From sle-updates at lists.suse.com Thu Dec 1 08:38:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 09:38:30 +0100 (CET) Subject: SUSE-CU-2022:3266-1: Security update of bci/nodejs Message-ID: <20221201083830.2CCA7FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3266-1 Container Tags : bci/node:12 , bci/node:12-17.83 , bci/nodejs:12 , bci/nodejs:12-17.83 Container Release : 17.83 Severity : important Type : security References : 1188607 1203125 1204577 1205119 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-37454 CVE-2022-43548 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4254-1 Released: Mon Nov 28 12:29:21 2022 Summary: Security update for nodejs12 Type: security Severity: important References: 1205119,CVE-2022-43548 This update for nodejs12 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nodejs12-12.22.12-150200.4.41.2 updated - npm12-12.22.12-150200.4.41.2 updated - python3-base-3.6.15-150300.10.37.2 updated - container:sles15-image-15.0.0-17.20.77 updated From sle-updates at lists.suse.com Thu Dec 1 08:40:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 09:40:57 +0100 (CET) Subject: SUSE-CU-2022:3267-1: Recommended update of bci/golang Message-ID: <20221201084057.AEF52FBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3267-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-18.44 , bci/golang:latest Container Release : 18.44 Severity : moderate Type : recommended References : 1190651 1202750 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4236-1 Released: Fri Nov 25 18:20:32 2022 Summary: Recommended update for linux-glibc-devel Type: recommended Severity: moderate References: This update for linux-glibc-devel fixes the following issues: - Add the rest of 1.0 IAA operation definitions to the user header (jsc#PED-813). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - libatomic1-12.2.1+git416-150000.1.5.1 updated - libgomp1-12.2.1+git416-150000.1.5.1 updated - libitm1-12.2.1+git416-150000.1.5.1 updated - liblsan0-12.2.1+git416-150000.1.5.1 updated - linux-glibc-devel-5.14-150400.6.3.1 updated - container:sles15-image-15.0.0-27.14.20 updated From sle-updates at lists.suse.com Thu Dec 1 08:41:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 09:41:11 +0100 (CET) Subject: SUSE-CU-2022:3269-1: Security update of bci/openjdk Message-ID: <20221201084111.31F0CFBA7@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3269-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-9.46 Container Release : 9.46 Severity : critical Type : security References : 1040589 1047178 1073299 1093392 1104700 1112310 1113554 1120402 1121365 1130557 1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353 1180995 1181658 1182983 1185637 1188127 1189802 1190651 1190651 1190651 1190653 1190700 1190888 1191020 1191546 1191546 1192079 1192079 1192080 1192080 1192086 1192086 1192087 1192087 1192228 1192228 1192951 1193282 1193659 1193859 1194047 1194708 1195059 1195157 1195283 1195773 1196025 1196026 1196168 1196169 1196171 1196490 1196784 1196861 1197065 1197178 1197570 1197718 1197771 1197794 1198165 1198176 1198341 1198446 1198471 1198472 1198486 1198486 1198627 1198720 1198731 1198732 1198751 1198752 1198823 1198830 1198832 1198925 1198980 1198980 1199132 1199140 1199140 1199166 1199232 1199240 1199492 1199944 1200027 1200027 1200170 1200334 1200550 1200734 1200735 1200736 1200737 1200747 1200800 1200855 1200855 1201099 1201276 1201293 1201298 1201298 1201298 1201385 1201560 1201640 1201680 1201684 1201685 1201692 1201694 1201783 1201795 1201942 1201959 1202117 1202148 1202148 1202175 1202310 1202324 1202593 1202645 1202750 1202870 1202870 1202870 1203018 1203046 1203069 1203438 1203476 1203652 1203911 1204179 1204211 1204366 1204367 1204383 1204386 1204422 1204425 1204468 1204472 1204473 1204475 1204480 1204649 1204690 1204708 1204729 1204729 1204968 1205126 1205156 CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2021-46848 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1664 CVE-2022-2068 CVE-2022-2097 CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21628 CVE-2022-23308 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-31252 CVE-2022-31741 CVE-2022-31741 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-34169 CVE-2022-35252 CVE-2022-3554 CVE-2022-3555 CVE-2022-35737 CVE-2022-37434 CVE-2022-3821 CVE-2022-39399 CVE-2022-40303 CVE-2022-40304 CVE-2022-40674 CVE-2022-42898 CVE-2022-42916 CVE-2022-43680 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1197794 This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1670-1 Released: Mon May 16 10:06:30 2022 Summary: Security update for openldap2 Type: security Severity: important References: 1199240,CVE-2022-29155 This update for openldap2 fixes the following issues: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1718-1 Released: Tue May 17 17:44:43 2022 Summary: Security update for e2fsprogs Type: security Severity: important References: 1198446,CVE-2022-1304 This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate References: 1040589 This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1899-1 Released: Wed Jun 1 10:43:22 2022 Summary: Recommended update for libtirpc Type: recommended Severity: important References: 1198176 This update for libtirpc fixes the following issues: - Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1909-1 Released: Wed Jun 1 16:25:35 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1198751 This update for glibc fixes the following issues: - Add the correct name for the IBM Z16 (bsc#1198751). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2305-1 Released: Wed Jul 6 13:38:42 2022 Summary: Security update for curl Type: security Severity: important References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208 This update for curl fixes the following issues: - CVE-2022-32205: Set-Cookie denial of service (bsc#1200734) - CVE-2022-32206: HTTP compression denial of service (bsc#1200735) - CVE-2022-32207: Unpreserved file permissions (bsc#1200736) - CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2308-1 Released: Wed Jul 6 14:15:13 2022 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097 This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2469-1 Released: Thu Jul 21 04:38:31 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276 This update for systemd fixes the following issues: - Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276) - Allow control characters in environment variable values (bsc#1200170) - Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570) - Fix parsing error in s390 udev rules conversion script (bsc#1198732) - core/device: device_coldplug(): don't set DEVICE_DEAD - core/device: do not downgrade device state if it is already enumerated - core/device: drop unnecessary condition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2493-1 Released: Thu Jul 21 14:35:08 2022 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: moderate References: 1193282 This update for rpm-config-SUSE fixes the following issues: - Add SBAT values macros for other packages (bsc#1193282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2494-1 Released: Thu Jul 21 15:16:42 2022 Summary: Recommended update for glibc Type: recommended Severity: important References: 1200855,1201560,1201640 This update for glibc fixes the following issues: - Remove tunables from static tls surplus patch which caused crashes (bsc#1200855) - i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2533-1 Released: Fri Jul 22 17:37:15 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) Mozilla NSPR was updated to version 4.34: * add an API that returns a preferred loopback IP on hosts that have two IP stacks available. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2552-1 Released: Tue Jul 26 14:55:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 This update for libxml2 fixes the following issues: Update to 2.9.14: - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). Update to version 2.9.13: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2595-1 Released: Fri Jul 29 16:00:42 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1192079,1192080,1192086,1192087,1192228,1198486,1200027,CVE-2022-31741 This update for mozilla-nss fixes the following issues: Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4: - Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079). - FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck() (bsc#1198980). - FIPS: mark algorithms as approved/non-approved according to security policy (bsc#1191546, bsc#1201298). - FIPS: remove hard disabling of unapproved algorithms. This requirement is now fulfilled by the service level indicator (bsc#1200325). - Run test suite at build time, and make it pass (bsc#1198486). - FIPS: skip algorithms that are hard disabled in FIPS mode. - Prevent expired PayPalEE cert from failing the tests. - Allow checksumming to be disabled, but only if we entered FIPS mode due to NSS_FIPS being set, not if it came from /proc. - FIPS: Make the PBKDF known answer test compliant with NIST SP800-132. - Update FIPS validation string to version-release format. - FIPS: remove XCBC MAC from list of FIPS approved algorithms. - Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build. - FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080). - FIPS: allow testing of unapproved algorithms (bsc#1192228). - FIPS: add version indicators. (bmo#1729550, bsc#1192086). - FIPS: fix some secret clearing (bmo#1697303, bsc#1192087). Version update to NSS 3.79: - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls. - Update mercurial in clang-format docker image. - Use of uninitialized pointer in lg_init after alloc fail. - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo. - Add SECMOD_LockedModuleHasRemovableSlots. - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP. - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts. - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version. - Correct invalid record inner and outer content type alerts. - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding. - improve error handling after nssCKFWInstance_CreateObjectHandle. - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. - NSS 3.79 should depend on NSPR 4.34 Version update to NSS 3.78.1: - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple Version update to NSS 3.78: - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests. - Reworked overlong record size checks and added TLS1.3 specific boundaries. - Add ECH Grease Support to tstclnt - Add a strict variant of moz::pkix::CheckCertHostname. - Change SSL_REUSE_SERVER_ECDHE_KEY default to false. - Make SEC_PKCS12EnableCipher succeed - Update zlib in NSS to 1.2.12. Version update to NSS 3.77: - Fix link to TLS page on wireshark wiki - Add two D-TRUST 2020 root certificates. - Add Telia Root CA v2 root certificate. - Remove expired explicitly distrusted certificates from certdata.txt. - support specific RSA-PSS parameters in mozilla::pkix - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate. - Remove token member from NSSSlot struct. - Provide secure variants of mpp_pprime and mpp_make_prime. - Support UTF-8 library path in the module spec string. - Update nssUTF8_Length to RFC 3629 and fix buffer overrun. - Update googletest to 1.11.0 - Add SetTls13GreaseEchSize to experimental API. - TLS 1.3 Illegal legacy_version handling/alerts. - Fix calculation of ECH HRR Transcript. - Allow ld path to be set as environment variable. - Ensure we don't read uninitialized memory in ssl gtests. - Fix DataBuffer Move Assignment. - internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3 - rework signature verification in mozilla::pkix Version update to NSS 3.76.1 - Remove token member from NSSSlot struct. - Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots. - Check return value of PK11Slot_GetNSSToken. - Use Wycheproof JSON for RSASSA-PSS - Add SHA256 fingerprint comments to old certdata.txt entries. - Avoid truncating files in nss-release-helper.py. - Throw illegal_parameter alert for illegal extensions in handshake message. Version update to NSS 3.75 - Make DottedOIDToCode.py compatible with python3. - Avoid undefined shift in SSL_CERT_IS while fuzzing. - Remove redundant key type check. - Update ABI expectations to match ECH changes. - Enable CKM_CHACHA20. - check return on NSS_NoDB_Init and NSS_Shutdown. - Run ECDSA test vectors from bltest as part of the CI tests. - Add ECDSA test vectors to the bltest command line tool. - Allow to build using clang's integrated assembler. - Allow to override python for the build. - test HKDF output rather than input. - Use ASSERT macros to end failed tests early. - move assignment operator for DataBuffer. - Add test cases for ECH compression and unexpected extensions in SH. - Update tests for ECH-13. - Tidy up error handling. - Add tests for ECH HRR Changes. - Server only sends GREASE HRR extension if enabled by preference. - Update generation of the Associated Data for ECH-13. - When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello. - Allow for compressed, non-contiguous, extensions. - Scramble the PSK extension in CHOuter. - Split custom extension handling for ECH. - Add ECH-13 HRR Handling. - Client side ECH padding. - Stricter ClientHelloInner Decompression. - Remove ECH_inner extension, use new enum format. - Update the version number for ECH-13 and adjust the ECHConfig size. Version update to NSS 3.74 - mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses - Ensure clients offer consistent ciphersuites after HRR - NSS does not properly restrict server keys based on policy - Set nssckbi version number to 2.54 - Replace Google Trust Services LLC (GTS) R4 root certificate - Replace Google Trust Services LLC (GTS) R3 root certificate - Replace Google Trust Services LLC (GTS) R2 root certificate - Replace Google Trust Services LLC (GTS) R1 root certificate - Replace GlobalSign ECC Root CA R4 - Remove Expired Root Certificates - DST Root CA X3 - Remove Expiring Cybertrust Global Root and GlobalSign root certificates - Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate - Add iTrusChina ECC root certificate - Add iTrusChina RSA root certificate - Add ISRG Root X2 root certificate - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate - Avoid a clang 13 unused variable warning in opt build - Check for missing signedData field - Ensure DER encoded signatures are within size limits - enable key logging option (boo#1195040) Version update to NSS 3.73.1: - Add SHA-2 support to mozilla::pkix's OSCP implementation Version update to NSS 3.73 - check for missing signedData field. - Ensure DER encoded signatures are within size limits. - NSS needs FiPS 140-3 version indicators. - pkix_CacheCert_Lookup doesn't return cached certs - sunset Coverity from NSS Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures Version update to NSS 3.72 - Fix nsinstall parallel failure. - Increase KDF cache size to mitigate perf regression in about:logins Version update to NSS 3.71 - Set nssckbi version number to 2.52. - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py - Import of PKCS#12 files with Camellia encryption is not supported - Add HARICA Client ECC Root CA 2021. - Add HARICA Client RSA Root CA 2021. - Add HARICA TLS ECC Root CA 2021. - Add HARICA TLS RSA Root CA 2021. - Add TunTrust Root CA certificate to NSS. Version update to NSS 3.70 - Update test case to verify fix. - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback - Avoid using a lookup table in nssb64d. - Use HW accelerated SHA2 on AArch64 Big Endian. - Change default value of enableHelloDowngradeCheck to true. - Cache additional PBE entries. - Read HPKE vectors from official JSON. Version update to NSS 3.69.1: - Disable DTLS 1.0 and 1.1 by default - integrity checks in key4.db not happening on private components with AES_CBC NSS 3.69: - Disable DTLS 1.0 and 1.1 by default (backed out again) - integrity checks in key4.db not happening on private components with AES_CBC (backed out again) - SSL handling of signature algorithms ignores environmental invalid algorithms. - sqlite 3.34 changed it's open semantics, causing nss failures. - Gtest update changed the gtest reports, losing gtest details in all.sh reports. - NSS incorrectly accepting 1536 bit DH primes in FIPS mode - SQLite calls could timeout in starvation situations. - Coverity/cpp scanner errors found in nss 3.67 - Import the NSS documentation from MDN in nss/doc. - NSS using a tempdir to measure sql performance not active Version Update to 3.68.4 (bsc#1200027) - CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2660-1 Released: Wed Aug 3 21:06:01 2022 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1201684,1201685,1201692,1201694,CVE-2022-21540,CVE-2022-21541,CVE-2022-21549,CVE-2022-34169 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.4+8 (July 2022 CPU) - CVE-2022-21540: Improve class compilation (bsc#1201694) - CVE-2022-21541: Enhance MethodHandle invocations (bsc#1201692) - CVE-2022-34169: Improve Xalan supports (bsc#1201684) - CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions (bsc#1201685) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate References: 1198627,CVE-2022-29458 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2901-1 Released: Fri Aug 26 03:34:23 2022 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: This update for elfutils fixes the following issues: - Fix runtime dependency for devel package ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2904-1 Released: Fri Aug 26 05:28:34 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1198341 This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2920-1 Released: Fri Aug 26 15:17:02 2022 Summary: Recommended update for systemd Type: recommended Severity: important References: 1195059,1201795 This update for systemd fixes the following issues: - Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795) - Drop or soften some of the deprecation warnings (jsc#PED-944) - Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059) - Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default - analyze: Fix offline check for syscal filter - calendarspec: Fix timer skipping the next elapse - core: Allow command argument to be longer - hwdb: Add AV production controllers to hwdb and add uaccess - hwdb: Allow console users access to rfkill - hwdb: Allow end-users root-less access to TL866 EPROM readers - hwdb: Permit unsetting power/persist for USB devices - hwdb: Tag IR cameras as such - hwdb: Fix parsing issue - hwdb: Make usb match patterns uppercase - hwdb: Update the hardware database - journal-file: Stop using the event loop if it's already shutting down - journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called - journald: Ensure resources are properly allocated for SIGTERM handling - kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed - macro: Account for negative values in DECIMAL_STR_WIDTH() - manager: Disallow clone3() function call in seccomp filters - missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing - pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable - resolve: Fix typo in dns_class_is_pseudo() - sd-event: Improve handling of process events and termination of processes - sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces - stdio-bridge: Improve the meaning of the error message - tmpfiles: Check for the correct directory ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2929-1 Released: Mon Aug 29 11:21:47 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1202310 This update for timezone fixes the following issue: - Reflect new Chile DST change (bsc#1202310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2939-1 Released: Mon Aug 29 14:49:17 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1201298,1202645 This update for mozilla-nss fixes the following issues: Update to NSS 3.79.1 (bsc#1202645) * compare signature and signatureAlgorithm fields in legacy certificate verifier. * Uninitialized value in cert_ComputeCertType. * protect SFTKSlot needLogin with slotLock. * avoid data race on primary password change. * check for null template in sec_asn1{d,e}_push_state. - FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important References: 1202175,CVE-2022-37434 This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2977-1 Released: Thu Sep 1 12:30:19 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1197178,1198731 This update for util-linux fixes the following issues: - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate References: 1198925 This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3003-1 Released: Fri Sep 2 15:01:44 2022 Summary: Security update for curl Type: security Severity: low References: 1202593,CVE-2022-35252 This update for curl fixes the following issues: - CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3127-1 Released: Wed Sep 7 04:36:10 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1198752,1200800 This update for libtirpc fixes the following issues: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3215-1 Released: Thu Sep 8 15:58:27 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Support Ed25519 RPM signatures [jsc#SLE-24714] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3252-1 Released: Mon Sep 12 09:07:53 2022 Summary: Security update for freetype2 Type: security Severity: moderate References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406 This update for freetype2 fixes the following issues: - CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830). - CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832). - CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823). Non-security fixes: - Updated to version 2.10.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1199140 This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3271-1 Released: Wed Sep 14 06:45:39 2022 Summary: Security update for perl Type: security Severity: moderate References: 1047178,CVE-2017-6512 This update for perl fixes the following issues: - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3305-1 Released: Mon Sep 19 11:45:57 2022 Summary: Security update for libtirpc Type: security Severity: important References: 1201680,CVE-2021-46828 This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3353-1 Released: Fri Sep 23 15:23:40 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1203018,CVE-2022-31252 This update for permissions fixes the following issues: - CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3452-1 Released: Wed Sep 28 12:13:43 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1201942 This update for glibc fixes the following issues: - Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942) - powerpc: Optimized memcmp for power10 (jsc#PED-987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3551-1 Released: Fri Oct 7 17:03:55 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1182983,1190700,1191020,1202117 This update for libgcrypt fixes the following issues: - FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983] - FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] * Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0 - FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] - FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] * Consider approved keylength greater or equal to 112 bits. - FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3555-1 Released: Mon Oct 10 14:05:12 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important References: 1199492 This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3873-1 Released: Fri Nov 4 14:58:08 2022 Summary: Recommended update for mozilla-nspr, mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nspr was updated to version 4.34.1: * add file descriptor sanity checks in the NSPR poll function. mozilla-nss was updated to NSS 3.79.2 (bsc#1204729): * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. Other fixes that were applied: - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Prevent TLS sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Use libjitterentropy for entropy (bsc#1202870). - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3958-1 Released: Fri Nov 11 15:20:45 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298,1202870,1204729 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.79.2 (bsc#1204729) * Bump minimum NSPR version to 4.34.1. * Gracefully handle null nickname in CERT_GetCertNicknameWithValidity. - FIPS: Allow the use of DSA keys (verification only) (bsc#1201298). - FIPS: Add sftk_FIPSRepeatIntegrityCheck() to softoken's .def file (bsc#1198980). - FIPS: Allow the use of longer symmetric keys via the service level indicator (bsc#1191546). - FIPS: Export sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980). - FIPS: Prevent sessions from getting flagged as non-FIPS (bsc#1191546). - FIPS: Mark DSA keygen unapproved (bsc#1191546, bsc#1201298). - FIPS: Enable userspace entropy gathering via libjitterentropy (bsc#1202870). - FIPS: Prevent keys from getting flagged as non-FIPS and add remaining TLS mechanisms. - FIPS: Use libjitterentropy for entropy. - FIPS: Fixed an abort() when both NSS_FIPS and /proc FIPS mode are enabled. