1 myspell-es_CR-20191219-150000.3.23.1 myspell-es_CU-20191219-150000.3.23.1 myspell-es_DO-20191219-150000.3.23.1 myspell-es_EC-20191219-150000.3.23.1 myspell-es_ES-20191219-150000.3.23.1 myspell-es_GT-20191219-150000.3.23.1 myspell-es_HN-20191219-150000.3.23.1 myspell-es_MX-20191219-150000.3.23.1 myspell-es_NI-20191219-150000.3.23.1 myspell-es_PA-20191219-150000.3.23.1 myspell-es_PE-20191219-150000.3.23.1 myspell-es_PR-20191219-150000.3.23.1 myspell-es_PY-20191219-150000.3.23.1 myspell-es_SV-20191219-150000.3.23.1 myspell-es_UY-20191219-150000.3.23.1 myspell-es_VE-20191219-150000.3.23.1 myspell-et_EE-20191219-150000.3.23.1 myspell-fr_BE-20191219-150000.3.23.1 myspell-fr_CA-20191219-150000.3.23.1 myspell-fr_CH-20191219-150000.3.23.1 myspell-fr_FR-20191219-150000.3.23.1 myspell-fr_LU-20191219-150000.3.23.1 myspell-fr_MC-20191219-150000.3.23.1 myspell-gd_GB-20191219-150000.3.23.1 myspell-gl-20191219-150000.3.23.1 myspell-gl_ES-20191219-150000.3.23.1 myspell-gu_IN-20191219-150000.3.23.1 myspell-gug-20191219-150000.3.23.1 myspell-gug_PY-20191219-150000.3.23.1 myspell-he_IL-20191219-150000.3.23.1 myspell-hi_IN-20191219-150000.3.23.1 myspell-hr_HR-20191219-150000.3.23.1 myspell-hu_HU-20191219-150000.3.23.1 myspell-id-20191219-150000.3.23.1 myspell-id_ID-20191219-150000.3.23.1 myspell-is-20191219-150000.3.23.1 myspell-is_IS-20191219-150000.3.23.1 myspell-it_IT-20191219-150000.3.23.1 myspell-kmr_Latn-20191219-150000.3.23.1 myspell-kmr_Latn_SY-20191219-150000.3.23.1 myspell-kmr_Latn_TR-20191219-150000.3.23.1 myspell-lo_LA-20191219-150000.3.23.1 myspell-lt_LT-20191219-150000.3.23.1 myspell-lv_LV-20191219-150000.3.23.1 myspell-nb_NO-20191219-150000.3.23.1 myspell-ne_NP-20191219-150000.3.23.1 myspell-nl_BE-20191219-150000.3.23.1 myspell-nl_NL-20191219-150000.3.23.1 myspell-nn_NO-20191219-150000.3.23.1 myspell-no-20191219-150000.3.23.1 myspell-oc_FR-20191219-150000.3.23.1 myspell-pl_PL-20191219-150000.3.23.1 myspell-pt_AO-20191219-150000.3.23.1 myspell-pt_BR-20191219-150000.3.23.1 myspell-pt_PT-20191219-150000.3.23.1 myspell-ro-20191219-150000.3.23.1 myspell-ro_RO-20191219-150000.3.23.1 myspell-ru_RU-20191219-150000.3.23.1 myspell-si_LK-20191219-150000.3.23.1 myspell-sk_SK-20191219-150000.3.23.1 myspell-sl_SI-20191219-150000.3.23.1 myspell-sq_AL-20191219-150000.3.23.1 myspell-sr-20191219-150000.3.23.1 myspell-sr_CS-20191219-150000.3.23.1 myspell-sr_Latn_CS-20191219-150000.3.23.1 myspell-sr_Latn_RS-20191219-150000.3.23.1 myspell-sr_RS-20191219-150000.3.23.1 myspell-sv_FI-20191219-150000.3.23.1 myspell-sv_SE-20191219-150000.3.23.1 myspell-sw_TZ-20191219-150000.3.23.1 myspell-te-20191219-150000.3.23.1 myspell-te_IN-20191219-150000.3.23.1 myspell-th_TH-20191219-150000.3.23.1 myspell-tr-20191219-150000.3.23.1 myspell-tr_TR-20191219-150000.3.23.1 myspell-uk_UA-20191219-150000.3.23.1 myspell-vi-20191219-150000.3.23.1 myspell-vi_VN-20191219-150000.3.23.1 myspell-zu_ZA-20191219-150000.3.23.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): abseil-cpp-20211102.0-150300.7.3.1 abseil-cpp-debuginfo-20211102.0-150300.7.3.1 abseil-cpp-debugsource-20211102.0-150300.7.3.1 abseil-cpp-devel-20211102.0-150300.7.3.1 libcuckoo-devel-0.3-150300.7.3.1 libixion-0_17-0-0.17.0-150300.11.3.1 libixion-0_17-0-debuginfo-0.17.0-150300.11.3.1 libixion-debuginfo-0.17.0-150300.11.3.1 libixion-debugsource-0.17.0-150300.11.3.1 libixion-devel-0.17.0-150300.11.3.1 libixion-tools-0.17.0-150300.11.3.1 libixion-tools-debuginfo-0.17.0-150300.11.3.1 liborcus-0_17-0-0.17.2-150300.10.3.1 liborcus-0_17-0-debuginfo-0.17.2-150300.10.3.1 liborcus-debuginfo-0.17.2-150300.10.3.1 liborcus-debugsource-0.17.2-150300.10.3.1 liborcus-devel-0.17.2-150300.10.3.1 liborcus-tools-0.17.2-150300.10.3.1 liborcus-tools-debuginfo-0.17.2-150300.10.3.1 libucpp13-1.3.4-150000.3.6.1 libucpp13-debuginfo-1.3.4-150000.3.6.1 libxmlsec1-1-1.2.28-150100.7.11.1 libxmlsec1-1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-gcrypt1-1.2.28-150100.7.11.1 libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-gnutls1-1.2.28-150100.7.11.1 libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-nss1-1.2.28-150100.7.11.1 libxmlsec1-nss1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-openssl1-1.2.28-150100.7.11.1 libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.11.1 myspell-dictionaries-20191219-150000.3.23.1 myspell-lightproof-en-20191219-150000.3.23.1 myspell-lightproof-hu_HU-20191219-150000.3.23.1 myspell-lightproof-pt_BR-20191219-150000.3.23.1 myspell-lightproof-ru_RU-20191219-150000.3.23.1 python3-libixion-0.17.0-150300.11.3.1 python3-libixion-debuginfo-0.17.0-150300.11.3.1 python3-liborcus-0.17.2-150300.10.3.1 python3-liborcus-debuginfo-0.17.2-150300.10.3.1 ucpp-1.3.4-150000.3.6.1 ucpp-debuginfo-1.3.4-150000.3.6.1 ucpp-debugsource-1.3.4-150000.3.6.1 ucpp-devel-1.3.4-150000.3.6.1 xmlsec1-1.2.28-150100.7.11.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 xmlsec1-devel-1.2.28-150100.7.11.1 xmlsec1-gcrypt-devel-1.2.28-150100.7.11.1 xmlsec1-gnutls-devel-1.2.28-150100.7.11.1 xmlsec1-nss-devel-1.2.28-150100.7.11.1 xmlsec1-openssl-devel-1.2.28-150100.7.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): libreoffice-7.3.3.1-150300.14.22.21.20 libreoffice-base-7.3.3.1-150300.14.22.21.20 libreoffice-base-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-7.3.3.1-150300.14.22.21.20 libreoffice-calc-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-extensions-7.3.3.1-150300.14.22.21.20 libreoffice-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-debugsource-7.3.3.1-150300.14.22.21.20 libreoffice-draw-7.3.3.1-150300.14.22.21.20 libreoffice-draw-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-filters-optional-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-impress-7.3.3.1-150300.14.22.21.20 libreoffice-impress-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-librelogo-7.3.3.1-150300.14.22.21.20 libreoffice-mailmerge-7.3.3.1-150300.14.22.21.20 libreoffice-math-7.3.3.1-150300.14.22.21.20 libreoffice-math-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-qt5-7.3.3.1-150300.14.22.21.20 libreoffice-qt5-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-doc-7.3.3.1-150300.14.22.21.20 libreoffice-writer-7.3.3.1-150300.14.22.21.20 libreoffice-writer-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-writer-extensions-7.3.3.1-150300.14.22.21.20 libreofficekit-7.3.3.1-150300.14.22.21.20 libreofficekit-devel-7.3.3.1-150300.14.22.21.20 - openSUSE Leap 15.3 (noarch): libreoffice-branding-upstream-7.3.3.1-150300.14.22.21.20 libreoffice-gdb-pretty-printers-7.3.3.1-150300.14.22.21.20 libreoffice-glade-7.3.3.1-150300.14.22.21.20 libreoffice-icon-themes-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-af-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-am-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ar-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-as-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ast-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-be-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn_IN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-br-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-brx-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca_valencia-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ckb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-da-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-de-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dgo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dsb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-el-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en_GB-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en_ZA-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-es-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-et-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fur-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ga-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gd-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gug-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-he-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hsb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-id-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-is-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-it-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ja-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ka-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kab-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-km-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kmr_Latn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ko-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kok-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ks-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mai-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ml-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mni-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-my-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ne-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nso-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-oc-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-om-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-or-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_BR-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_PT-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ro-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ru-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-rw-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sa_IN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sat-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sd-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-si-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sid-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sq-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ss-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-st-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sw_TZ-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-szl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ta-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-te-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-th-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ts-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ug-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ve-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-vec-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-vi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-xh-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_CN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_TW-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zu-7.3.3.1-150300.14.22.21.20 mdds-2_0-devel-2.0.2-150300.7.3.1 myspell-af_NA-20191219-150000.3.23.1 myspell-af_ZA-20191219-150000.3.23.1 myspell-an-20191219-150000.3.23.1 myspell-an_ES-20191219-150000.3.23.1 myspell-ar-20191219-150000.3.23.1 myspell-ar_AE-20191219-150000.3.23.1 myspell-ar_BH-20191219-150000.3.23.1 myspell-ar_DZ-20191219-150000.3.23.1 myspell-ar_EG-20191219-150000.3.23.1 myspell-ar_IQ-20191219-150000.3.23.1 myspell-ar_JO-20191219-150000.3.23.1 myspell-ar_KW-20191219-150000.3.23.1 myspell-ar_LB-20191219-150000.3.23.1 myspell-ar_LY-20191219-150000.3.23.1 myspell-ar_MA-20191219-150000.3.23.1 myspell-ar_OM-20191219-150000.3.23.1 myspell-ar_QA-20191219-150000.3.23.1 myspell-ar_SA-20191219-150000.3.23.1 myspell-ar_SD-20191219-150000.3.23.1 myspell-ar_SY-20191219-150000.3.23.1 myspell-ar_TN-20191219-150000.3.23.1 myspell-ar_YE-20191219-150000.3.23.1 myspell-be_BY-20191219-150000.3.23.1 myspell-bg_BG-20191219-150000.3.23.1 myspell-bn_BD-20191219-150000.3.23.1 myspell-bn_IN-20191219-150000.3.23.1 myspell-bo-20191219-150000.3.23.1 myspell-bo_CN-20191219-150000.3.23.1 myspell-bo_IN-20191219-150000.3.23.1 myspell-br_FR-20191219-150000.3.23.1 myspell-bs-20191219-150000.3.23.1 myspell-bs_BA-20191219-150000.3.23.1 myspell-ca-20191219-150000.3.23.1 myspell-ca_AD-20191219-150000.3.23.1 myspell-ca_ES-20191219-150000.3.23.1 myspell-ca_ES_valencia-20191219-150000.3.23.1 myspell-ca_FR-20191219-150000.3.23.1 myspell-ca_IT-20191219-150000.3.23.1 myspell-cs_CZ-20191219-150000.3.23.1 myspell-da_DK-20191219-150000.3.23.1 myspell-de-20191219-150000.3.23.1 myspell-de_AT-20191219-150000.3.23.1 myspell-de_CH-20191219-150000.3.23.1 myspell-de_DE-20191219-150000.3.23.1 myspell-el_GR-20191219-150000.3.23.1 myspell-en-20191219-150000.3.23.1 myspell-en_AU-20191219-150000.3.23.1 myspell-en_BS-20191219-150000.3.23.1 myspell-en_BZ-20191219-150000.3.23.1 myspell-en_CA-20191219-150000.3.23.1 myspell-en_GB-20191219-150000.3.23.1 myspell-en_GH-20191219-150000.3.23.1 myspell-en_IE-20191219-150000.3.23.1 myspell-en_IN-20191219-150000.3.23.1 myspell-en_JM-20191219-150000.3.23.1 myspell-en_MW-20191219-150000.3.23.1 myspell-en_NA-20191219-150000.3.23.1 myspell-en_NZ-20191219-150000.3.23.1 myspell-en_PH-20191219-150000.3.23.1 myspell-en_TT-20191219-150000.3.23.1 myspell-en_US-20191219-150000.3.23.1 myspell-en_ZA-20191219-150000.3.23.1 myspell-en_ZW-20191219-150000.3.23.1 myspell-es-20191219-150000.3.23.1 myspell-es_AR-20191219-150000.3.23.1 myspell-es_BO-20191219-150000.3.23.1 myspell-es_CL-20191219-150000.3.23.1 myspell-es_CO-20191219-150000.3.23.1 myspell-es_CR-20191219-150000.3.23.1 myspell-es_CU-20191219-150000.3.23.1 myspell-es_DO-20191219-150000.3.23.1 myspell-es_EC-20191219-150000.3.23.1 myspell-es_ES-20191219-150000.3.23.1 myspell-es_GT-20191219-150000.3.23.1 myspell-es_HN-20191219-150000.3.23.1 myspell-es_MX-20191219-150000.3.23.1 myspell-es_NI-20191219-150000.3.23.1 myspell-es_PA-20191219-150000.3.23.1 myspell-es_PE-20191219-150000.3.23.1 myspell-es_PR-20191219-150000.3.23.1 myspell-es_PY-20191219-150000.3.23.1 myspell-es_SV-20191219-150000.3.23.1 myspell-es_UY-20191219-150000.3.23.1 myspell-es_VE-20191219-150000.3.23.1 myspell-et_EE-20191219-150000.3.23.1 myspell-fr_BE-20191219-150000.3.23.1 myspell-fr_CA-20191219-150000.3.23.1 myspell-fr_CH-20191219-150000.3.23.1 myspell-fr_FR-20191219-150000.3.23.1 myspell-fr_LU-20191219-150000.3.23.1 myspell-fr_MC-20191219-150000.3.23.1 myspell-gd_GB-20191219-150000.3.23.1 myspell-gl-20191219-150000.3.23.1 myspell-gl_ES-20191219-150000.3.23.1 myspell-gu_IN-20191219-150000.3.23.1 myspell-gug-20191219-150000.3.23.1 myspell-gug_PY-20191219-150000.3.23.1 myspell-he_IL-20191219-150000.3.23.1 myspell-hi_IN-20191219-150000.3.23.1 myspell-hr_HR-20191219-150000.3.23.1 myspell-hu_HU-20191219-150000.3.23.1 myspell-id-20191219-150000.3.23.1 myspell-id_ID-20191219-150000.3.23.1 myspell-is-20191219-150000.3.23.1 myspell-is_IS-20191219-150000.3.23.1 myspell-it_IT-20191219-150000.3.23.1 myspell-kmr_Latn-20191219-150000.3.23.1 myspell-kmr_Latn_SY-20191219-150000.3.23.1 myspell-kmr_Latn_TR-20191219-150000.3.23.1 myspell-lo_LA-20191219-150000.3.23.1 myspell-lt_LT-20191219-150000.3.23.1 myspell-lv_LV-20191219-150000.3.23.1 myspell-nb_NO-20191219-150000.3.23.1 myspell-ne_NP-20191219-150000.3.23.1 myspell-nl_BE-20191219-150000.3.23.1 myspell-nl_NL-20191219-150000.3.23.1 myspell-nn_NO-20191219-150000.3.23.1 myspell-no-20191219-150000.3.23.1 myspell-oc_FR-20191219-150000.3.23.1 myspell-pl_PL-20191219-150000.3.23.1 myspell-pt_AO-20191219-150000.3.23.1 myspell-pt_BR-20191219-150000.3.23.1 myspell-pt_PT-20191219-150000.3.23.1 myspell-ro-20191219-150000.3.23.1 myspell-ro_RO-20191219-150000.3.23.1 myspell-ru_RU-20191219-150000.3.23.1 myspell-si_LK-20191219-150000.3.23.1 myspell-sk_SK-20191219-150000.3.23.1 myspell-sl_SI-20191219-150000.3.23.1 myspell-sq_AL-20191219-150000.3.23.1 myspell-sr-20191219-150000.3.23.1 myspell-sr_CS-20191219-150000.3.23.1 myspell-sr_Latn_CS-20191219-150000.3.23.1 myspell-sr_Latn_RS-20191219-150000.3.23.1 myspell-sr_RS-20191219-150000.3.23.1 myspell-sv_FI-20191219-150000.3.23.1 myspell-sv_SE-20191219-150000.3.23.1 myspell-sw_TZ-20191219-150000.3.23.1 myspell-te-20191219-150000.3.23.1 myspell-te_IN-20191219-150000.3.23.1 myspell-th_TH-20191219-150000.3.23.1 myspell-tr-20191219-150000.3.23.1 myspell-tr_TR-20191219-150000.3.23.1 myspell-uk_UA-20191219-150000.3.23.1 myspell-vi-20191219-150000.3.23.1 myspell-vi_VN-20191219-150000.3.23.1 myspell-zu_ZA-20191219-150000.3.23.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): abseil-cpp-20211102.0-150300.7.3.1 abseil-cpp-debuginfo-20211102.0-150300.7.3.1 abseil-cpp-debugsource-20211102.0-150300.7.3.1 abseil-cpp-devel-20211102.0-150300.7.3.1 libcuckoo-devel-0.3-150300.7.3.1 libixion-0_17-0-0.17.0-150300.11.3.1 libixion-0_17-0-debuginfo-0.17.0-150300.11.3.1 libixion-debuginfo-0.17.0-150300.11.3.1 libixion-debugsource-0.17.0-150300.11.3.1 liborcus-0_17-0-0.17.2-150300.10.3.1 liborcus-0_17-0-debuginfo-0.17.2-150300.10.3.1 liborcus-debuginfo-0.17.2-150300.10.3.1 liborcus-debugsource-0.17.2-150300.10.3.1 liborcus-devel-0.17.2-150300.10.3.1 libreoffice-7.3.3.1-150300.14.22.21.20 libreoffice-base-7.3.3.1-150300.14.22.21.20 libreoffice-base-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-7.3.3.1-150300.14.22.21.20 libreoffice-calc-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-extensions-7.3.3.1-150300.14.22.21.20 libreoffice-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-debugsource-7.3.3.1-150300.14.22.21.20 libreoffice-draw-7.3.3.1-150300.14.22.21.20 libreoffice-draw-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-filters-optional-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-impress-7.3.3.1-150300.14.22.21.20 libreoffice-impress-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-mailmerge-7.3.3.1-150300.14.22.21.20 libreoffice-math-7.3.3.1-150300.14.22.21.20 libreoffice-math-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-writer-7.3.3.1-150300.14.22.21.20 libreoffice-writer-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-writer-extensions-7.3.3.1-150300.14.22.21.20 libreofficekit-7.3.3.1-150300.14.22.21.20 libxmlsec1-nss1-1.2.28-150100.7.11.1 libxmlsec1-nss1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 xmlsec1-devel-1.2.28-150100.7.11.1 xmlsec1-nss-devel-1.2.28-150100.7.11.1 xmlsec1-openssl-devel-1.2.28-150100.7.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): libreoffice-branding-upstream-7.3.3.1-150300.14.22.21.20 libreoffice-icon-themes-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-af-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ar-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-as-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-br-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ckb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-da-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-de-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-el-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-es-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-et-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fur-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ga-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-he-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-it-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ja-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ko-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mai-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ml-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nso-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-or-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_BR-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_PT-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ro-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ru-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-si-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ss-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-st-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ta-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-te-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-th-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ts-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ve-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-xh-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_CN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_TW-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zu-7.3.3.1-150300.14.22.21.20 mdds-2_0-devel-2.0.2-150300.7.3.1 myspell-af_ZA-20191219-150000.3.23.1 myspell-ar-20191219-150000.3.23.1 myspell-bg_BG-20191219-150000.3.23.1 myspell-bn_BD-20191219-150000.3.23.1 myspell-br_FR-20191219-150000.3.23.1 myspell-ca-20191219-150000.3.23.1 myspell-cs_CZ-20191219-150000.3.23.1 myspell-da_DK-20191219-150000.3.23.1 myspell-el_GR-20191219-150000.3.23.1 myspell-et_EE-20191219-150000.3.23.1 myspell-fr_FR-20191219-150000.3.23.1 myspell-gl-20191219-150000.3.23.1 myspell-gu_IN-20191219-150000.3.23.1 myspell-he_IL-20191219-150000.3.23.1 myspell-hi_IN-20191219-150000.3.23.1 myspell-hr_HR-20191219-150000.3.23.1 myspell-it_IT-20191219-150000.3.23.1 myspell-lt_LT-20191219-150000.3.23.1 myspell-lv_LV-20191219-150000.3.23.1 myspell-nl_NL-20191219-150000.3.23.1 myspell-nn_NO-20191219-150000.3.23.1 myspell-pl_PL-20191219-150000.3.23.1 myspell-pt_PT-20191219-150000.3.23.1 myspell-si_LK-20191219-150000.3.23.1 myspell-sk_SK-20191219-150000.3.23.1 myspell-sl_SI-20191219-150000.3.23.1 myspell-sr-20191219-150000.3.23.1 myspell-sv_SE-20191219-150000.3.23.1 myspell-te_IN-20191219-150000.3.23.1 myspell-th_TH-20191219-150000.3.23.1 myspell-tr_TR-20191219-150000.3.23.1 myspell-uk_UA-20191219-150000.3.23.1 myspell-zu_ZA-20191219-150000.3.23.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): abseil-cpp-20211102.0-150300.7.3.1 abseil-cpp-debuginfo-20211102.0-150300.7.3.1 abseil-cpp-debugsource-20211102.0-150300.7.3.1 abseil-cpp-devel-20211102.0-150300.7.3.1 libcuckoo-devel-0.3-150300.7.3.1 libixion-0_17-0-0.17.0-150300.11.3.1 libixion-0_17-0-debuginfo-0.17.0-150300.11.3.1 libixion-debuginfo-0.17.0-150300.11.3.1 libixion-debugsource-0.17.0-150300.11.3.1 liborcus-0_17-0-0.17.2-150300.10.3.1 liborcus-0_17-0-debuginfo-0.17.2-150300.10.3.1 liborcus-debuginfo-0.17.2-150300.10.3.1 liborcus-debugsource-0.17.2-150300.10.3.1 liborcus-devel-0.17.2-150300.10.3.1 libreoffice-7.3.3.1-150300.14.22.21.20 libreoffice-base-7.3.3.1-150300.14.22.21.20 libreoffice-base-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-7.3.3.1-150300.14.22.21.20 libreoffice-calc-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-extensions-7.3.3.1-150300.14.22.21.20 libreoffice-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-debugsource-7.3.3.1-150300.14.22.21.20 libreoffice-draw-7.3.3.1-150300.14.22.21.20 libreoffice-draw-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-filters-optional-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-impress-7.3.3.1-150300.14.22.21.20 libreoffice-impress-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-mailmerge-7.3.3.1-150300.14.22.21.20 libreoffice-math-7.3.3.1-150300.14.22.21.20 libreoffice-math-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-writer-7.3.3.1-150300.14.22.21.20 libreoffice-writer-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-writer-extensions-7.3.3.1-150300.14.22.21.20 libreofficekit-7.3.3.1-150300.14.22.21.20 libxmlsec1-nss1-1.2.28-150100.7.11.1 libxmlsec1-nss1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 xmlsec1-devel-1.2.28-150100.7.11.1 xmlsec1-nss-devel-1.2.28-150100.7.11.1 xmlsec1-openssl-devel-1.2.28-150100.7.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): libreoffice-branding-upstream-7.3.3.1-150300.14.22.21.20 libreoffice-icon-themes-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-af-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ar-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-as-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-br-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ckb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-da-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-de-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-el-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-es-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-et-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fur-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ga-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-he-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-it-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ja-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ko-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mai-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ml-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nso-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-or-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_BR-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_PT-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ro-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ru-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-si-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ss-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-st-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ta-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-te-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-th-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ts-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ve-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-xh-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_CN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_TW-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zu-7.3.3.1-150300.14.22.21.20 mdds-2_0-devel-2.0.2-150300.7.3.1 myspell-af_ZA-20191219-150000.3.23.1 myspell-ar-20191219-150000.3.23.1 myspell-bg_BG-20191219-150000.3.23.1 myspell-bn_BD-20191219-150000.3.23.1 myspell-br_FR-20191219-150000.3.23.1 myspell-ca-20191219-150000.3.23.1 myspell-cs_CZ-20191219-150000.3.23.1 myspell-da_DK-20191219-150000.3.23.1 myspell-el_GR-20191219-150000.3.23.1 myspell-et_EE-20191219-150000.3.23.1 myspell-fr_FR-20191219-150000.3.23.1 myspell-gl-20191219-150000.3.23.1 myspell-gu_IN-20191219-150000.3.23.1 myspell-he_IL-20191219-150000.3.23.1 myspell-hi_IN-20191219-150000.3.23.1 myspell-hr_HR-20191219-150000.3.23.1 myspell-it_IT-20191219-150000.3.23.1 myspell-lt_LT-20191219-150000.3.23.1 myspell-lv_LV-20191219-150000.3.23.1 myspell-nl_NL-20191219-150000.3.23.1 myspell-nn_NO-20191219-150000.3.23.1 myspell-pl_PL-20191219-150000.3.23.1 myspell-pt_PT-20191219-150000.3.23.1 myspell-si_LK-20191219-150000.3.23.1 myspell-sk_SK-20191219-150000.3.23.1 myspell-sl_SI-20191219-150000.3.23.1 myspell-sr-20191219-150000.3.23.1 myspell-sv_SE-20191219-150000.3.23.1 myspell-te_IN-20191219-150000.3.23.1 myspell-th_TH-20191219-150000.3.23.1 myspell-tr_TR-20191219-150000.3.23.1 myspell-uk_UA-20191219-150000.3.23.1 myspell-zu_ZA-20191219-150000.3.23.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): libxmlsec1-gcrypt1-1.2.28-150100.7.11.1 libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-gnutls1-1.2.28-150100.7.11.1 libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 xmlsec1-devel-1.2.28-150100.7.11.1 xmlsec1-gnutls-devel-1.2.28-150100.7.11.1 xmlsec1-openssl-devel-1.2.28-150100.7.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): abseil-cpp-20211102.0-150300.7.3.1 abseil-cpp-debuginfo-20211102.0-150300.7.3.1 abseil-cpp-debugsource-20211102.0-150300.7.3.1 abseil-cpp-devel-20211102.0-150300.7.3.1 libcuckoo-devel-0.3-150300.7.3.1 libixion-0_17-0-0.17.0-150300.11.3.1 libixion-0_17-0-debuginfo-0.17.0-150300.11.3.1 libixion-debuginfo-0.17.0-150300.11.3.1 libixion-debugsource-0.17.0-150300.11.3.1 liborcus-0_17-0-0.17.2-150300.10.3.1 liborcus-0_17-0-debuginfo-0.17.2-150300.10.3.1 liborcus-debuginfo-0.17.2-150300.10.3.1 liborcus-debugsource-0.17.2-150300.10.3.1 liborcus-devel-0.17.2-150300.10.3.1 libxmlsec1-nss1-1.2.28-150100.7.11.1 libxmlsec1-nss1-debuginfo-1.2.28-150100.7.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le): libreoffice-7.3.3.1-150300.14.22.21.20 libreoffice-base-7.3.3.1-150300.14.22.21.20 libreoffice-base-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-7.3.3.1-150300.14.22.21.20 libreoffice-calc-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-extensions-7.3.3.1-150300.14.22.21.20 libreoffice-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-debugsource-7.3.3.1-150300.14.22.21.20 libreoffice-draw-7.3.3.1-150300.14.22.21.20 libreoffice-draw-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-filters-optional-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-impress-7.3.3.1-150300.14.22.21.20 libreoffice-impress-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-librelogo-7.3.3.1-150300.14.22.21.20 libreoffice-mailmerge-7.3.3.1-150300.14.22.21.20 libreoffice-math-7.3.3.1-150300.14.22.21.20 libreoffice-math-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-qt5-7.3.3.1-150300.14.22.21.20 libreoffice-qt5-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-doc-7.3.3.1-150300.14.22.21.20 libreoffice-writer-7.3.3.1-150300.14.22.21.20 libreoffice-writer-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-writer-extensions-7.3.3.1-150300.14.22.21.20 libreofficekit-7.3.3.1-150300.14.22.21.20 libreofficekit-devel-7.3.3.1-150300.14.22.21.20 libucpp13-1.3.4-150000.3.6.1 ucpp-1.3.4-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): libreoffice-branding-upstream-7.3.3.1-150300.14.22.21.20 libreoffice-gdb-pretty-printers-7.3.3.1-150300.14.22.21.20 libreoffice-glade-7.3.3.1-150300.14.22.21.20 libreoffice-icon-themes-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-af-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-am-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ar-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-as-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ast-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-be-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn_IN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-br-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-brx-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca_valencia-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ckb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-da-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-de-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dgo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dsb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-el-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en_GB-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en_ZA-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-es-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-et-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fur-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ga-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gd-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gug-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-he-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hsb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-id-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-is-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-it-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ja-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ka-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kab-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-km-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kmr_Latn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ko-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kok-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ks-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mai-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ml-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mni-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-my-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ne-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nso-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-oc-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-om-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-or-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_BR-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_PT-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ro-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ru-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-rw-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sa_IN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sat-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sd-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-si-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sid-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sq-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ss-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-st-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sw_TZ-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-szl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ta-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-te-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-th-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ts-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ug-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ve-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-vec-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-vi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-xh-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_CN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_TW-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zu-7.3.3.1-150300.14.22.21.20 mdds-2_0-devel-2.0.2-150300.7.3.1 myspell-af_ZA-20191219-150000.3.23.1 myspell-ar-20191219-150000.3.23.1 myspell-be_BY-20191219-150000.3.23.1 myspell-bg_BG-20191219-150000.3.23.1 myspell-bn_BD-20191219-150000.3.23.1 myspell-bn_IN-20191219-150000.3.23.1 myspell-bo-20191219-150000.3.23.1 myspell-br_FR-20191219-150000.3.23.1 myspell-ca-20191219-150000.3.23.1 myspell-ca_ES_valencia-20191219-150000.3.23.1 myspell-cs_CZ-20191219-150000.3.23.1 myspell-da_DK-20191219-150000.3.23.1 myspell-el_GR-20191219-150000.3.23.1 myspell-en_GB-20191219-150000.3.23.1 myspell-en_ZA-20191219-150000.3.23.1 myspell-et_EE-20191219-150000.3.23.1 myspell-fr_FR-20191219-150000.3.23.1 myspell-gd_GB-20191219-150000.3.23.1 myspell-gl-20191219-150000.3.23.1 myspell-gu_IN-20191219-150000.3.23.1 myspell-gug-20191219-150000.3.23.1 myspell-he_IL-20191219-150000.3.23.1 myspell-hi_IN-20191219-150000.3.23.1 myspell-hr_HR-20191219-150000.3.23.1 myspell-id-20191219-150000.3.23.1 myspell-is-20191219-150000.3.23.1 myspell-it_IT-20191219-150000.3.23.1 myspell-kmr_Latn-20191219-150000.3.23.1 myspell-lo_LA-20191219-150000.3.23.1 myspell-lt_LT-20191219-150000.3.23.1 myspell-lv_LV-20191219-150000.3.23.1 myspell-ne_NP-20191219-150000.3.23.1 myspell-nl_NL-20191219-150000.3.23.1 myspell-nn_NO-20191219-150000.3.23.1 myspell-oc_FR-20191219-150000.3.23.1 myspell-pl_PL-20191219-150000.3.23.1 myspell-pt_PT-20191219-150000.3.23.1 myspell-si_LK-20191219-150000.3.23.1 myspell-sk_SK-20191219-150000.3.23.1 myspell-sl_SI-20191219-150000.3.23.1 myspell-sq_AL-20191219-150000.3.23.1 myspell-sr-20191219-150000.3.23.1 myspell-sv_SE-20191219-150000.3.23.1 myspell-sw_TZ-20191219-150000.3.23.1 myspell-te_IN-20191219-150000.3.23.1 myspell-th_TH-20191219-150000.3.23.1 myspell-tr_TR-20191219-150000.3.23.1 myspell-uk_UA-20191219-150000.3.23.1 myspell-vi-20191219-150000.3.23.1 myspell-zu_ZA-20191219-150000.3.23.