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3986-1 Released: Tue Nov 15 12:57:41 2022 Summary: Security update for libX11 Type: security Severity: moderate References: 1204422,1204425,CVE-2022-3554,CVE-2022-3555 This update for libX11 fixes the following issues: - CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422). - CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4079-1 Released: Fri Nov 18 15:36:28 2022 Summary: Security update for java-17-openjdk Type: security Severity: moderate References: 1203476,1204468,1204472,1204473,1204475,1204480,CVE-2022-21618,CVE-2022-21619,CVE-2022-21624,CVE-2022-21628,CVE-2022-39399 This update for java-17-openjdk fixes the following issues: - Update to jdk-17.0.5+8 (October 2022 CPU) - CVE-2022-39399: Improve HTTP/2 client usage(bsc#1204480) - CVE-2022-21628: Better HttpServer service (bsc#1204472) - CVE-2022-21624: Enhance icon presentations (bsc#1204475) - CVE-2022-21619: Improve NTLM support (bsc#1204473) - CVE-2022-21618: Wider MultiByte (bsc#1204468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libldap-data-2.4.46-150200.14.11.2 updated - libtirpc-netconfig-1.2.6-150300.3.14.1 updated - glibc-2.31-150300.41.1 updated - libcrypt1-4.4.15-150300.4.4.3 updated - perl-base-5.26.1-150300.17.11.1 updated - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libcom_err2-1.46.4-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libgcrypt20-1.9.4-150400.6.5.1 updated - libgcrypt20-hmac-1.9.4-150400.6.5.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libsqlite3-0-3.39.3-150000.3.17.1 updated - libpcre1-8.45-150000.20.13.1 updated - libjitterentropy3-3.4.0-150000.1.6.1 added - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libpsl5-0.20.1-150000.3.3.1 updated - libncurses6-6.1-150000.5.12.1 updated - terminfo-base-6.1-150000.5.12.1 updated - ncurses-utils-6.1-150000.5.12.1 updated - libelf1-0.185-150400.5.3.1 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - libdw1-0.185-150400.5.3.1 updated - libldap-2_4-2-2.4.46-150200.14.11.2 updated - libmount1-2.37.2-150400.8.8.1 updated - krb5-1.19.2-150400.3.3.1 updated - sles-release-15.4-150400.55.1 updated - libtirpc3-1.2.6-150300.3.14.1 updated - grep-3.1-150000.4.6.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - rpm-config-SUSE-1-150400.14.3.1 updated - permissions-20201225-150400.5.16.1 updated - rpm-ndb-4.14.3-150300.52.1 updated - pam-1.3.0-150000.6.61.1 updated - util-linux-2.37.2-150400.8.8.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - timezone-2022f-150000.75.15.1 added - openssl-1_1-1.1.1l-150400.7.16.1 updated - libX11-data-1.6.5-150000.3.24.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libfreebl3-3.79.2-150400.3.15.1 updated - libfreebl3-hmac-3.79.2-150400.3.15.1 updated - mozilla-nspr-4.34.1-150000.3.26.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - libxcb1-1.13-150000.3.9.1 updated - libfreetype6-2.10.4-150000.4.12.1 updated - mozilla-nss-certs-3.79.2-150400.3.15.1 updated - libX11-6-1.6.5-150000.3.24.1 updated - libsoftokn3-3.79.2-150400.3.15.1 updated - mozilla-nss-3.79.2-150400.3.15.1 updated - libsoftokn3-hmac-3.79.2-150400.3.15.1 updated - java-17-openjdk-headless-17.0.5.0-150400.3.6.1 updated - java-17-openjdk-17.0.5.0-150400.3.6.1 updated - container:sles15-image-15.0.0-27.14.21 updated From sle-updates at lists.suse.com Thu Dec 1 11:21:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 12:21:02 +0100 (CET) Subject: SUSE-SU-2022:4303-1: important: Security update for tomcat Message-ID: <20221201112102.7F70DFD89@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4303-1 Rating: important References: #1204918 Cross-References: CVE-2022-42252 CVSS scores: CVE-2022-42252 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-42252 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tomcat fixes the following issues: - CVE-2022-42252: Fixed a request smuggling (bsc#1204918). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4303=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4303=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4303=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4303=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4303=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.93.1 tomcat-admin-webapps-9.0.36-3.93.1 tomcat-docs-webapp-9.0.36-3.93.1 tomcat-el-3_0-api-9.0.36-3.93.1 tomcat-javadoc-9.0.36-3.93.1 tomcat-jsp-2_3-api-9.0.36-3.93.1 tomcat-lib-9.0.36-3.93.1 tomcat-servlet-4_0-api-9.0.36-3.93.1 tomcat-webapps-9.0.36-3.93.1 - SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.93.1 tomcat-admin-webapps-9.0.36-3.93.1 tomcat-docs-webapp-9.0.36-3.93.1 tomcat-el-3_0-api-9.0.36-3.93.1 tomcat-javadoc-9.0.36-3.93.1 tomcat-jsp-2_3-api-9.0.36-3.93.1 tomcat-lib-9.0.36-3.93.1 tomcat-servlet-4_0-api-9.0.36-3.93.1 tomcat-webapps-9.0.36-3.93.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.93.1 tomcat-admin-webapps-9.0.36-3.93.1 tomcat-docs-webapp-9.0.36-3.93.1 tomcat-el-3_0-api-9.0.36-3.93.1 tomcat-javadoc-9.0.36-3.93.1 tomcat-jsp-2_3-api-9.0.36-3.93.1 tomcat-lib-9.0.36-3.93.1 tomcat-servlet-4_0-api-9.0.36-3.93.1 tomcat-webapps-9.0.36-3.93.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.93.1 tomcat-admin-webapps-9.0.36-3.93.1 tomcat-docs-webapp-9.0.36-3.93.1 tomcat-el-3_0-api-9.0.36-3.93.1 tomcat-javadoc-9.0.36-3.93.1 tomcat-jsp-2_3-api-9.0.36-3.93.1 tomcat-lib-9.0.36-3.93.1 tomcat-servlet-4_0-api-9.0.36-3.93.1 tomcat-webapps-9.0.36-3.93.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.93.1 tomcat-admin-webapps-9.0.36-3.93.1 tomcat-docs-webapp-9.0.36-3.93.1 tomcat-el-3_0-api-9.0.36-3.93.1 tomcat-javadoc-9.0.36-3.93.1 tomcat-jsp-2_3-api-9.0.36-3.93.1 tomcat-lib-9.0.36-3.93.1 tomcat-servlet-4_0-api-9.0.36-3.93.1 tomcat-webapps-9.0.36-3.93.1 References: https://www.suse.com/security/cve/CVE-2022-42252.html https://bugzilla.suse.com/1204918 From sle-updates at lists.suse.com Thu Dec 1 11:21:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 12:21:52 +0100 (CET) Subject: SUSE-SU-2022:4302-1: important: Security update for grub2 Message-ID: <20221201112152.7AE4CFD89@maintenance.suse.de> SUSE Security Update: Security update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4302-1 Rating: important References: #1205178 #1205182 #1205520 #1205554 Cross-References: CVE-2022-2601 CVE-2022-3775 CVSS scores: CVE-2022-2601 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3775 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for grub2 fixes the following issues: Security Fixes: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 - Fix unreadable filesystem with xfs v4 superblock (bsc#1205520). - Remove zfs modules (bsc#1205554). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4302=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4302=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4302=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4302=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4302=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): grub2-2.02-153.1 grub2-debuginfo-2.02-153.1 grub2-debugsource-2.02-153.1 grub2-i386-pc-2.02-153.1 grub2-x86_64-efi-2.02-153.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): grub2-snapper-plugin-2.02-153.1 grub2-systemd-sleep-plugin-2.02-153.1 grub2-x86_64-xen-2.02-153.1 - SUSE OpenStack Cloud 9 (noarch): grub2-snapper-plugin-2.02-153.1 grub2-systemd-sleep-plugin-2.02-153.1 grub2-x86_64-xen-2.02-153.1 - SUSE OpenStack Cloud 9 (x86_64): grub2-2.02-153.1 grub2-debuginfo-2.02-153.1 grub2-debugsource-2.02-153.1 grub2-i386-pc-2.02-153.1 grub2-x86_64-efi-2.02-153.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): grub2-2.02-153.1 grub2-debuginfo-2.02-153.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le): grub2-powerpc-ieee1275-2.02-153.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): grub2-debugsource-2.02-153.1 grub2-i386-pc-2.02-153.1 grub2-x86_64-efi-2.02-153.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): grub2-snapper-plugin-2.02-153.1 grub2-systemd-sleep-plugin-2.02-153.1 grub2-x86_64-xen-2.02-153.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): grub2-2.02-153.1 grub2-debuginfo-2.02-153.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): grub2-debugsource-2.02-153.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): grub2-arm64-efi-2.02-153.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): grub2-powerpc-ieee1275-2.02-153.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): grub2-snapper-plugin-2.02-153.1 grub2-systemd-sleep-plugin-2.02-153.1 grub2-x86_64-xen-2.02-153.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): grub2-i386-pc-2.02-153.1 grub2-x86_64-efi-2.02-153.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): grub2-s390x-emu-2.02-153.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.02-153.1 grub2-debuginfo-2.02-153.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.02-153.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le): grub2-powerpc-ieee1275-2.02-153.