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): libxmlsec1-gcrypt1-1.2.28-150100.7.11.1 libxmlsec1-gcrypt1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-gnutls1-1.2.28-150100.7.11.1 libxmlsec1-gnutls1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-1.2.28-150100.7.11.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 xmlsec1-gnutls-devel-1.2.28-150100.7.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): abseil-cpp-20211102.0-150300.7.3.1 abseil-cpp-debuginfo-20211102.0-150300.7.3.1 abseil-cpp-debugsource-20211102.0-150300.7.3.1 abseil-cpp-devel-20211102.0-150300.7.3.1 libcuckoo-devel-0.3-150300.7.3.1 libixion-0_17-0-0.17.0-150300.11.3.1 libixion-0_17-0-debuginfo-0.17.0-150300.11.3.1 libixion-debuginfo-0.17.0-150300.11.3.1 libixion-debugsource-0.17.0-150300.11.3.1 liborcus-0_17-0-0.17.2-150300.10.3.1 liborcus-0_17-0-debuginfo-0.17.2-150300.10.3.1 liborcus-debuginfo-0.17.2-150300.10.3.1 liborcus-debugsource-0.17.2-150300.10.3.1 liborcus-devel-0.17.2-150300.10.3.1 libxmlsec1-nss1-1.2.28-150100.7.11.1 libxmlsec1-nss1-debuginfo-1.2.28-150100.7.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le): libreoffice-7.3.3.1-150300.14.22.21.20 libreoffice-base-7.3.3.1-150300.14.22.21.20 libreoffice-base-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-7.3.3.1-150300.14.22.21.20 libreoffice-base-drivers-postgresql-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-7.3.3.1-150300.14.22.21.20 libreoffice-calc-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-calc-extensions-7.3.3.1-150300.14.22.21.20 libreoffice-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-debugsource-7.3.3.1-150300.14.22.21.20 libreoffice-draw-7.3.3.1-150300.14.22.21.20 libreoffice-draw-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-filters-optional-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-7.3.3.1-150300.14.22.21.20 libreoffice-gnome-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-7.3.3.1-150300.14.22.21.20 libreoffice-gtk3-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-impress-7.3.3.1-150300.14.22.21.20 libreoffice-impress-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-librelogo-7.3.3.1-150300.14.22.21.20 libreoffice-mailmerge-7.3.3.1-150300.14.22.21.20 libreoffice-math-7.3.3.1-150300.14.22.21.20 libreoffice-math-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-7.3.3.1-150300.14.22.21.20 libreoffice-officebean-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-7.3.3.1-150300.14.22.21.20 libreoffice-pyuno-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-qt5-7.3.3.1-150300.14.22.21.20 libreoffice-qt5-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-sdk-doc-7.3.3.1-150300.14.22.21.20 libreoffice-writer-7.3.3.1-150300.14.22.21.20 libreoffice-writer-debuginfo-7.3.3.1-150300.14.22.21.20 libreoffice-writer-extensions-7.3.3.1-150300.14.22.21.20 libreofficekit-7.3.3.1-150300.14.22.21.20 libreofficekit-devel-7.3.3.1-150300.14.22.21.20 libucpp13-1.3.4-150000.3.6.1 ucpp-1.3.4-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): libreoffice-branding-upstream-7.3.3.1-150300.14.22.21.20 libreoffice-gdb-pretty-printers-7.3.3.1-150300.14.22.21.20 libreoffice-glade-7.3.3.1-150300.14.22.21.20 libreoffice-icon-themes-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-af-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-am-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ar-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-as-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ast-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-be-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bn_IN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-br-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-brx-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-bs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ca_valencia-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ckb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cs-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-cy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-da-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-de-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dgo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dsb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-dz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-el-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en_GB-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-en_ZA-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-es-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-et-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-eu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fur-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-fy-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ga-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gd-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-gug-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-he-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hsb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-hu-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-id-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-is-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-it-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ja-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ka-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kab-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-km-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kmr_Latn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ko-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-kok-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ks-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lo-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-lv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mai-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ml-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mni-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-mr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-my-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nb-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ne-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-nso-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-oc-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-om-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-or-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pa-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_BR-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-pt_PT-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ro-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ru-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-rw-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sa_IN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sat-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sd-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-si-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sid-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sq-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ss-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-st-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sv-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-sw_TZ-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-szl-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ta-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-te-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tg-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-th-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tn-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tr-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ts-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-tt-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ug-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uk-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-uz-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-ve-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-vec-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-vi-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-xh-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_CN-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zh_TW-7.3.3.1-150300.14.22.21.20 libreoffice-l10n-zu-7.3.3.1-150300.14.22.21.20 mdds-2_0-devel-2.0.2-150300.7.3.1 myspell-af_ZA-20191219-150000.3.23.1 myspell-ar-20191219-150000.3.23.1 myspell-be_BY-20191219-150000.3.23.1 myspell-bg_BG-20191219-150000.3.23.1 myspell-bn_BD-20191219-150000.3.23.1 myspell-bn_IN-20191219-150000.3.23.1 myspell-bo-20191219-150000.3.23.1 myspell-br_FR-20191219-150000.3.23.1 myspell-ca-20191219-150000.3.23.1 myspell-ca_ES_valencia-20191219-150000.3.23.1 myspell-cs_CZ-20191219-150000.3.23.1 myspell-da_DK-20191219-150000.3.23.1 myspell-el_GR-20191219-150000.3.23.1 myspell-en_GB-20191219-150000.3.23.1 myspell-en_ZA-20191219-150000.3.23.1 myspell-et_EE-20191219-150000.3.23.1 myspell-fr_FR-20191219-150000.3.23.1 myspell-gd_GB-20191219-150000.3.23.1 myspell-gl-20191219-150000.3.23.1 myspell-gu_IN-20191219-150000.3.23.1 myspell-gug-20191219-150000.3.23.1 myspell-he_IL-20191219-150000.3.23.1 myspell-hi_IN-20191219-150000.3.23.1 myspell-hr_HR-20191219-150000.3.23.1 myspell-id-20191219-150000.3.23.1 myspell-is-20191219-150000.3.23.1 myspell-it_IT-20191219-150000.3.23.1 myspell-kmr_Latn-20191219-150000.3.23.1 myspell-lo_LA-20191219-150000.3.23.1 myspell-lt_LT-20191219-150000.3.23.1 myspell-lv_LV-20191219-150000.3.23.1 myspell-ne_NP-20191219-150000.3.23.1 myspell-nl_NL-20191219-150000.3.23.1 myspell-nn_NO-20191219-150000.3.23.1 myspell-oc_FR-20191219-150000.3.23.1 myspell-pl_PL-20191219-150000.3.23.1 myspell-pt_PT-20191219-150000.3.23.1 myspell-si_LK-20191219-150000.3.23.1 myspell-sk_SK-20191219-150000.3.23.1 myspell-sl_SI-20191219-150000.3.23.1 myspell-sq_AL-20191219-150000.3.23.1 myspell-sr-20191219-150000.3.23.1 myspell-sv_SE-20191219-150000.3.23.1 myspell-sw_TZ-20191219-150000.3.23.1 myspell-te_IN-20191219-150000.3.23.1 myspell-th_TH-20191219-150000.3.23.1 myspell-tr_TR-20191219-150000.3.23.1 myspell-uk_UA-20191219-150000.3.23.1 myspell-vi-20191219-150000.3.23.1 myspell-zu_ZA-20191219-150000.3.23.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libucpp13-1.3.4-150000.3.6.1 libucpp13-debuginfo-1.3.4-150000.3.6.1 ucpp-1.3.4-150000.3.6.1 ucpp-debuginfo-1.3.4-150000.3.6.1 ucpp-debugsource-1.3.4-150000.3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libucpp13-1.3.4-150000.3.6.1 libucpp13-debuginfo-1.3.4-150000.3.6.1 ucpp-1.3.4-150000.3.6.1 ucpp-debuginfo-1.3.4-150000.3.6.1 ucpp-debugsource-1.3.4-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libxmlsec1-1-1.2.28-150100.7.11.1 libxmlsec1-1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-openssl1-1.2.28-150100.7.11.1 libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.11.1 myspell-dictionaries-20191219-150000.3.23.1 myspell-lightproof-en-20191219-150000.3.23.1 myspell-lightproof-hu_HU-20191219-150000.3.23.1 myspell-lightproof-pt_BR-20191219-150000.3.23.1 myspell-lightproof-ru_RU-20191219-150000.3.23.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): myspell-de-20191219-150000.3.23.1 myspell-de_DE-20191219-150000.3.23.1 myspell-en-20191219-150000.3.23.1 myspell-en_US-20191219-150000.3.23.1 myspell-es-20191219-150000.3.23.1 myspell-es_ES-20191219-150000.3.23.1 myspell-hu_HU-20191219-150000.3.23.1 myspell-nb_NO-20191219-150000.3.23.1 myspell-no-20191219-150000.3.23.1 myspell-pt_BR-20191219-150000.3.23.1 myspell-ro-20191219-150000.3.23.1 myspell-ro_RO-20191219-150000.3.23.1 myspell-ru_RU-20191219-150000.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libxmlsec1-1-1.2.28-150100.7.11.1 libxmlsec1-1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-nss1-1.2.28-150100.7.11.1 libxmlsec1-openssl1-1.2.28-150100.7.11.1 libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.11.1 myspell-dictionaries-20191219-150000.3.23.1 myspell-lightproof-en-20191219-150000.3.23.1 myspell-lightproof-hu_HU-20191219-150000.3.23.1 myspell-lightproof-pt_BR-20191219-150000.3.23.1 myspell-lightproof-ru_RU-20191219-150000.3.23.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 xmlsec1-devel-1.2.28-150100.7.11.1 xmlsec1-nss-devel-1.2.28-150100.7.11.1 xmlsec1-openssl-devel-1.2.28-150100.7.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): myspell-de-20191219-150000.3.23.1 myspell-de_AT-20191219-150000.3.23.1 myspell-de_CH-20191219-150000.3.23.1 myspell-de_DE-20191219-150000.3.23.1 myspell-en-20191219-150000.3.23.1 myspell-en_US-20191219-150000.3.23.1 myspell-es-20191219-150000.3.23.1 myspell-es_ES-20191219-150000.3.23.1 myspell-hu_HU-20191219-150000.3.23.1 myspell-nb_NO-20191219-150000.3.23.1 myspell-no-20191219-150000.3.23.1 myspell-pt_BR-20191219-150000.3.23.1 myspell-ro-20191219-150000.3.23.1 myspell-ro_RO-20191219-150000.3.23.1 myspell-ru_RU-20191219-150000.3.23.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): libxmlsec1-1-1.2.28-150100.7.11.1 libxmlsec1-1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-openssl1-1.2.28-150100.7.11.1 libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): libxmlsec1-1-1.2.28-150100.7.11.1 libxmlsec1-1-debuginfo-1.2.28-150100.7.11.1 libxmlsec1-openssl1-1.2.28-150100.7.11.1 libxmlsec1-openssl1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debuginfo-1.2.28-150100.7.11.1 xmlsec1-debugsource-1.2.28-150100.7.11.1 References: https://bugzilla.suse.com/1041090 https://bugzilla.suse.com/1183308 https://bugzilla.suse.com/1192616 https://bugzilla.suse.com/1195881 https://bugzilla.suse.com/1196017 https://bugzilla.suse.com/1196212 https://bugzilla.suse.com/1196499 https://bugzilla.suse.com/1197017 From sle-updates at lists.suse.com Mon Aug 29 16:16:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 18:16:12 +0200 (CEST) Subject: SUSE-SU-2022:2936-1: important: Security update for open-vm-tools Message-ID: <20220829161612.65869FC32@maintenance.suse.de> SUSE Security Update: Security update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2936-1 Rating: important References: #1202657 #1202733 Cross-References: CVE-2022-31676 CVSS scores: CVE-2022-31676 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2936=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2936=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2936=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2936=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2936=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2936=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2936=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2936=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): libvmtools-devel-12.1.0-150300.19.1 libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-desktop-12.1.0-150300.19.1 open-vm-tools-desktop-debuginfo-12.1.0-150300.19.1 open-vm-tools-sdmp-12.1.0-150300.19.1 open-vm-tools-sdmp-debuginfo-12.1.0-150300.19.1 - openSUSE Leap 15.3 (aarch64 x86_64): libvmtools-devel-12.1.0-150300.19.1 libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-desktop-12.1.0-150300.19.1 open-vm-tools-desktop-debuginfo-12.1.0-150300.19.1 open-vm-tools-sdmp-12.1.0-150300.19.1 open-vm-tools-sdmp-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (x86_64): open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-desktop-12.1.0-150300.19.1 open-vm-tools-desktop-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-desktop-12.1.0-150300.19.1 open-vm-tools-desktop-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libvmtools-devel-12.1.0-150300.19.1 libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-sdmp-12.1.0-150300.19.1 open-vm-tools-sdmp-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libvmtools-devel-12.1.0-150300.19.1 libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 open-vm-tools-sdmp-12.1.0-150300.19.1 open-vm-tools-sdmp-debuginfo-12.1.0-150300.19.