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): grub2-arm64-efi-2.02-153.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): grub2-i386-pc-2.02-153.1 grub2-x86_64-efi-2.02-153.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): grub2-snapper-plugin-2.02-153.1 grub2-systemd-sleep-plugin-2.02-153.1 grub2-x86_64-xen-2.02-153.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): grub2-s390x-emu-2.02-153.1 References: https://www.suse.com/security/cve/CVE-2022-2601.html https://www.suse.com/security/cve/CVE-2022-3775.html https://bugzilla.suse.com/1205178 https://bugzilla.suse.com/1205182 https://bugzilla.suse.com/1205520 https://bugzilla.suse.com/1205554 From sle-updates at lists.suse.com Thu Dec 1 11:22:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 12:22:59 +0100 (CET) Subject: SUSE-SU-2022:4304-1: important: Security update for emacs Message-ID: <20221201112259.1279BFD89@maintenance.suse.de> SUSE Security Update: Security update for emacs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4304-1 Rating: important References: #1205822 Cross-References: CVE-2022-45939 CVSS scores: CVE-2022-45939 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4304=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4304=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4304=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): emacs-27.2-150400.3.3.1 emacs-debuginfo-27.2-150400.3.3.1 emacs-debugsource-27.2-150400.3.3.1 emacs-nox-27.2-150400.3.3.1 emacs-nox-debuginfo-27.2-150400.3.3.1 emacs-x11-27.2-150400.3.3.1 emacs-x11-debuginfo-27.2-150400.3.3.1 etags-27.2-150400.3.3.1 etags-debuginfo-27.2-150400.3.3.1 - openSUSE Leap 15.4 (noarch): emacs-el-27.2-150400.3.3.1 emacs-info-27.2-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): emacs-debuginfo-27.2-150400.3.3.1 emacs-debugsource-27.2-150400.3.3.1 emacs-x11-27.2-150400.3.3.1 emacs-x11-debuginfo-27.2-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): emacs-27.2-150400.3.3.1 emacs-debuginfo-27.2-150400.3.3.1 emacs-debugsource-27.2-150400.3.3.1 emacs-nox-27.2-150400.3.3.1 emacs-nox-debuginfo-27.2-150400.3.3.1 etags-27.2-150400.3.3.1 etags-debuginfo-27.2-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): emacs-el-27.2-150400.3.3.1 emacs-info-27.2-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-45939.html https://bugzilla.suse.com/1205822 From sle-updates at lists.suse.com Thu Dec 1 11:24:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 12:24:15 +0100 (CET) Subject: SUSE-SU-2022:4301-1: important: Security update for nodejs10 Message-ID: <20221201112415.2BD0FFD89@maintenance.suse.de> SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4301-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4301=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4301=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4301=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4301=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4301=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4301=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4301=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4301=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4301=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4301=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4301=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4301=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4301=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4301=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4301=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Manager Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Manager Proxy 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Enterprise Storage 7 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Enterprise Storage 6 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE CaaS Platform 4.0 (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE CaaS Platform 4.0 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 From sle-updates at lists.suse.com Thu Dec 1 11:25:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 12:25:34 +0100 (CET) Subject: SUSE-SU-2022:4305-1: important: Security update for emacs Message-ID: <20221201112534.AEDD8FD89@maintenance.suse.de> SUSE Security Update: Security update for emacs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4305-1 Rating: important References: #1205822 Cross-References: CVE-2022-45939 CVSS scores: CVE-2022-45939 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4305=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4305=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4305=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4305=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4305=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4305=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4305=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): emacs-el-24.3-25.9.1 emacs-info-24.3-25.9.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): emacs-24.3-25.9.1 emacs-debuginfo-24.3-25.9.1 emacs-debugsource-24.3-25.9.1 emacs-nox-24.3-25.9.1 emacs-nox-debuginfo-24.3-25.9.1 emacs-x11-24.3-25.9.1 emacs-x11-debuginfo-24.3-25.9.1 etags-24.3-25.9.1 etags-debuginfo-24.3-25.9.1 - SUSE OpenStack Cloud 9 (noarch): emacs-el-24.3-25.9.1 emacs-info-24.3-25.9.1 - SUSE OpenStack Cloud 9 (x86_64): emacs-24.3-25.9.1 emacs-debuginfo-24.3-25.9.1 emacs-debugsource-24.3-25.9.1 emacs-nox-24.3-25.9.1 emacs-nox-debuginfo-24.3-25.9.1 emacs-x11-24.3-25.9.1 emacs-x11-debuginfo-24.3-25.9.1 etags-24.3-25.9.1 etags-debuginfo-24.3-25.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): emacs-24.3-25.9.1 emacs-debuginfo-24.3-25.9.1 emacs-debugsource-24.3-25.9.1 emacs-nox-24.3-25.9.1 emacs-nox-debuginfo-24.3-25.9.1 emacs-x11-24.3-25.9.1 emacs-x11-debuginfo-24.3-25.9.1 etags-24.3-25.9.1 etags-debuginfo-24.3-25.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): emacs-el-24.3-25.9.1 emacs-info-24.3-25.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): emacs-24.3-25.9.1 emacs-debuginfo-24.3-25.9.1 emacs-debugsource-24.3-25.9.1 emacs-nox-24.3-25.9.1 emacs-nox-debuginfo-24.3-25.9.1 emacs-x11-24.3-25.9.1 emacs-x11-debuginfo-24.3-25.9.1 etags-24.3-25.9.1 etags-debuginfo-24.3-25.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): emacs-el-24.3-25.9.1 emacs-info-24.3-25.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): emacs-24.3-25.9.1 emacs-debuginfo-24.3-25.9.1 emacs-debugsource-24.3-25.9.1 emacs-nox-24.3-25.9.1 emacs-nox-debuginfo-24.3-25.9.1 emacs-x11-24.3-25.9.1 emacs-x11-debuginfo-24.3-25.9.1 etags-24.3-25.9.1 etags-debuginfo-24.3-25.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): emacs-el-24.3-25.9.1 emacs-info-24.3-25.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): emacs-24.3-25.9.1 emacs-debuginfo-24.3-25.9.1 emacs-debugsource-24.3-25.9.1 emacs-nox-24.3-25.9.1 emacs-nox-debuginfo-24.3-25.9.1 emacs-x11-24.3-25.9.1 emacs-x11-debuginfo-24.3-25.9.1 etags-24.3-25.9.1 etags-debuginfo-24.3-25.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): emacs-el-24.3-25.9.1 emacs-info-24.3-25.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): emacs-el-24.3-25.9.1 emacs-info-24.3-25.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): emacs-24.3-25.9.1 emacs-debuginfo-24.3-25.9.1 emacs-debugsource-24.3-25.9.1 emacs-nox-24.3-25.9.1 emacs-nox-debuginfo-24.3-25.9.1 emacs-x11-24.3-25.9.1 emacs-x11-debuginfo-24.3-25.9.1 etags-24.3-25.9.1 etags-debuginfo-24.3-25.9.1 References: https://www.suse.com/security/cve/CVE-2022-45939.html https://bugzilla.suse.com/1205822 From sle-updates at lists.suse.com Thu Dec 1 14:21:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 15:21:06 +0100 (CET) Subject: SUSE-SU-2022:4306-1: moderate: Security update for bcel Message-ID: <20221201142106.0B783FD89@maintenance.suse.de> SUSE Security Update: Security update for bcel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4306-1 Rating: moderate References: #1205125 Cross-References: CVE-2022-42920 CVSS scores: CVE-2022-42920 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42920 (SUSE): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4306=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4306=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4306=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4306=1 Package List: - openSUSE Leap 15.4 (noarch): bcel-5.2-150200.11.3.1 - openSUSE Leap 15.3 (noarch): bcel-5.2-150200.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): bcel-5.2-150200.