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): libvmtools0-12.1.0-150300.19.1 libvmtools0-debuginfo-12.1.0-150300.19.1 open-vm-tools-12.1.0-150300.19.1 open-vm-tools-debuginfo-12.1.0-150300.19.1 open-vm-tools-debugsource-12.1.0-150300.19.1 References: https://www.suse.com/security/cve/CVE-2022-31676.html https://bugzilla.suse.com/1202657 https://bugzilla.suse.com/1202733 From sle-updates at lists.suse.com Mon Aug 29 16:16:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 18:16:52 +0200 (CEST) Subject: SUSE-RU-2022:2934-1: moderate: Recommended update for kernel-livepatch-tools Message-ID: <20220829161652.AADA7FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for kernel-livepatch-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2934-1 Rating: moderate References: #1200407 SLE-23644 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for kernel-livepatch-tools fixes the following issues: - Add patch expiration info to klp -vv patches output (jsc#SLE-23644) - Avoid error messages in the absence of the sysconfig file (bsc#1200407) - Add 'downgrade' command (jsc#SLE-23644) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-2932=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-2934=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-2934=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-tools-1.2-150400.15.3.1 kernel-livepatch-tools-debugsource-1.2-150400.15.3.1 kernel-livepatch-tools-devel-1.2-150400.15.3.1 kernel-livepatch-tools-devel-debuginfo-1.2-150400.15.3.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-tools-1.2-150200.7.9.1 kernel-livepatch-tools-debugsource-1.2-150200.7.9.1 kernel-livepatch-tools-devel-1.2-150200.7.9.1 kernel-livepatch-tools-devel-debuginfo-1.2-150200.7.9.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-tools-1.2-150200.7.9.1 kernel-livepatch-tools-debugsource-1.2-150200.7.9.1 kernel-livepatch-tools-devel-1.2-150200.7.9.1 kernel-livepatch-tools-devel-debuginfo-1.2-150200.7.9.1 References: https://bugzilla.suse.com/1200407 From sle-updates at lists.suse.com Mon Aug 29 16:17:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 18:17:29 +0200 (CEST) Subject: SUSE-RU-2022:2939-1: moderate: Recommended update for mozilla-nss Message-ID: <20220829161729.74CF1FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2939-1 Rating: moderate References: #1201298 #1202645 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: Update to NSS 3.79.1 (bsc#1202645) * compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_ComputeCertType. * protect SFTKSlot needLogin with slotLock. * avoid data race on primary password change. * check for null template in sec_asn1{d,e}_push_state. - FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2939=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2939=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.1-150400.3.10.2 libfreebl3-debuginfo-3.79.1-150400.3.10.2 libfreebl3-hmac-3.79.1-150400.3.10.2 libsoftokn3-3.79.1-150400.3.10.2 libsoftokn3-debuginfo-3.79.1-150400.3.10.2 libsoftokn3-hmac-3.79.1-150400.3.10.2 mozilla-nss-3.79.1-150400.3.10.2 mozilla-nss-certs-3.79.1-150400.3.10.2 mozilla-nss-certs-debuginfo-3.79.1-150400.3.10.2 mozilla-nss-debuginfo-3.79.1-150400.3.10.2 mozilla-nss-debugsource-3.79.1-150400.3.10.2 mozilla-nss-devel-3.79.1-150400.3.10.2 mozilla-nss-sysinit-3.79.1-150400.3.10.2 mozilla-nss-sysinit-debuginfo-3.79.1-150400.3.10.2 mozilla-nss-tools-3.79.1-150400.3.10.2 mozilla-nss-tools-debuginfo-3.79.1-150400.3.10.2 - openSUSE Leap 15.4 (x86_64): libfreebl3-32bit-3.79.1-150400.3.10.2 libfreebl3-32bit-debuginfo-3.79.1-150400.3.10.2 libfreebl3-hmac-32bit-3.79.1-150400.3.10.2 libsoftokn3-32bit-3.79.1-150400.3.10.2 libsoftokn3-32bit-debuginfo-3.79.1-150400.3.10.2 libsoftokn3-hmac-32bit-3.79.1-150400.3.10.2 mozilla-nss-32bit-3.79.1-150400.3.10.2 mozilla-nss-32bit-debuginfo-3.79.1-150400.3.10.2 mozilla-nss-certs-32bit-3.79.1-150400.3.10.2 mozilla-nss-certs-32bit-debuginfo-3.79.1-150400.3.10.2 mozilla-nss-sysinit-32bit-3.79.1-150400.3.10.2 mozilla-nss-sysinit-32bit-debuginfo-3.79.1-150400.3.10.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.1-150400.3.10.2 libfreebl3-debuginfo-3.79.1-150400.3.10.2 libfreebl3-hmac-3.79.1-150400.3.10.2 libsoftokn3-3.79.1-150400.3.10.2 libsoftokn3-debuginfo-3.79.1-150400.3.10.2 libsoftokn3-hmac-3.79.1-150400.3.10.2 mozilla-nss-3.79.1-150400.3.10.2 mozilla-nss-certs-3.79.1-150400.3.10.2 mozilla-nss-certs-debuginfo-3.79.1-150400.3.10.2 mozilla-nss-debuginfo-3.79.1-150400.3.10.2 mozilla-nss-debugsource-3.79.1-150400.3.10.2 mozilla-nss-devel-3.79.1-150400.3.10.2 mozilla-nss-sysinit-3.79.1-150400.3.10.2 mozilla-nss-sysinit-debuginfo-3.79.1-150400.3.10.2 mozilla-nss-tools-3.79.1-150400.3.10.2 mozilla-nss-tools-debuginfo-3.79.1-150400.3.10.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libfreebl3-32bit-3.79.1-150400.3.10.2 libfreebl3-32bit-debuginfo-3.79.1-150400.3.10.2 libfreebl3-hmac-32bit-3.79.1-150400.3.10.2 libsoftokn3-32bit-3.79.1-150400.3.10.2 libsoftokn3-32bit-debuginfo-3.79.1-150400.3.10.2 libsoftokn3-hmac-32bit-3.79.1-150400.3.10.2 mozilla-nss-32bit-3.79.1-150400.3.10.2 mozilla-nss-32bit-debuginfo-3.79.1-150400.3.10.2 mozilla-nss-certs-32bit-3.79.1-150400.3.10.2 mozilla-nss-certs-32bit-debuginfo-3.79.1-150400.3.10.2 References: https://bugzilla.suse.com/1201298 https://bugzilla.suse.com/1202645 From sle-updates at lists.suse.com Mon Aug 29 16:18:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 18:18:09 +0200 (CEST) Subject: SUSE-SU-2022:2935-1: important: Security update for open-vm-tools Message-ID: <20220829161809.15105FC32@maintenance.suse.de> SUSE Security Update: Security update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2935-1 Rating: important References: #1202657 #1202733 Cross-References: CVE-2022-31676 CVSS scores: CVE-2022-31676 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for open-vm-tools fixes the following issues: - Updated to version 12.1.0 (build 20219665) (bsc#1202733): - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-2935=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-2935=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-2935=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-2935=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-2935=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libvmtools0-12.1.0-4.45.1 libvmtools0-debuginfo-12.1.0-4.45.1 open-vm-tools-12.1.0-4.45.1 open-vm-tools-debuginfo-12.1.0-4.45.1 open-vm-tools-debugsource-12.1.0-4.45.1 open-vm-tools-desktop-12.1.0-4.45.1 open-vm-tools-desktop-debuginfo-12.1.0-4.45.1 - SUSE OpenStack Cloud 9 (x86_64): libvmtools0-12.1.0-4.45.1 libvmtools0-debuginfo-12.1.0-4.45.1 open-vm-tools-12.1.0-4.45.1 open-vm-tools-debuginfo-12.1.0-4.45.1 open-vm-tools-debugsource-12.1.0-4.45.1 open-vm-tools-desktop-12.1.0-4.45.1 open-vm-tools-desktop-debuginfo-12.1.0-4.45.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libvmtools0-12.1.0-4.45.1 libvmtools0-debuginfo-12.1.0-4.45.1 open-vm-tools-12.1.0-4.45.1 open-vm-tools-debuginfo-12.1.0-4.45.1 open-vm-tools-debugsource-12.1.0-4.45.1 open-vm-tools-desktop-12.1.0-4.45.1 open-vm-tools-desktop-debuginfo-12.1.0-4.45.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libvmtools0-12.1.0-4.45.1 libvmtools0-debuginfo-12.1.0-4.45.1 open-vm-tools-12.1.0-4.45.1 open-vm-tools-debuginfo-12.1.0-4.45.1 open-vm-tools-debugsource-12.1.0-4.45.1 open-vm-tools-desktop-12.1.0-4.45.1 open-vm-tools-desktop-debuginfo-12.1.0-4.45.1 open-vm-tools-sdmp-12.1.0-4.45.1 open-vm-tools-sdmp-debuginfo-12.1.0-4.45.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): libvmtools0-12.1.0-4.45.1 libvmtools0-debuginfo-12.1.0-4.45.1 open-vm-tools-12.1.0-4.45.1 open-vm-tools-debuginfo-12.1.0-4.45.1 open-vm-tools-debugsource-12.1.0-4.45.1 open-vm-tools-desktop-12.1.0-4.45.1 open-vm-tools-desktop-debuginfo-12.1.0-4.45.1 References: https://www.suse.com/security/cve/CVE-2022-31676.html https://bugzilla.suse.com/1202657 https://bugzilla.suse.com/1202733 From sle-updates at lists.suse.com Mon Aug 29 19:15:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 29 Aug 2022 21:15:34 +0200 (CEST) Subject: SUSE-SU-2022:2940-1: important: Security update for open-vm-tools Message-ID: <20220829191534.A8BAEF3D4@maintenance.suse.de> SUSE Security Update: Security update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2940-1 Rating: important References: #1202657 Cross-References: CVE-2022-31676 CVSS scores: CVE-2022-31676 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for open-vm-tools fixes the following issues: - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-2940=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libvmtools0-10.2.0-9.9.1 libvmtools0-debuginfo-10.2.0-9.9.1 open-vm-tools-10.2.0-9.9.1 open-vm-tools-debuginfo-10.2.0-9.9.1 open-vm-tools-debugsource-10.2.0-9.9.1 open-vm-tools-desktop-10.2.0-9.9.1 open-vm-tools-desktop-debuginfo-10.2.0-9.9.1 References: https://www.suse.com/security/cve/CVE-2022-31676.html https://bugzilla.suse.com/1202657 From sle-updates at lists.suse.com Tue Aug 30 07:23:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:23:55 +0200 (CEST) Subject: SUSE-CU-2022:1964-1: Recommended update of bci/nodejs Message-ID: <20220830072355.0F898F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1964-1 Container Tags : bci/node:12 , bci/node:12-16.153 , bci/nodejs:12 , bci/nodejs:12-16.153 Container Release : 16.153 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-17.20.20 updated From sle-updates at lists.suse.com Tue Aug 30 07:29:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:29:02 +0200 (CEST) Subject: SUSE-CU-2022:1965-1: Recommended update of bci/python Message-ID: <20220830072902.1919FF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1965-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.71 Container Release : 18.71 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-17.20.20 updated From sle-updates at lists.suse.com Tue Aug 30 07:38:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:38:16 +0200 (CEST) Subject: SUSE-CU-2022:1966-1: Recommended update of suse/sle15 Message-ID: <20220830073816.D1A81F3D4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1966-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.20 , suse/sle15:15.3 , suse/sle15:15.3.17.20.20 Container Release : 17.20.20 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated From sle-updates at lists.suse.com Tue Aug 30 07:39:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:39:07 +0200 (CEST) Subject: SUSE-CU-2022:1967-1: Recommended update of suse/389-ds Message-ID: <20220830073907.6742AF3D4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1967-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-15.13 , suse/389-ds:latest Container Release : 15.13 Severity : important Type : recommended References : 1195059 1198341 1201298 1201795 1202310 1202645 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2939-1 Released: Mon Aug 29 14:49:17 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1201298,1202645 This update for mozilla-nss fixes the following issues: Update to NSS 3.79.1 (bsc#1202645) * compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_ComputeCertType. * protect SFTKSlot needLogin with slotLock. * avoid data race on primary password change. * check for null template in sec_asn1{d,e}_push_state. - FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - timezone-2022a-150000.75.10.1 updated - libfreebl3-3.79.1-150400.3.10.2 updated - libfreebl3-hmac-3.79.1-150400.3.10.2 updated - mozilla-nss-certs-3.79.1-150400.3.10.2 updated - libsoftokn3-3.79.1-150400.3.10.2 updated - mozilla-nss-3.79.1-150400.3.10.2 updated - mozilla-nss-tools-3.79.1-150400.3.10.2 updated - libsoftokn3-hmac-3.79.1-150400.3.10.2 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:40:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:40:02 +0200 (CEST) Subject: SUSE-CU-2022:1968-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220830074002.4549BF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1968-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-39.12 , bci/dotnet-aspnet:3.1.28 , bci/dotnet-aspnet:3.1.28-39.12 Container Release : 39.12 Severity : important Type : recommended References : 1195059 1198341 1201795 1202310 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:41:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:41:11 +0200 (CEST) Subject: SUSE-CU-2022:1969-1: Recommended update of bci/dotnet-sdk Message-ID: <20220830074111.68496F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1969-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-45.11 , bci/dotnet-sdk:3.1.28 , bci/dotnet-sdk:3.1.28-45.11 Container Release : 45.11 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:42:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:42:17 +0200 (CEST) Subject: SUSE-CU-2022:1970-1: Recommended update of bci/dotnet-sdk Message-ID: <20220830074217.B5939F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1970-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-22.11 , bci/dotnet-sdk:6.0.8 , bci/dotnet-sdk:6.0.8-22.11 , bci/dotnet-sdk:latest Container Release : 22.11 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:43:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:43:22 +0200 (CEST) Subject: SUSE-CU-2022:1971-1: Recommended update of bci/dotnet-runtime Message-ID: <20220830074322.141E8F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1971-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-46.11 , bci/dotnet-runtime:3.1.28 , bci/dotnet-runtime:3.1.28-46.11 Container Release : 46.11 Severity : important Type : recommended References : 1195059 1198341 1201795 1202310 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:44:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:44:14 +0200 (CEST) Subject: SUSE-CU-2022:1972-1: Recommended update of bci/dotnet-runtime Message-ID: <20220830074414.C720BF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1972-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-32.14 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-32.14 Container Release : 32.14 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:45:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:45:07 +0200 (CEST) Subject: SUSE-CU-2022:1973-1: Recommended update of bci/dotnet-runtime Message-ID: <20220830074507.DC68AF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1973-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-19.11 , bci/dotnet-runtime:6.0.8 , bci/dotnet-runtime:6.0.8-19.11 , bci/dotnet-runtime:latest Container Release : 19.11 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:46:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:46:23 +0200 (CEST) Subject: SUSE-CU-2022:1974-1: Recommended update of bci/golang Message-ID: <20220830074623.10905F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1974-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.12 Container Release : 30.12 Severity : important Type : recommended References : 1195059 1201795 1202310 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - libudev1-249.12-150400.8.10.1 updated - libsystemd0-249.12-150400.8.10.1 updated - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:47:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:47:50 +0200 (CEST) Subject: SUSE-CU-2022:1975-1: Recommended update of bci/golang Message-ID: <20220830074750.2CC72F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1975-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.13 Container Release : 29.13 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:48:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:48:57 +0200 (CEST) Subject: SUSE-CU-2022:1976-1: Recommended update of bci/golang Message-ID: <20220830074857.DB441F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1976-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-16.11 Container Release : 16.11 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:49:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:49:18 +0200 (CEST) Subject: SUSE-CU-2022:1977-1: Recommended update of bci/golang Message-ID: <20220830074918.547DFF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1977-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.11 , bci/golang:latest Container Release : 2.11 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:50:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:50:09 +0200 (CEST) Subject: SUSE-CU-2022:1978-1: Recommended update of bci/nodejs Message-ID: <20220830075009.A1C3EF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1978-1 Container Tags : bci/node:14 , bci/node:14-33.12 , bci/nodejs:14 , bci/nodejs:14-33.12 Container Release : 33.12 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:50:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:50:56 +0200 (CEST) Subject: SUSE-CU-2022:1979-1: Recommended update of bci/nodejs Message-ID: <20220830075056.87EC4F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1979-1 Container Tags : bci/node:16 , bci/node:16-9.13 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-9.13 , bci/nodejs:latest Container Release : 9.13 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:52:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:52:49 +0200 (CEST) Subject: SUSE-CU-2022:1980-1: Recommended update of bci/openjdk-devel Message-ID: <20220830075249.EAE64F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1980-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-34.27 , bci/openjdk-devel:latest Container Release : 34.27 Severity : important Type : recommended References : 1201298 1202310 1202645 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2939-1 Released: Mon Aug 29 14:49:17 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1201298,1202645 This update for mozilla-nss fixes the following issues: Update to NSS 3.79.1 (bsc#1202645) * compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_ComputeCertType. * protect SFTKSlot needLogin with slotLock. * avoid data race on primary password change. * check for null template in sec_asn1{d,e}_push_state. - FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - libfreebl3-3.79.1-150400.3.10.2 updated - libfreebl3-hmac-3.79.1-150400.3.10.2 updated - mozilla-nss-certs-3.79.1-150400.3.10.2 updated - libsoftokn3-3.79.1-150400.3.10.2 updated - mozilla-nss-3.79.1-150400.3.10.2 updated - libsoftokn3-hmac-3.79.1-150400.3.10.2 updated - container:bci-openjdk-11-15.4-30.12 updated From sle-updates at lists.suse.com Tue Aug 30 07:54:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:54:14 +0200 (CEST) Subject: SUSE-CU-2022:1981-1: Recommended update of bci/openjdk Message-ID: <20220830075414.DC6C8F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1981-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-30.12 , bci/openjdk:latest Container Release : 30.12 Severity : important Type : recommended References : 1201298 1202310 1202645 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2939-1 Released: Mon Aug 29 14:49:17 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1201298,1202645 This update for mozilla-nss fixes the following issues: Update to NSS 3.79.1 (bsc#1202645) * compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_ComputeCertType. * protect SFTKSlot needLogin with slotLock. * avoid data race on primary password change. * check for null template in sec_asn1{d,e}_push_state. - FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - libfreebl3-3.79.1-150400.3.10.2 updated - libfreebl3-hmac-3.79.1-150400.3.10.2 updated - mozilla-nss-certs-3.79.1-150400.3.10.2 updated - libsoftokn3-3.79.1-150400.3.10.2 updated - mozilla-nss-3.79.1-150400.3.10.2 updated - libsoftokn3-hmac-3.79.1-150400.3.10.2 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:54:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:54:58 +0200 (CEST) Subject: SUSE-CU-2022:1982-1: Recommended update of bci/python Message-ID: <20220830075458.1F3B1F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1982-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.12 Container Release : 28.12 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:56:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:56:33 +0200 (CEST) Subject: SUSE-CU-2022:1983-1: Recommended update of bci/ruby Message-ID: <20220830075633.3F571F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1983-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-29.12 , bci/ruby:latest Container Release : 29.12 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 07:57:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 09:57:16 +0200 (CEST) Subject: SUSE-CU-2022:1984-1: Recommended update of bci/rust Message-ID: <20220830075716.EE21DF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1984-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.29 Container Release : 9.29 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Tue Aug 30 13:15:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 15:15:45 +0200 (CEST) Subject: SUSE-SU-2022:2941-1: moderate: Security update for libslirp Message-ID: <20220830131545.333C4FC32@maintenance.suse.de> SUSE Security Update: Security update for libslirp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2941-1 Rating: moderate References: #1187365 #1201551 Cross-References: CVE-2021-3593 CVSS scores: CVE-2021-3593 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3593 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libslirp fixes the following issues: - CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365). Non-security fixes: - Fix the version header (bsc#1201551) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2941=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2941=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2941=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2941=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2941=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2941=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp-devel-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.11.1 libslirp0-4.3.1-150300.11.1 libslirp0-debuginfo-4.3.1-150300.11.1 References: https://www.suse.com/security/cve/CVE-2021-3593.html https://bugzilla.suse.com/1187365 https://bugzilla.suse.com/1201551 From sle-updates at lists.suse.com Tue Aug 30 19:15:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 30 Aug 2022 21:15:49 +0200 (CEST) Subject: SUSE-RU-2022:2943-1: Recommended update for python-iniconfig Message-ID: <20220830191549.AC3CEF3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-iniconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2943-1 Rating: low References: #1202498 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-iniconfig provides the following fix: - Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2943=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2943=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-2943=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2943=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2943=1 Package List: - openSUSE Leap 15.4 (noarch): python3-iniconfig-1.1.1-150000.1.7.1 - openSUSE Leap 15.3 (noarch): python2-iniconfig-1.1.1-150000.1.7.1 python3-iniconfig-1.1.1-150000.1.7.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-iniconfig-1.1.1-150000.1.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-iniconfig-1.1.1-150000.1.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-iniconfig-1.1.1-150000.1.7.1 References: https://bugzilla.suse.com/1202498 From sle-updates at lists.suse.com Wed Aug 31 07:16:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:16:33 +0200 (CEST) Subject: SUSE-RU-2022:2944-1: important: Recommended update for procps Message-ID: <20220831071633.ED665F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for procps ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2944-1 Rating: important References: #1181475 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for procps fixes the following issues: - Fix 'free' command reporting misleading "used" value (bsc#1181475) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2944=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2944=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2944=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2944=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2944=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2944=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2944=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2944=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2944=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2944=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2944=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2944=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2944=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2944=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2944=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2944=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2944=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2944=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2944=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2944=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2944=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2944=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2944=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2944=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2944=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Manager Proxy 4.1 (x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 - SUSE CaaS Platform 4.0 (x86_64): libprocps7-3.3.15-150000.7.25.1 libprocps7-debuginfo-3.3.15-150000.7.25.1 procps-3.3.15-150000.7.25.1 procps-debuginfo-3.3.15-150000.7.25.1 procps-debugsource-3.3.15-150000.7.25.1 procps-devel-3.3.15-150000.7.25.1 References: https://bugzilla.suse.com/1181475 From sle-updates at lists.suse.com Wed Aug 31 07:21:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:21:38 +0200 (CEST) Subject: SUSE-CU-2022:1985-1: Recommended update of bci/bci-init Message-ID: <20220831072138.4D86EF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1985-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.18.18 Container Release : 18.18 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-17.20.20 updated From sle-updates at lists.suse.com Wed Aug 31 07:22:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:22:39 +0200 (CEST) Subject: SUSE-CU-2022:1986-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220831072239.A6A92F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1986-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-25.15 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-25.15 Container Release : 25.15 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Wed Aug 31 07:23:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:23:38 +0200 (CEST) Subject: SUSE-CU-2022:1987-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220831072338.D3191F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1987-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-20.12 , bci/dotnet-aspnet:6.0.8 , bci/dotnet-aspnet:6.0.8-20.12 , bci/dotnet-aspnet:latest Container Release : 20.12 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Wed Aug 31 07:24:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:24:34 +0200 (CEST) Subject: SUSE-CU-2022:1988-1: Recommended update of bci/bci-init Message-ID: <20220831072434.2E4B9F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1988-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.21.12 , bci/bci-init:latest Container Release : 21.12 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Wed Aug 31 07:25:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:25:19 +0200 (CEST) Subject: SUSE-CU-2022:1984-1: Recommended update of bci/rust Message-ID: <20220831072519.E5747F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1984-1 Container Tags : bci/rust:1.59 , bci/rust:1.59-9.29 Container Release : 9.29 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Wed Aug 31 07:25:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:25:51 +0200 (CEST) Subject: SUSE-CU-2022:1989-1: Recommended update of bci/rust Message-ID: <20220831072551.C4175F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1989-1 Container Tags : bci/rust:1.60 , bci/rust:1.60-5.12 Container Release : 5.12 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Wed Aug 31 07:26:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:26:18 +0200 (CEST) Subject: SUSE-CU-2022:1990-1: Recommended update of bci/rust Message-ID: <20220831072618.888F8F3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1990-1 Container Tags : bci/rust:1.61 , bci/rust:1.61-6.11 Container Release : 6.11 Severity : important Type : recommended References : 1195059 1198341 1201795 1202310 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libelf1-0.185-150400.5.3.1 updated - libsystemd0-249.12-150400.8.10.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Wed Aug 31 07:26:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:26:31 +0200 (CEST) Subject: SUSE-CU-2022:1991-1: Recommended update of bci/rust Message-ID: <20220831072631.DBC7EF3D4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1991-1 Container Tags : bci/rust:1.62 , bci/rust:1.62-2.11 , bci/rust:latest Container Release : 2.11 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated - container:sles15-image-15.0.0-27.11.14 updated From sle-updates at lists.suse.com Wed Aug 31 07:27:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 09:27:13 +0200 (CEST) Subject: SUSE-CU-2022:1992-1: Recommended update of suse/sle15 Message-ID: <20220831072713.49853F3D4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1992-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.14 , suse/sle15:15.4 , suse/sle15:15.4.27.11.14 Container Release : 27.11.14 Severity : important Type : recommended References : 1202310 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) The following package changes have been done: - timezone-2022a-150000.75.10.1 updated From sle-updates at lists.suse.com Wed Aug 31 10:17:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 12:17:53 +0200 (CEST) Subject: SUSE-SU-2022:2946-1: important: Security update for postgresql10 Message-ID: <20220831101753.A2CA9F3D4@maintenance.suse.de> SUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2946-1 Rating: important References: #1202368 Cross-References: CVE-2022-2625 CVSS scores: CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql10 fixes the following issues: - Upgrade to 10.22: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2946=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2946=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2946=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2946=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2946=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2946=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2946=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2946=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2946=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2946=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2946=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2946=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2946=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2946=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2946=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2946=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2946=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2946=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-llvmjit-devel-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 postgresql10-test-10.22-150100.8.50.1 - openSUSE Leap 15.4 (noarch): postgresql10-docs-10.22-150100.8.50.