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): bcel-5.2-150200.11.3.1 References: https://www.suse.com/security/cve/CVE-2022-42920.html https://bugzilla.suse.com/1205125 From sle-updates at lists.suse.com Thu Dec 1 20:19:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Dec 2022 21:19:48 +0100 (CET) Subject: SUSE-SU-2022:4308-1: moderate: Security update for virt-v2v Message-ID: <20221201201948.95C87FD89@maintenance.suse.de> SUSE Security Update: Security update for virt-v2v ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4308-1 Rating: moderate References: #1201064 Cross-References: CVE-2022-2211 CVSS scores: CVE-2022-2211 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2211 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for virt-v2v fixes the following issues: - CVE-2022-2211: Fixed buffer overflow in get_keys (bsc#1201064). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4308=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4308=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): virt-v2v-1.44.2-150400.3.3.1 virt-v2v-debuginfo-1.44.2-150400.3.3.1 virt-v2v-debugsource-1.44.2-150400.3.3.1 - openSUSE Leap 15.4 (noarch): virt-v2v-bash-completion-1.44.2-150400.3.3.1 virt-v2v-man-pages-ja-1.44.2-150400.3.3.1 virt-v2v-man-pages-uk-1.44.2-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): virt-v2v-1.44.2-150400.3.3.1 virt-v2v-debuginfo-1.44.2-150400.3.3.1 virt-v2v-debugsource-1.44.2-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): virt-v2v-bash-completion-1.44.2-150400.3.3.1 virt-v2v-man-pages-ja-1.44.2-150400.3.3.1 virt-v2v-man-pages-uk-1.44.2-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-2211.html https://bugzilla.suse.com/1201064 From sle-updates at lists.suse.com Thu Dec 1 23:20:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2022 00:20:23 +0100 (CET) Subject: SUSE-SU-2022:4309-1: moderate: Security update for busybox Message-ID: <20221201232023.7B9A7FD2D@maintenance.suse.de> SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4309-1 Rating: moderate References: #1199744 Cross-References: CVE-2022-30065 CVSS scores: CVE-2022-30065 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30065 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4309=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4309=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150000.4.17.1 busybox-static-1.35.0-150000.4.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150000.4.17.1 busybox-static-1.35.0-150000.4.17.1 References: https://www.suse.com/security/cve/CVE-2022-30065.html https://bugzilla.suse.com/1199744 From sle-updates at lists.suse.com Fri Dec 2 08:31:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2022 09:31:14 +0100 (CET) Subject: SUSE-CU-2022:3271-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221202083114.B7F77FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3271-1 Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-5.2.49 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.49 Severity : moderate Type : security References : 1201064 CVE-2022-2211 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4308-1 Released: Thu Dec 1 15:51:19 2022 Summary: Security update for virt-v2v Type: security Severity: moderate References: 1201064,CVE-2022-2211 This update for virt-v2v fixes the following issues: - CVE-2022-2211: Fixed buffer overflow in get_keys (bsc#1201064). The following package changes have been done: - tar-1.34-150000.3.22.3 updated From sle-updates at lists.suse.com Fri Dec 2 08:31:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2022 09:31:28 +0100 (CET) Subject: SUSE-CU-2022:3272-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20221202083128.9DF97FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3272-1 Container Tags : suse/sle-micro/5.4/toolbox:11.1 , suse/sle-micro/5.4/toolbox:11.1-3.2.11 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.11 Severity : moderate Type : security References : 1201064 CVE-2022-2211 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4308-1 Released: Thu Dec 1 15:51:19 2022 Summary: Security update for virt-v2v Type: security Severity: moderate References: 1201064,CVE-2022-2211 This update for virt-v2v fixes the following issues: - CVE-2022-2211: Fixed buffer overflow in get_keys (bsc#1201064). The following package changes have been done: - tar-1.34-150000.3.22.3 updated From sle-updates at lists.suse.com Fri Dec 2 09:35:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2022 10:35:48 +0100 (CET) Subject: SUSE-CU-2022:3294-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221202093549.00078FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3294-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.327 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.327 Severity : moderate Type : security References : 1201064 CVE-2022-2211 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4308-1 Released: Thu Dec 1 15:51:19 2022 Summary: Security update for virt-v2v Type: security Severity: moderate References: 1201064,CVE-2022-2211 This update for virt-v2v fixes the following issues: - CVE-2022-2211: Fixed buffer overflow in get_keys (bsc#1201064). The following package changes have been done: - tar-1.34-150000.3.22.3 updated From sle-updates at lists.suse.com Fri Dec 2 09:44:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2022 10:44:30 +0100 (CET) Subject: SUSE-CU-2022:3296-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20221202094430.4374EFBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3296-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.148 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.148 Severity : moderate Type : security References : 1201064 CVE-2022-2211 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4308-1 Released: Thu Dec 1 15:51:19 2022 Summary: Security update for virt-v2v Type: security Severity: moderate References: 1201064,CVE-2022-2211 This update for virt-v2v fixes the following issues: - CVE-2022-2211: Fixed buffer overflow in get_keys (bsc#1201064). The following package changes have been done: - tar-1.34-150000.3.22.3 updated From sle-updates at lists.suse.com Fri Dec 2 14:21:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2022 15:21:51 +0100 (CET) Subject: SUSE-SU-2022:4310-1: important: Security update for emacs Message-ID: <20221202142151.A34CBFD89@maintenance.suse.de> SUSE Security Update: Security update for emacs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4310-1 Rating: important References: #1205822 Cross-References: CVE-2022-45939 CVSS scores: CVE-2022-45939 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-45939 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for emacs fixes the following issues: - CVE-2022-45939: Fixed shell command injection via source code files when using ctags (bsc#1205822). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4310=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4310=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4310=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4310=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4310=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4310=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4310=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4310=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4310=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4310=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4310=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4310=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4310=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4310=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4310=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4310=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4310=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4310=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4310=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4310=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4310=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4310=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - openSUSE Leap 15.3 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Manager Server 4.1 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Manager Retail Branch Server 4.1 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Manager Proxy 4.1 (x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Manager Proxy 4.1 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Enterprise Storage 7 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 - SUSE Enterprise Storage 6 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE CaaS Platform 4.0 (noarch): emacs-el-25.3-150000.3.12.1 emacs-info-25.3-150000.3.12.1 - SUSE CaaS Platform 4.0 (x86_64): emacs-25.3-150000.3.12.1 emacs-debuginfo-25.3-150000.3.12.1 emacs-debugsource-25.3-150000.3.12.1 emacs-nox-25.3-150000.3.12.1 emacs-nox-debuginfo-25.3-150000.3.12.1 emacs-x11-25.3-150000.3.12.1 emacs-x11-debuginfo-25.3-150000.3.12.1 etags-25.3-150000.3.12.1 etags-debuginfo-25.3-150000.