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 postgresql10-test-10.22-150100.8.50.1 - openSUSE Leap 15.3 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Manager Server 4.1 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Manager Retail Branch Server 4.1 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Manager Proxy 4.1 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Manager Proxy 4.1 (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Enterprise Storage 7 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE Enterprise Storage 6 (noarch): postgresql10-docs-10.22-150100.8.50.1 - SUSE CaaS Platform 4.0 (x86_64): postgresql10-10.22-150100.8.50.1 postgresql10-contrib-10.22-150100.8.50.1 postgresql10-contrib-debuginfo-10.22-150100.8.50.1 postgresql10-debuginfo-10.22-150100.8.50.1 postgresql10-debugsource-10.22-150100.8.50.1 postgresql10-devel-10.22-150100.8.50.1 postgresql10-devel-debuginfo-10.22-150100.8.50.1 postgresql10-plperl-10.22-150100.8.50.1 postgresql10-plperl-debuginfo-10.22-150100.8.50.1 postgresql10-plpython-10.22-150100.8.50.1 postgresql10-plpython-debuginfo-10.22-150100.8.50.1 postgresql10-pltcl-10.22-150100.8.50.1 postgresql10-pltcl-debuginfo-10.22-150100.8.50.1 postgresql10-server-10.22-150100.8.50.1 postgresql10-server-debuginfo-10.22-150100.8.50.1 - SUSE CaaS Platform 4.0 (noarch): postgresql10-docs-10.22-150100.8.50.1 References: https://www.suse.com/security/cve/CVE-2022-2625.html https://bugzilla.suse.com/1202368 From sle-updates at lists.suse.com Wed Aug 31 10:18:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 12:18:55 +0200 (CEST) Subject: SUSE-SU-2022:2947-1: important: Security update for zlib Message-ID: <20220831101855.D7734F3D4@maintenance.suse.de> SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2947-1 Rating: important References: #1202175 Cross-References: CVE-2022-37434 CVSS scores: CVE-2022-37434 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37434 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2947=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2947=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2947=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2947=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2947=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2947=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2947=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2947=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2947=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2947=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2947=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2947=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2947=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2947=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2947=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2947=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2947=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2947=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2947=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2947=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2947=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2947=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - openSUSE Leap 15.4 (x86_64): libminizip1-32bit-1.2.11-150000.3.33.1 libminizip1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-32bit-1.2.11-150000.3.33.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - openSUSE Leap 15.3 (x86_64): libminizip1-32bit-1.2.11-150000.3.33.1 libminizip1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-32bit-1.2.11-150000.3.33.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Manager Server 4.1 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Manager Proxy 4.1 (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Enterprise Storage 7 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 - SUSE Enterprise Storage 6 (x86_64): libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 - SUSE CaaS Platform 4.0 (x86_64): libminizip1-1.2.11-150000.3.33.1 libminizip1-debuginfo-1.2.11-150000.3.33.1 libz1-1.2.11-150000.3.33.1 libz1-32bit-1.2.11-150000.3.33.1 libz1-32bit-debuginfo-1.2.11-150000.3.33.1 libz1-debuginfo-1.2.11-150000.3.33.1 minizip-devel-1.2.11-150000.3.33.1 zlib-debugsource-1.2.11-150000.3.33.1 zlib-devel-1.2.11-150000.3.33.1 zlib-devel-32bit-1.2.11-150000.3.33.1 zlib-devel-static-1.2.11-150000.3.33.1 References: https://www.suse.com/security/cve/CVE-2022-37434.html https://bugzilla.suse.com/1202175 From sle-updates at lists.suse.com Wed Aug 31 10:19:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 12:19:46 +0200 (CEST) Subject: SUSE-RU-2022:2945-1: important: Recommended update for sssd Message-ID: <20220831101946.68E73F3D4@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2945-1 Rating: important References: #1202326 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This recommended update for sssd fixes the following issues: - Fix sssd-common-32bit version conflict (bsc#1202326) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2945=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2945=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-2.5.2-150400.4.8.1 libipa_hbac0-2.5.2-150400.4.8.1 libipa_hbac0-debuginfo-2.5.2-150400.4.8.1 libnfsidmap-sss-2.5.2-150400.4.8.1 libnfsidmap-sss-debuginfo-2.5.2-150400.4.8.1 libsss_certmap-devel-2.5.2-150400.4.8.1 libsss_certmap0-2.5.2-150400.4.8.1 libsss_certmap0-debuginfo-2.5.2-150400.4.8.1 libsss_idmap-devel-2.5.2-150400.4.8.1 libsss_idmap0-2.5.2-150400.4.8.1 libsss_idmap0-debuginfo-2.5.2-150400.4.8.1 libsss_nss_idmap-devel-2.5.2-150400.4.8.1 libsss_nss_idmap0-2.5.2-150400.4.8.1 libsss_nss_idmap0-debuginfo-2.5.2-150400.4.8.1 libsss_simpleifp-devel-2.5.2-150400.4.8.1 libsss_simpleifp0-2.5.2-150400.4.8.1 libsss_simpleifp0-debuginfo-2.5.2-150400.4.8.1 python3-ipa_hbac-2.5.2-150400.4.8.1 python3-ipa_hbac-debuginfo-2.5.2-150400.4.8.1 python3-sss-murmur-2.5.2-150400.4.8.1 python3-sss-murmur-debuginfo-2.5.2-150400.4.8.1 python3-sss_nss_idmap-2.5.2-150400.4.8.1 python3-sss_nss_idmap-debuginfo-2.5.2-150400.4.8.1 python3-sssd-config-2.5.2-150400.4.8.1 python3-sssd-config-debuginfo-2.5.2-150400.4.8.1 sssd-2.5.2-150400.4.8.1 sssd-ad-2.5.2-150400.4.8.1 sssd-ad-debuginfo-2.5.2-150400.4.8.1 sssd-common-2.5.2-150400.4.8.1 sssd-common-debuginfo-2.5.2-150400.4.8.1 sssd-dbus-2.5.2-150400.4.8.1 sssd-dbus-debuginfo-2.5.2-150400.4.8.1 sssd-debugsource-2.5.2-150400.4.8.1 sssd-ipa-2.5.2-150400.4.8.1 sssd-ipa-debuginfo-2.5.2-150400.4.8.1 sssd-kcm-2.5.2-150400.4.8.1 sssd-kcm-debuginfo-2.5.2-150400.4.8.1 sssd-krb5-2.5.2-150400.4.8.1 sssd-krb5-common-2.5.2-150400.4.8.1 sssd-krb5-common-debuginfo-2.5.2-150400.4.8.1 sssd-krb5-debuginfo-2.5.2-150400.4.8.1 sssd-ldap-2.5.2-150400.4.8.1 sssd-ldap-debuginfo-2.5.2-150400.4.8.1 sssd-proxy-2.5.2-150400.4.8.1 sssd-proxy-debuginfo-2.5.2-150400.4.8.1 sssd-tools-2.5.2-150400.4.8.1 sssd-tools-debuginfo-2.5.2-150400.4.8.1 sssd-winbind-idmap-2.5.2-150400.4.8.1 sssd-winbind-idmap-debuginfo-2.5.2-150400.4.8.1 - openSUSE Leap 15.4 (x86_64): sssd-common-32bit-2.5.2-150400.4.8.1 sssd-common-32bit-debuginfo-2.5.2-150400.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-2.5.2-150400.4.8.1 libipa_hbac0-2.5.2-150400.4.8.1 libipa_hbac0-debuginfo-2.5.2-150400.4.8.1 libsss_certmap-devel-2.5.2-150400.4.8.1 libsss_certmap0-2.5.2-150400.4.8.1 libsss_certmap0-debuginfo-2.5.2-150400.4.8.1 libsss_idmap-devel-2.5.2-150400.4.8.1 libsss_idmap0-2.5.2-150400.4.8.1 libsss_idmap0-debuginfo-2.5.2-150400.4.8.1 libsss_nss_idmap-devel-2.5.2-150400.4.8.1 libsss_nss_idmap0-2.5.2-150400.4.8.1 libsss_nss_idmap0-debuginfo-2.5.2-150400.4.8.1 libsss_simpleifp-devel-2.5.2-150400.4.8.1 libsss_simpleifp0-2.5.2-150400.4.8.1 libsss_simpleifp0-debuginfo-2.5.2-150400.4.8.1 python3-sssd-config-2.5.2-150400.4.8.1 python3-sssd-config-debuginfo-2.5.2-150400.4.8.1 sssd-2.5.2-150400.4.8.1 sssd-ad-2.5.2-150400.4.8.1 sssd-ad-debuginfo-2.5.2-150400.4.8.1 sssd-common-2.5.2-150400.4.8.1 sssd-common-debuginfo-2.5.2-150400.4.8.1 sssd-dbus-2.5.2-150400.4.8.1 sssd-dbus-debuginfo-2.5.2-150400.4.8.1 sssd-debugsource-2.5.2-150400.4.8.1 sssd-ipa-2.5.2-150400.4.8.1 sssd-ipa-debuginfo-2.5.2-150400.4.8.1 sssd-kcm-2.5.2-150400.4.8.1 sssd-kcm-debuginfo-2.5.2-150400.4.8.1 sssd-krb5-2.5.2-150400.4.8.1 sssd-krb5-common-2.5.2-150400.4.8.1 sssd-krb5-common-debuginfo-2.5.2-150400.4.8.1 sssd-krb5-debuginfo-2.5.2-150400.4.8.1 sssd-ldap-2.5.2-150400.4.8.1 sssd-ldap-debuginfo-2.5.2-150400.4.8.1 sssd-proxy-2.5.2-150400.4.8.1 sssd-proxy-debuginfo-2.5.2-150400.4.8.1 sssd-tools-2.5.2-150400.4.8.1 sssd-tools-debuginfo-2.5.2-150400.4.8.1 sssd-winbind-idmap-2.5.2-150400.4.8.1 sssd-winbind-idmap-debuginfo-2.5.2-150400.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): sssd-common-32bit-2.5.2-150400.4.8.1 sssd-common-32bit-debuginfo-2.5.2-150400.4.8.1 References: https://bugzilla.suse.com/1202326 From sle-updates at lists.suse.com Wed Aug 31 10:20:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 12:20:25 +0200 (CEST) Subject: SUSE-SU-2022:2948-1: important: Security update for bluez Message-ID: <20220831102025.4E9DDF3D4@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2948-1 Rating: important References: #1193227 #1194704 Cross-References: CVE-2019-8922 CVE-2022-0204 CVSS scores: CVE-2019-8922 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-8922 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0204 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0204 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2022-0204: Fixed a buffer overflow in the implementation of the gatt protocol (bsc#1194704). - CVE-2019-8922: Fixed a buffer overflow in the implementation of the Service Discovery Protocol (bsc#1193227). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2948=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2948=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2948=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2948=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2948=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2948=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2948=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2948=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2948=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): bluez-5.48-150200.13.8.1 bluez-debuginfo-5.48-150200.13.8.1 bluez-debugsource-5.48-150200.13.8.1 bluez-devel-5.48-150200.13.8.1 libbluetooth3-5.48-150200.13.8.1 libbluetooth3-debuginfo-5.48-150200.13.8.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): bluez-5.48-150200.13.8.1 bluez-debuginfo-5.48-150200.13.8.1 bluez-debugsource-5.48-150200.13.8.1 bluez-devel-5.48-150200.13.8.1 libbluetooth3-5.48-150200.13.8.1 libbluetooth3-debuginfo-5.48-150200.13.8.1 - SUSE Manager Proxy 4.1 (x86_64): bluez-5.48-150200.13.8.1 bluez-debuginfo-5.48-150200.13.8.1 bluez-debugsource-5.48-150200.13.8.1 bluez-devel-5.48-150200.13.8.1 libbluetooth3-5.48-150200.13.8.1 libbluetooth3-debuginfo-5.48-150200.13.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): bluez-5.48-150200.13.8.1 bluez-debuginfo-5.48-150200.13.8.1 bluez-debugsource-5.48-150200.13.8.1 bluez-devel-5.48-150200.13.8.1 libbluetooth3-5.48-150200.13.8.1 libbluetooth3-debuginfo-5.48-150200.13.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.48-150200.13.8.1 bluez-debuginfo-5.48-150200.13.8.1 bluez-debugsource-5.48-150200.13.8.1 bluez-devel-5.48-150200.13.8.1 libbluetooth3-5.48-150200.13.8.1 libbluetooth3-debuginfo-5.48-150200.13.8.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): bluez-5.48-150200.13.8.1 bluez-debuginfo-5.48-150200.13.8.1 bluez-debugsource-5.48-150200.13.8.1 bluez-devel-5.48-150200.13.8.1 libbluetooth3-5.48-150200.13.8.1 libbluetooth3-debuginfo-5.48-150200.13.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): bluez-5.48-150200.13.8.1 bluez-debuginfo-5.48-150200.13.8.1 bluez-debugsource-5.48-150200.13.8.1 bluez-devel-5.48-150200.13.8.1 libbluetooth3-5.48-150200.13.8.1 libbluetooth3-debuginfo-5.48-150200.13.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): bluez-5.48-150200.13.8.1 bluez-debuginfo-5.48-150200.13.8.1 bluez-debugsource-5.48-150200.13.8.1 bluez-devel-5.48-150200.13.8.1 libbluetooth3-5.48-150200.13.8.1 libbluetooth3-debuginfo-5.48-150200.13.8.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): bluez-5.48-150200.13.8.1 bluez-debuginfo-5.48-150200.13.8.1 bluez-debugsource-5.48-150200.13.8.1 bluez-devel-5.48-150200.13.8.1 libbluetooth3-5.48-150200.13.8.1 libbluetooth3-debuginfo-5.48-150200.13.8.1 References: https://www.suse.com/security/cve/CVE-2019-8922.html https://www.suse.com/security/cve/CVE-2022-0204.html https://bugzilla.suse.com/1193227 https://bugzilla.suse.com/1194704 From sle-updates at lists.suse.com Wed Aug 31 13:17:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 15:17:24 +0200 (CEST) Subject: SUSE-SU-2022:2949-1: important: Security update for java-1_8_0-ibm Message-ID: <20220831131724.DFE96FC32@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2949-1 Rating: important References: #1201684 #1201685 #1201692 #1201694 #1202427 Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-34169 CVSS scores: CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-21549 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21549 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-34169 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Updated to Java 8.0 Service Refresh 7 Fix Pack 11 (bsc#1202427): - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred when processing malicious stylesheets (bsc#1201684). - CVE-2022-21549: Fixed an issue that could lead to computing negative random exponentials (bsc#1201685). - CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201692). - CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in the Hotspot component (bsc#1201694). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2949=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2949=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2949=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2949=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2949=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2949=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2949=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2949=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2949=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2949=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2949=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2949=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2949=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2949=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2949=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2949=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-demo-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-src-1.8.0_sr7.11-150000.3.62.1 - openSUSE Leap 15.4 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-demo-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-src-1.8.0_sr7.11-150000.3.62.1 - openSUSE Leap 15.3 (x86_64): java-1_8_0-ibm-32bit-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-32bit-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Manager Server 4.1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Enterprise Storage 7 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE Enterprise Storage 6 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-ibm-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-alsa-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-devel-1.8.0_sr7.11-150000.3.62.1 java-1_8_0-ibm-plugin-1.8.0_sr7.11-150000.3.62.1 References: https://www.suse.com/security/cve/CVE-2022-21540.html https://www.suse.com/security/cve/CVE-2022-21541.html https://www.suse.com/security/cve/CVE-2022-21549.html https://www.suse.com/security/cve/CVE-2022-34169.html https://bugzilla.suse.com/1201684 https://bugzilla.suse.com/1201685 https://bugzilla.suse.com/1201692 https://bugzilla.suse.com/1201694 https://bugzilla.suse.com/1202427 From sle-updates at lists.suse.com Wed Aug 31 13:18:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 15:18:29 +0200 (CEST) Subject: SUSE-RU-2022:2956-1: moderate: Recommended update for post-build-checks Message-ID: <20220831131829.349A6FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for post-build-checks ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2956-1 Rating: moderate References: Affected Products: openSUSE Leap 15.5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for post-build-checks is a test update for openSUSE Leap 15.5. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.5: zypper in -t patch openSUSE-SLE-15.5-2022-2956=1 Package List: - openSUSE Leap 15.5 (noarch): post-build-checks-84.87+git20220325.f46ef3c-150500.3.2.1 References: From sle-updates at lists.suse.com Wed Aug 31 13:19:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 15:19:02 +0200 (CEST) Subject: SUSE-RU-2022:2953-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20220831131902.6256AFC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2953-1 Rating: moderate References: #1201612 #1202706 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - While the source code was updated to support SLE Micro the spec file was not updated for the new locations of the cache and the certs. Update the spec file to be consistent with the code implementation. (bsc#1202706) - Handle exception when trying to deregister a system form the server. (bsc#1201612) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2953=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2953=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-2953=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-2953=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-2953=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-2953=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-2953=1 Package List: - openSUSE Leap 15.4 (noarch): cloud-regionsrv-client-10.0.5-150000.6.76.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.76.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.76.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.76.1 - openSUSE Leap 15.3 (noarch): cloud-regionsrv-client-10.0.5-150000.6.76.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.76.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.76.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): cloud-regionsrv-client-10.0.5-150000.6.76.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.76.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.76.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.76.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-10.0.5-150000.6.76.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.76.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.76.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.76.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-10.0.5-150000.6.76.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.76.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.76.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.76.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-10.0.5-150000.6.76.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.76.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.76.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.76.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-10.0.5-150000.6.76.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.76.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.76.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.76.1 References: https://bugzilla.suse.com/1201612 https://bugzilla.suse.com/1202706 From sle-updates at lists.suse.com Wed Aug 31 13:19:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 15:19:49 +0200 (CEST) Subject: SUSE-RU-2022:2951-1: important: Recommended update for suse-migration-services Message-ID: <20220831131949.23AE8FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2951-1 Rating: important References: #1202706 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-migration-services fixes the following issues: - Bump version: 2.0.34 - Add handling for locating the cache files in cloud-regionsrv-client (bsc#1202706) - Update document version and authors - Add missing python3-PyYAML dependency on suse-migration-pre-checks Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2951=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2951=1 Package List: - openSUSE Leap 15.4 (noarch): suse-migration-pre-checks-2.0.34-150000.1.51.1 suse-migration-services-2.0.34-150000.1.51.1 - openSUSE Leap 15.3 (noarch): suse-migration-pre-checks-2.0.34-150000.1.51.1 suse-migration-services-2.0.34-150000.1.51.1 References: https://bugzilla.suse.com/1202706 From sle-updates at lists.suse.com Wed Aug 31 13:20:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 15:20:22 +0200 (CEST) Subject: SUSE-RU-2022:2954-1: moderate: Recommended update for bpftrace Message-ID: <20220831132022.DEAF3FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for bpftrace ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2954-1 Rating: moderate References: #1200630 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bpftrace fixes the following issues: - Do not link against the shared BFD libraries, avoids direct dependency against binutils versions (bsc#1200630) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2954=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2954=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bpftrace-0.14.0-150400.3.5.1 - openSUSE Leap 15.4 (noarch): bpftrace-tools-0.14.0-150400.3.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): bpftrace-0.14.0-150400.3.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): bpftrace-tools-0.14.0-150400.3.5.1 References: https://bugzilla.suse.com/1200630 From sle-updates at lists.suse.com Wed Aug 31 13:21:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 15:21:09 +0200 (CEST) Subject: SUSE-RU-2022:2950-1: important: Recommended update for suse-migration-services Message-ID: <20220831132109.AC000FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-migration-services ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2950-1 Rating: important References: #1202706 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-migration-services fixes the following issues: - Bump version: 2.0.34 - Add handling for locating the cache files in cloud-regionsrv-client (bsc#1202706) - Update document version and authors - Add missing python3-PyYAML dependency on suse-migration-pre-checks Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2950=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): suse-migration-pre-checks-2.0.34-6.9.1 References: https://bugzilla.suse.com/1202706 From sle-updates at lists.suse.com Wed Aug 31 13:21:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 15:21:44 +0200 (CEST) Subject: SUSE-RU-2022:2952-1: moderate: Recommended update for cloud-regionsrv-client Message-ID: <20220831132144.E16E2FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2952-1 Rating: moderate References: #1199668 #1201612 #1202706 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - While the source code was updated to support SLE Micro the spec file was not updated for the new locations of the cache and the certs. Update the spec file to be consistent with the code implementation. (bsc#1202706) - Handle exception when trying to deregister a system form the server (bsc#1201612) - Store the update server certs in the /etc path instead of /usr to accomodate read only setup of SLE-Micro (bsc#1199668) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-2952=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-2952=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-10.0.5-52.80.1 cloud-regionsrv-client-addon-azure-1.0.5-52.80.1 cloud-regionsrv-client-generic-config-1.0.0-52.80.1 cloud-regionsrv-client-plugin-azure-2.0.0-52.80.1 cloud-regionsrv-client-plugin-ec2-1.0.2-52.80.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.80.1 References: https://bugzilla.suse.com/1199668 https://bugzilla.suse.com/1201612 https://bugzilla.suse.com/1202706 From sle-updates at lists.suse.com Wed Aug 31 13:22:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 15:22:28 +0200 (CEST) Subject: SUSE-RU-2022:2955-1: moderate: Recommended update for bpftrace Message-ID: <20220831132228.37EF9FC32@maintenance.suse.de> SUSE Recommended Update: Recommended update for bpftrace ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:2955-1 Rating: moderate References: #1200630 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bpftrace fixes the following issues: - do not link against the shared BFD libraries to avoid explicit binutils dependency (bsc#1200630) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2955=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-2955=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): bpftrace-0.11.4-150300.3.14.1 - openSUSE Leap 15.3 (noarch): bpftrace-tools-0.11.4-150300.3.14.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): bpftrace-0.11.4-150300.3.14.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): bpftrace-tools-0.11.4-150300.3.14.1 References: https://bugzilla.suse.com/1200630 From sle-updates at lists.suse.com Wed Aug 31 16:16:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 18:16:55 +0200 (CEST) Subject: SUSE-SU-2022:2959-1: important: Security update for rsync Message-ID: <20220831161655.387A0F3D4@maintenance.suse.de> SUSE Security Update: Security update for rsync ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2959-1 Rating: important References: #1201840 Cross-References: CVE-2022-29154 CVSS scores: CVE-2022-29154 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-29154 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rsync fixes the following issues: - CVE-2022-29154: Fixed an arbitrary file write issue that could be triggered by a malicious remote server (bsc#1201840). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2959=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2959=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2959=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2959=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2959=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2959=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2959=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2959=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2959=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2959=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2959=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2959=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2959=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2959=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2959=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2959=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2959=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2959=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Manager Proxy 4.1 (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 - SUSE CaaS Platform 4.0 (x86_64): rsync-3.1.3-150000.4.13.1 rsync-debuginfo-3.1.3-150000.4.13.1 rsync-debugsource-3.1.3-150000.4.13.1 References: https://www.suse.com/security/cve/CVE-2022-29154.html https://bugzilla.suse.com/1201840 From sle-updates at lists.suse.com Wed Aug 31 16:17:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 18:17:51 +0200 (CEST) Subject: SUSE-SU-2022:2958-1: important: Security update for postgresql12 Message-ID: <20220831161751.DB505F3D4@maintenance.suse.de> SUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2958-1 Rating: important References: #1179945 #1183168 #1185924 #1185925 #1185926 #1185952 #1187751 #1189748 #1190740 #1192516 #1195680 #1198166 #1199475 #1202368 Cross-References: CVE-2021-23214 CVE-2021-23222 CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 CVE-2021-3677 CVE-2022-1552 CVE-2022-2625 CVSS scores: CVE-2021-23214 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-23214 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-23222 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-23222 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-32027 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32027 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-32028 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-32028 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-32029 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-32029 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3677 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3677 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1552 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has 6 fixes is now available. Description: This update for postgresql12 fixes the following issues: - Upgrade to 12.12: - CVE-2022-2625: Fixed an issue where extension scripts would replace objects not belonging to that extension (bsc#1202368). - Upgrade to 12.11: - CVE-2022-1552: Confined additional operations within "security restricted operation" sandboxes (bsc#1199475). - Upgrade to 12.10 (bsc#1195680) - Add constraints file with 12GB of memory for s390x as a workaround (boo#1190740) - Upgrade to version 12.9 (bsc#1192516): - CVE-2021-23214: Made the server reject extraneous data after an SSL or GSS encryption handshake - CVE-2021-23222: Made libpq reject extraneous data after an SSL or GSS encryption handshake - Upgrade to version 12.8: - CVE-2021-3677: Fixed memory disclosure in certain queries (bsc#1189748). - Upgrade to version 12.7: - CVE-2021-32027: Fixed integer overflows in array subscripting calculations (bsc#1185924). - CVE-2021-32028: Fixed mishandling of junk columns in INSERT ... ON CONFLICT ... UPDATE target lists (bsc#1185925). - CVE-2021-32029: Fixed possibly-incorrect computation of UPDATE ... RETURNING "pg_psql_temporary_savepoint" does not exist (bsc#1185926). - Fixed build with llvm12 on s390x (bsc#1185952). - Re-enabled icu for PostgreSQL 10 (bsc#1179945). - Made the dependency of postgresqlXX-server-devel on llvm and clang optional (bsc#1187751). - llvm12 breaks PostgreSQL 11 and 12 on s390x. Use llvm11 as a workaround (bsc#1185952). - Don't use %_stop_on_removal, because it was meant to be private and got removed from openSUSE. %_restart_on_update is also private, but still supported and needed for now (bsc#1183168). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2958=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2958=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2958=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2958=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2958=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-2958=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libecpg6-12.12-150100.3.33.1 libecpg6-debuginfo-12.12-150100.3.33.1 libpq5-12.12-150100.3.33.1 libpq5-debuginfo-12.12-150100.3.33.1 postgresql12-12.12-150100.3.33.1 postgresql12-contrib-12.12-150100.3.33.1 postgresql12-contrib-debuginfo-12.12-150100.3.33.1 postgresql12-debuginfo-12.12-150100.3.33.1 postgresql12-debugsource-12.12-150100.3.33.1 postgresql12-devel-12.12-150100.3.33.1 postgresql12-devel-debuginfo-12.12-150100.3.33.1 postgresql12-plperl-12.12-150100.3.33.1 postgresql12-plperl-debuginfo-12.12-150100.3.33.1 postgresql12-plpython-12.12-150100.3.33.1 postgresql12-plpython-debuginfo-12.12-150100.3.33.1 postgresql12-pltcl-12.12-150100.3.33.1 postgresql12-pltcl-debuginfo-12.12-150100.3.33.1 postgresql12-server-12.12-150100.3.33.1 postgresql12-server-debuginfo-12.12-150100.3.33.1 postgresql12-server-devel-12.12-150100.3.33.1 postgresql12-server-devel-debuginfo-12.12-150100.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libpq5-32bit-12.12-150100.3.33.1 libpq5-32bit-debuginfo-12.12-150100.3.33.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): postgresql12-docs-12.12-150100.3.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libecpg6-12.12-150100.3.33.1 libecpg6-debuginfo-12.12-150100.3.33.1 libpq5-12.12-150100.3.33.1 libpq5-debuginfo-12.12-150100.3.33.1 postgresql12-12.12-150100.3.33.1 postgresql12-contrib-12.12-150100.3.33.1 postgresql12-contrib-debuginfo-12.12-150100.3.33.1 postgresql12-debuginfo-12.12-150100.3.33.1 postgresql12-debugsource-12.12-150100.3.33.1 postgresql12-devel-12.12-150100.3.33.1 postgresql12-devel-debuginfo-12.12-150100.3.33.1 postgresql12-plperl-12.12-150100.3.33.1 postgresql12-plperl-debuginfo-12.12-150100.3.33.1 postgresql12-plpython-12.12-150100.3.33.1 postgresql12-plpython-debuginfo-12.12-150100.3.33.1 postgresql12-pltcl-12.12-150100.3.33.1 postgresql12-pltcl-debuginfo-12.12-150100.3.33.1 postgresql12-server-12.12-150100.3.33.1 postgresql12-server-debuginfo-12.12-150100.3.33.1 postgresql12-server-devel-12.12-150100.3.33.1 postgresql12-server-devel-debuginfo-12.12-150100.3.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): postgresql12-docs-12.12-150100.3.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libpq5-32bit-12.12-150100.3.33.1 libpq5-32bit-debuginfo-12.12-150100.3.33.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libecpg6-12.12-150100.3.33.1 libecpg6-debuginfo-12.12-150100.3.33.1 libpq5-12.12-150100.3.33.1 libpq5-32bit-12.12-150100.3.33.1 libpq5-32bit-debuginfo-12.12-150100.3.33.1 libpq5-debuginfo-12.12-150100.3.33.1 postgresql12-12.12-150100.3.33.1 postgresql12-contrib-12.12-150100.3.33.1 postgresql12-contrib-debuginfo-12.12-150100.3.33.1 postgresql12-debuginfo-12.12-150100.3.33.1 postgresql12-debugsource-12.12-150100.3.33.1 postgresql12-devel-12.12-150100.3.33.1 postgresql12-devel-debuginfo-12.12-150100.3.33.1 postgresql12-plperl-12.12-150100.3.33.1 postgresql12-plperl-debuginfo-12.12-150100.3.33.1 postgresql12-plpython-12.12-150100.3.33.1 postgresql12-plpython-debuginfo-12.12-150100.3.33.1 postgresql12-pltcl-12.12-150100.3.33.1 postgresql12-pltcl-debuginfo-12.12-150100.3.33.1 postgresql12-server-12.12-150100.3.33.1 postgresql12-server-debuginfo-12.12-150100.3.33.1 postgresql12-server-devel-12.12-150100.3.33.1 postgresql12-server-devel-debuginfo-12.12-150100.3.33.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): postgresql12-docs-12.12-150100.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libecpg6-12.12-150100.3.33.1 libecpg6-debuginfo-12.12-150100.3.33.1 libpq5-12.12-150100.3.33.1 libpq5-debuginfo-12.12-150100.3.33.1 postgresql12-12.12-150100.3.33.1 postgresql12-contrib-12.12-150100.3.33.1 postgresql12-contrib-debuginfo-12.12-150100.3.33.1 postgresql12-debuginfo-12.12-150100.3.33.1 postgresql12-debugsource-12.12-150100.3.33.1 postgresql12-devel-12.12-150100.3.33.1 postgresql12-devel-debuginfo-12.12-150100.3.33.1 postgresql12-plperl-12.12-150100.3.33.1 postgresql12-plperl-debuginfo-12.12-150100.3.33.1 postgresql12-plpython-12.12-150100.3.33.1 postgresql12-plpython-debuginfo-12.12-150100.3.33.1 postgresql12-pltcl-12.12-150100.3.33.1 postgresql12-pltcl-debuginfo-12.12-150100.3.33.1 postgresql12-server-12.12-150100.3.33.1 postgresql12-server-debuginfo-12.12-150100.3.33.1 postgresql12-server-devel-12.12-150100.3.33.1 postgresql12-server-devel-debuginfo-12.12-150100.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): postgresql12-docs-12.12-150100.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libpq5-32bit-12.12-150100.3.33.1 libpq5-32bit-debuginfo-12.12-150100.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libecpg6-12.12-150100.3.33.1 libecpg6-debuginfo-12.12-150100.3.33.1 libpq5-12.12-150100.3.33.1 libpq5-debuginfo-12.12-150100.3.33.1 postgresql12-12.12-150100.3.33.1 postgresql12-contrib-12.12-150100.3.33.1 postgresql12-contrib-debuginfo-12.12-150100.3.33.1 postgresql12-debuginfo-12.12-150100.3.33.1 postgresql12-debugsource-12.12-150100.3.33.1 postgresql12-devel-12.12-150100.3.33.1 postgresql12-devel-debuginfo-12.12-150100.3.33.1 postgresql12-plperl-12.12-150100.3.33.1 postgresql12-plperl-debuginfo-12.12-150100.3.33.1 postgresql12-plpython-12.12-150100.3.33.1 postgresql12-plpython-debuginfo-12.12-150100.3.33.1 postgresql12-pltcl-12.12-150100.3.33.1 postgresql12-pltcl-debuginfo-12.12-150100.3.33.1 postgresql12-server-12.12-150100.3.33.1 postgresql12-server-debuginfo-12.12-150100.3.33.1 postgresql12-server-devel-12.12-150100.3.33.1 postgresql12-server-devel-debuginfo-12.12-150100.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libpq5-32bit-12.12-150100.3.33.1 libpq5-32bit-debuginfo-12.12-150100.3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): postgresql12-docs-12.12-150100.3.33.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libecpg6-12.12-150100.3.33.1 libecpg6-debuginfo-12.12-150100.3.33.1 libpq5-12.12-150100.3.33.1 libpq5-debuginfo-12.12-150100.3.33.1 postgresql12-12.12-150100.3.33.1 postgresql12-contrib-12.12-150100.3.33.1 postgresql12-contrib-debuginfo-12.12-150100.3.33.1 postgresql12-debuginfo-12.12-150100.3.33.1 postgresql12-debugsource-12.12-150100.3.33.1 postgresql12-devel-12.12-150100.3.33.1 postgresql12-devel-debuginfo-12.12-150100.3.33.1 postgresql12-plperl-12.12-150100.3.33.1 postgresql12-plperl-debuginfo-12.12-150100.3.33.1 postgresql12-plpython-12.12-150100.3.33.1 postgresql12-plpython-debuginfo-12.12-150100.3.33.1 postgresql12-pltcl-12.12-150100.3.33.1 postgresql12-pltcl-debuginfo-12.12-150100.3.33.1 postgresql12-server-12.12-150100.3.33.1 postgresql12-server-debuginfo-12.12-150100.3.33.1 postgresql12-server-devel-12.12-150100.3.33.1 postgresql12-server-devel-debuginfo-12.12-150100.3.33.1 - SUSE Enterprise Storage 6 (noarch): postgresql12-docs-12.12-150100.3.33.1 - SUSE Enterprise Storage 6 (x86_64): libpq5-32bit-12.12-150100.3.33.1 libpq5-32bit-debuginfo-12.12-150100.3.33.1 - SUSE CaaS Platform 4.0 (x86_64): libecpg6-12.12-150100.3.33.1 libecpg6-debuginfo-12.12-150100.3.33.1 libpq5-12.12-150100.3.33.1 libpq5-32bit-12.12-150100.3.33.1 libpq5-32bit-debuginfo-12.12-150100.3.33.1 libpq5-debuginfo-12.12-150100.3.33.1 postgresql12-12.12-150100.3.33.1 postgresql12-contrib-12.12-150100.3.33.1 postgresql12-contrib-debuginfo-12.12-150100.3.33.1 postgresql12-debuginfo-12.12-150100.3.33.1 postgresql12-debugsource-12.12-150100.3.33.1 postgresql12-devel-12.12-150100.3.33.1 postgresql12-devel-debuginfo-12.12-150100.3.33.1 postgresql12-plperl-12.12-150100.3.33.1 postgresql12-plperl-debuginfo-12.12-150100.3.33.1 postgresql12-plpython-12.12-150100.3.33.1 postgresql12-plpython-debuginfo-12.12-150100.3.33.1 postgresql12-pltcl-12.12-150100.3.33.1 postgresql12-pltcl-debuginfo-12.12-150100.3.33.1 postgresql12-server-12.12-150100.3.33.1 postgresql12-server-debuginfo-12.12-150100.3.33.1 postgresql12-server-devel-12.12-150100.3.33.1 postgresql12-server-devel-debuginfo-12.12-150100.3.33.1 - SUSE CaaS Platform 4.0 (noarch): postgresql12-docs-12.12-150100.3.33.1 References: https://www.suse.com/security/cve/CVE-2021-23214.html https://www.suse.com/security/cve/CVE-2021-23222.html https://www.suse.com/security/cve/CVE-2021-32027.html https://www.suse.com/security/cve/CVE-2021-32028.html https://www.suse.com/security/cve/CVE-2021-32029.html https://www.suse.com/security/cve/CVE-2021-3677.html https://www.suse.com/security/cve/CVE-2022-1552.html https://www.suse.com/security/cve/CVE-2022-2625.html https://bugzilla.suse.com/1179945 https://bugzilla.suse.com/1183168 https://bugzilla.suse.com/1185924 https://bugzilla.suse.com/1185925 https://bugzilla.suse.com/1185926 https://bugzilla.suse.com/1185952 https://bugzilla.suse.com/1187751 https://bugzilla.suse.com/1189748 https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1192516 https://bugzilla.suse.com/1195680 https://bugzilla.suse.com/1198166 https://bugzilla.suse.com/1199475 https://bugzilla.suse.com/1202368 From sle-updates at lists.suse.com Wed Aug 31 16:19:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 18:19:44 +0200 (CEST) Subject: SUSE-SU-2022:2960-1: moderate: Security update for ucode-intel Message-ID: <20220831161944.503A1F3D4@maintenance.suse.de> SUSE Security Update: Security update for ucode-intel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2960-1 Rating: moderate References: #1201727 Cross-References: CVE-2022-21233 CVSS scores: CVE-2022-21233 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-21233 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release (bsc#1201727): - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657). See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0 0657.html Other fixes: - Update for functional issues. See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scala ble-spec-update.html?wapkw=processor+specification+update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12 | ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12 ------------------------------------------------------------------ Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2960=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2960=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2960=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2960=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2960=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2960=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2960=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2960=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2960=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2960=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2960=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2960=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2960=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2960=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2960=1 Package List: - openSUSE Leap 15.4 (x86_64): ucode-intel-20220809-150200.18.1 - openSUSE Leap 15.3 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Manager Server 4.1 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Manager Proxy 4.1 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): ucode-intel-20220809-150200.18.1 - SUSE Enterprise Storage 7 (x86_64): ucode-intel-20220809-150200.18.1 References: https://www.suse.com/security/cve/CVE-2022-21233.html https://bugzilla.suse.com/1201727 From sle-updates at lists.suse.com Wed Aug 31 16:20:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 18:20:35 +0200 (CEST) Subject: SUSE-SU-2022:2957-1: important: Security update for gstreamer-plugins-good Message-ID: <20220831162035.2CF98F3D4@maintenance.suse.de> SUSE Security Update: Security update for gstreamer-plugins-good ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2957-1 Rating: important References: #1201688 #1201693 #1201702 #1201704 #1201706 #1201707 #1201708 Cross-References: CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923 CVE-2022-1924 CVE-2022-1925 CVE-2022-2122 CVSS scores: CVE-2022-1920 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1920 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1921 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1921 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-1922 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1922 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1923 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1923 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1924 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1924 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-1925 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1925 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H CVE-2022-2122 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2122 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7.1 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for gstreamer-plugins-good fixes the following issues: - CVE-2022-1920: Fixed integer overflow in WavPack header handling code (bsc#1201688). - CVE-2022-1921: Fixed integer overflow resulting in heap corruption in avidemux element (bsc#1201693). - CVE-2022-1922: Fixed integer overflows in mkv demuxing (bsc#1201702). - CVE-2022-1923: Fixed integer overflows in mkv demuxing using bzip (bsc#1201704). - CVE-2022-1924: Fixed integer overflows in mkv demuxing using lzo (bsc#1201706). - CVE-2022-1925: Fixed integer overflows in mkv demuxing using HEADERSTRIP (bsc#1201707). - CVE-2022-2122: Fixed integer overflows in qtdemux using zlib (bsc#1201708). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-2957=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-2957=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2957=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2957=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2957=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2957=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2957=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2957=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2957=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2957=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2957=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-2957=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-doc-1.16.3-150200.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 gstreamer-plugins-good-doc-1.16.3-150200.3.9.1 gstreamer-plugins-good-extra-1.16.3-150200.3.9.1 gstreamer-plugins-good-extra-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-gtk-1.16.3-150200.3.9.1 gstreamer-plugins-good-gtk-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-jack-1.16.3-150200.3.9.1 gstreamer-plugins-good-jack-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-qtqml-1.16.3-150200.3.9.1 gstreamer-plugins-good-qtqml-debuginfo-1.16.3-150200.3.9.1 - openSUSE Leap 15.3 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - openSUSE Leap 15.3 (x86_64): gstreamer-plugins-good-32bit-1.16.3-150200.3.9.1 gstreamer-plugins-good-32bit-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-extra-32bit-1.16.3-150200.3.9.1 gstreamer-plugins-good-extra-32bit-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-jack-32bit-1.16.3-150200.3.9.1 gstreamer-plugins-good-jack-32bit-debuginfo-1.16.3-150200.3.9.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Manager Server 4.1 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Manager Retail Branch Server 4.1 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Manager Proxy 4.1 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Manager Proxy 4.1 (x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gstreamer-plugins-good-1.16.3-150200.3.9.1 gstreamer-plugins-good-debuginfo-1.16.3-150200.3.9.1 gstreamer-plugins-good-debugsource-1.16.3-150200.3.9.1 - SUSE Enterprise Storage 7 (noarch): gstreamer-plugins-good-lang-1.16.3-150200.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-1920.html https://www.suse.com/security/cve/CVE-2022-1921.html https://www.suse.com/security/cve/CVE-2022-1922.html https://www.suse.com/security/cve/CVE-2022-1923.html https://www.suse.com/security/cve/CVE-2022-1924.html https://www.suse.com/security/cve/CVE-2022-1925.html https://www.suse.com/security/cve/CVE-2022-2122.html https://bugzilla.suse.com/1201688 https://bugzilla.suse.com/1201693 https://bugzilla.suse.com/1201702 https://bugzilla.suse.com/1201704 https://bugzilla.suse.com/1201706 https://bugzilla.suse.com/1201707 https://bugzilla.suse.com/1201708 From sle-updates at lists.suse.com Wed Aug 31 19:15:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 31 Aug 2022 21:15:59 +0200 (CEST) Subject: SUSE-SU-2022:2961-1: important: Security update for open-vm-tools Message-ID: <20220831191559.56875F3D4@maintenance.suse.de> SUSE Security Update: Security update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2961-1 Rating: important References: #1160408 #1162119 #1162435 #1165955 #1202657 Cross-References: CVE-2022-31676 CVSS scores: CVE-2022-31676 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31676 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for open-vm-tools fixes the following issues: - CVE-2022-31676: Fixed an issue that could allow unprivileged users inside a virtual machine to escalate privileges (bsc#1202657). Non-security fixes: - Update to 11.0.5 (build 15389592) (bsc#1165955) DNS server is reported incorrectly in GuestInfo as '127.0.0.53', when the OS uses systemd-resolved. This issue is fixed in this release. Added Application Discover (appInfo) plugin. The plugin collects the information about running applications inside the guest and publishes the information to a guest variable. - GCC-10 compiler failure (bsc#1160408) The update will solve a GNU compiler Collection GCC10 failure with -fno-common. - Rectify a log spew in vmsvc logging (bsc#1162435, bsc#1162119) When a LSI Logic Parallel SCSI controller sits in PCI bus 0 (SCSI controller 0), the Linux disk device enumeration does not provide a "label" file with the controller name. This results in messages like "GuestInfoGetDiskDevice: Missing disk device name; VMDK mapping unavailable for "/var/log", fsName: "/dev/sda2" repeatedly appearing in the vmsvc logging. The update converts what previously was a warning message to a debug message and thus avoids the log spew. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2961=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2961=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2961=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): libvmtools-devel-11.0.5-150000.3.29.1 libvmtools0-11.0.5-150000.3.29.1 libvmtools0-debuginfo-11.0.5-150000.3.29.1 open-vm-tools-11.0.5-150000.3.29.1 open-vm-tools-debuginfo-11.0.5-150000.3.29.1 open-vm-tools-debugsource-11.0.5-150000.3.29.1 open-vm-tools-desktop-11.0.5-150000.3.29.1 open-vm-tools-desktop-debuginfo-11.0.5-150000.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libvmtools-devel-11.0.5-150000.3.29.1 libvmtools0-11.0.5-150000.3.29.1 libvmtools0-debuginfo-11.0.5-150000.3.29.1 open-vm-tools-11.0.5-150000.3.29.1 open-vm-tools-debuginfo-11.0.5-150000.3.29.1 open-vm-tools-debugsource-11.0.5-150000.3.29.1 open-vm-tools-desktop-11.0.5-150000.3.29.1 open-vm-tools-desktop-debuginfo-11.0.5-150000.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libvmtools-devel-11.0.5-150000.3.29.1 libvmtools0-11.0.5-150000.3.29.1 libvmtools0-debuginfo-11.0.5-150000.3.29.1 open-vm-tools-11.0.5-150000.3.29.1 open-vm-tools-debuginfo-11.0.5-150000.3.29.1 open-vm-tools-debugsource-11.0.5-150000.3.29.1 open-vm-tools-desktop-11.0.5-150000.3.29.1 open-vm-tools-desktop-debuginfo-11.0.5-150000.3.29.1 References: https://www.suse.com/security/cve/CVE-2022-31676.html https://bugzilla.suse.com/1160408 https://bugzilla.suse.com/1162119 https://bugzilla.suse.com/1162435 https://bugzilla.suse.com/1165955 https://bugzilla.suse.com/1202657