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-45939.html https://bugzilla.suse.com/1205822 From sle-updates at lists.suse.com Fri Dec 2 14:23:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2022 15:23:52 +0100 (CET) Subject: SUSE-RU-2022:4312-1: moderate: Recommended update for tar Message-ID: <20221202142352.73A9AFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4312-1 Rating: moderate References: #1200657 #1203600 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4312=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4312=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4312=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4312=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4312=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4312=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4312=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4312=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4312=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4312=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4312=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4312=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4312=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4312=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4312=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4312=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4312=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4312=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4312=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4312=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4312=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4312=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4312=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4312=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4312=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4312=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4312=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4312=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 - openSUSE Leap Micro 5.2 (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 tar-tests-1.34-150000.3.22.3 tar-tests-debuginfo-1.34-150000.3.22.3 - openSUSE Leap 15.4 (noarch): tar-backup-scripts-1.34-150000.3.22.3 tar-doc-1.34-150000.3.22.3 tar-lang-1.34-150000.3.22.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 tar-tests-1.34-150000.3.22.3 tar-tests-debuginfo-1.34-150000.3.22.3 - openSUSE Leap 15.3 (noarch): tar-backup-scripts-1.34-150000.3.22.3 tar-doc-1.34-150000.3.22.3 tar-lang-1.34-150000.3.22.3 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Manager Server 4.1 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Manager Retail Branch Server 4.1 (x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Manager Retail Branch Server 4.1 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Manager Proxy 4.1 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Manager Proxy 4.1 (x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Server for SAP 15 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Server 15-LTSS (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Enterprise Storage 7 (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Enterprise Storage 7 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 - SUSE Enterprise Storage 6 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE CaaS Platform 4.0 (noarch): tar-lang-1.34-150000.3.22.3 - SUSE CaaS Platform 4.0 (x86_64): tar-1.34-150000.3.22.3 tar-debuginfo-1.34-150000.3.22.3 tar-debugsource-1.34-150000.3.22.3 tar-rmt-1.34-150000.3.22.3 tar-rmt-debuginfo-1.34-150000.3.22.3 References: https://bugzilla.suse.com/1200657 https://bugzilla.suse.com/1203600 From sle-updates at lists.suse.com Fri Dec 2 14:25:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Dec 2022 15:25:53 +0100 (CET) Subject: SUSE-RU-2022:4311-1: critical: Recommended update for open-vm-tools Message-ID: <20221202142553.303BCFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-vm-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4311-1 Rating: critical References: SLE-22385 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for open-vm-tools fixes the following issues: - Include binaries of open-vm-tools for ARM architecture aarch64 in SUSE Linux Enterprise 15 Service Pack 4 (jsc#SLE-22385) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4311=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4311=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4311=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4311=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4311=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4311=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4311=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4311=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4311=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4311=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4311=1 Package List: - openSUSE Leap Micro 5.3 (x86_64): libvmtools0-12.1.0-150300.21.2 libvmtools0-debuginfo-12.1.0-150300.21.2 open-vm-tools-12.1.0-150300.21.2 open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 - openSUSE Leap Micro 5.2 (x86_64): libvmtools0-12.1.0-150300.21.2 libvmtools0-debuginfo-12.1.0-150300.21.2 open-vm-tools-12.1.0-150300.21.2 open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 - openSUSE Leap 15.4 (aarch64 x86_64): libvmtools-devel-12.1.0-150300.21.2 libvmtools0-12.1.0-150300.21.2 libvmtools0-debuginfo-12.1.0-150300.21.2 open-vm-tools-12.1.0-150300.21.2 open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 open-vm-tools-desktop-12.1.0-150300.21.2 open-vm-tools-desktop-debuginfo-12.1.0-150300.21.2 open-vm-tools-sdmp-12.1.0-150300.21.2 open-vm-tools-sdmp-debuginfo-12.1.0-150300.21.2 - openSUSE Leap 15.3 (aarch64 x86_64): libvmtools-devel-12.1.0-150300.21.2 libvmtools0-12.1.0-150300.21.2 libvmtools0-debuginfo-12.1.0-150300.21.2 open-vm-tools-12.1.0-150300.21.2 open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 open-vm-tools-desktop-12.1.0-150300.21.2 open-vm-tools-desktop-debuginfo-12.1.0-150300.21.2 open-vm-tools-sdmp-12.1.0-150300.21.2 open-vm-tools-sdmp-debuginfo-12.1.0-150300.21.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 x86_64): open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 open-vm-tools-desktop-12.1.0-150300.21.2 open-vm-tools-desktop-debuginfo-12.1.0-150300.21.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 open-vm-tools-desktop-12.1.0-150300.21.2 open-vm-tools-desktop-debuginfo-12.1.0-150300.21.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): libvmtools-devel-12.1.0-150300.21.2 libvmtools0-12.1.0-150300.21.2 libvmtools0-debuginfo-12.1.0-150300.21.2 open-vm-tools-12.1.0-150300.21.2 open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 open-vm-tools-sdmp-12.1.0-150300.21.2 open-vm-tools-sdmp-debuginfo-12.1.0-150300.21.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libvmtools-devel-12.1.0-150300.21.2 libvmtools0-12.1.0-150300.21.2 libvmtools0-debuginfo-12.1.0-150300.21.2 open-vm-tools-12.1.0-150300.21.2 open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 open-vm-tools-sdmp-12.1.0-150300.21.2 open-vm-tools-sdmp-debuginfo-12.1.0-150300.21.2 - SUSE Linux Enterprise Micro 5.3 (x86_64): libvmtools0-12.1.0-150300.21.2 libvmtools0-debuginfo-12.1.0-150300.21.2 open-vm-tools-12.1.0-150300.21.2 open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 - SUSE Linux Enterprise Micro 5.2 (x86_64): libvmtools0-12.1.0-150300.21.2 libvmtools0-debuginfo-12.1.0-150300.21.2 open-vm-tools-12.1.0-150300.21.2 open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 - SUSE Linux Enterprise Micro 5.1 (x86_64): libvmtools0-12.1.0-150300.21.2 libvmtools0-debuginfo-12.1.0-150300.21.2 open-vm-tools-12.1.0-150300.21.2 open-vm-tools-debuginfo-12.1.0-150300.21.2 open-vm-tools-debugsource-12.1.0-150300.21.2 References: From sle-updates at lists.suse.com Mon Dec 5 05:57:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2022 06:57:13 +0100 (CET) Subject: SUSE-FU-2022:4313-1: important: Feature update for python-cached-property, python-osc-tiny, python-responses Message-ID: <20221205055713.6673BFD2D@maintenance.suse.de> SUSE Feature Update: Feature update for python-cached-property, python-osc-tiny, python-responses ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4313-1 Rating: important References: PED-1872 PED-1964 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This update for python-cached-property, python-osc-tiny, python-responses fixes the following issues: python-cached-property: - New package at version 1.5.2 (jsc#PED-1872, jsc#PED-1964) python-responses: - Version update from 0.10.12 to 0.21.0 (jsc#PED-1872, jsc#PED-1964) - Dropped support of Python 2.7, 3.5, 3.6 - For the full list of changes please read the packaged CHANGES file or https://github.com/getsentry/responses/releases python-osc-tiny: - New package at version 0.7.5 (jsc#PED-1872, jsc#PED-1964) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4313=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4313=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4313=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4313=1 Package List: - openSUSE Leap 15.4 (noarch): python3-cached-property-1.5.2-150300.7.3.1 python3-osc-tiny-0.7.5-150300.7.3.1 python3-responses-0.21.0-150300.3.3.1 - openSUSE Leap 15.3 (noarch): python3-cached-property-1.5.2-150300.7.3.1 python3-osc-tiny-0.7.5-150300.7.3.1 python3-responses-0.21.0-150300.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): python3-cached-property-1.5.2-150300.7.3.1 python3-osc-tiny-0.7.5-150300.7.3.1 python3-responses-0.21.0-150300.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): python3-cached-property-1.5.2-150300.7.3.1 python3-osc-tiny-0.7.5-150300.7.3.1 python3-responses-0.21.0-150300.3.3.1 References: From sle-updates at lists.suse.com Mon Dec 5 10:27:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2022 11:27:36 +0100 (CET) Subject: SUSE-FU-2022:4313-1: important: Feature update for python-cached-property, python-osc-tiny, python-responses Message-ID: <20221205102736.85A9FF3CB@maintenance.suse.de> SUSE Feature Update: Feature update for python-cached-property, python-osc-tiny, python-responses ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4313-1 Rating: important References: PED-1872 PED-1964 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This update for python-cached-property, python-osc-tiny, python-responses fixes the following issues: python-cached-property: - New package at version 1.5.2 (jsc#PED-1872, jsc#PED-1964) python-responses: - Version update from 0.10.12 to 0.21.0 (jsc#PED-1872, jsc#PED-1964) - Dropped support of Python 2.7, 3.5, 3.6 - For the full list of changes please read the packaged CHANGES file or https://github.com/getsentry/responses/releases python-osc-tiny: - New package at version 0.7.5 (jsc#PED-1872, jsc#PED-1964) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4313=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4313=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4313=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4313=1 Package List: - openSUSE Leap 15.4 (noarch): python3-cached-property-1.5.2-150300.7.3.1 python3-osc-tiny-0.7.5-150300.7.3.1 python3-responses-0.21.0-150300.3.3.1 - openSUSE Leap 15.3 (noarch): python3-cached-property-1.5.2-150300.7.3.1 python3-osc-tiny-0.7.5-150300.7.3.1 python3-responses-0.21.0-150300.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): python3-cached-property-1.5.2-150300.7.3.1 python3-osc-tiny-0.7.5-150300.7.3.1 python3-responses-0.21.0-150300.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): python3-cached-property-1.5.2-150300.7.3.1 python3-osc-tiny-0.7.5-150300.7.3.1 python3-responses-0.21.0-150300.3.3.1 References: From sle-updates at lists.suse.com Mon Dec 5 10:28:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2022 11:28:15 +0100 (CET) Subject: SUSE-RU-2022:4314-1: moderate: Recommended update for Yast2 Message-ID: <20221205102815.1CE64F3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for Yast2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4314-1 Rating: moderate References: #1199746 #1201235 #1201435 #1201962 #1202479 #1203866 #1204448 #1204559 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Installer 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for Yast2 fixes the following issues: autoyast2: - Allow empty values in ask/default, ask/selection/label and ask/selection/value elements (bsc#1204448) - Add needed packages for the selected network backend in order to prevent it is not declared in the software section (bsc#1201235, bsc#1201435) yast2-bootloader: - Prevent leak of grub2 password to logs (bsc#1201962) yast2-installation: - Fix copy of entropy pool during installation (bsc#1204559) yast2-network: - Do not assume wicked will be installed by default anymore and return the needed packages by the selected backend when them are not installed (bsc#1201235, bsc#1201435) - Fixed issue when writing the NetworkManager config without a gateway (bsc#1203866) - Activate s390 devices before importing and reading the network configuration or otherwise the related linux devices will not be present and could be ignored (bsc#1199746) - At the end of the installation, force an enablement of the selected network service even when the selected one has not been modified and ensure other backends are disabled (bsc#1202479) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4314=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4314=1 - SUSE Linux Enterprise Installer 15-SP4: zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2022-4314=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.4.18-150400.3.3.1 - openSUSE Leap 15.4 (noarch): autoyast2-4.4.41-150400.3.13.1 autoyast2-installation-4.4.41-150400.3.13.1 yast2-installation-4.4.57-150400.3.12.1 yast2-network-4.4.53-150400.3.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.4.18-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): autoyast2-4.4.41-150400.3.13.1 autoyast2-installation-4.4.41-150400.3.13.1 yast2-installation-4.4.57-150400.3.12.1 yast2-network-4.4.53-150400.3.10.1 - SUSE Linux Enterprise Installer 15-SP4 (noarch): autoyast2-4.4.41-150400.3.13.1 autoyast2-installation-4.4.41-150400.3.13.1 yast2-installation-4.4.57-150400.3.12.1 yast2-network-4.4.53-150400.3.10.1 References: https://bugzilla.suse.com/1199746 https://bugzilla.suse.com/1201235 https://bugzilla.suse.com/1201435 https://bugzilla.suse.com/1201962 https://bugzilla.suse.com/1202479 https://bugzilla.suse.com/1203866 https://bugzilla.suse.com/1204448 https://bugzilla.suse.com/1204559 From sle-updates at lists.suse.com Mon Dec 5 10:29:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2022 11:29:37 +0100 (CET) Subject: SUSE-RU-2022:4316-1: moderate: Recommended update for yast2-bootloader Message-ID: <20221205102937.A1444F3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4316-1 Rating: moderate References: #1201962 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-bootloader fixes the following issues: - Prevent leak of grub2 password to logs (bsc#1201962) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4316=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4316=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4316=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4316=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4316=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4316=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-4316=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4316=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4316=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4316=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): yast2-bootloader-4.2.29-150200.3.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): yast2-bootloader-4.2.29-150200.3.12.1 - SUSE Manager Proxy 4.1 (x86_64): yast2-bootloader-4.2.29-150200.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): yast2-bootloader-4.2.29-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.2.29-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): yast2-bootloader-4.2.29-150200.3.12.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.2.29-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): yast2-bootloader-4.2.29-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): yast2-bootloader-4.2.29-150200.3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): yast2-bootloader-4.2.29-150200.3.12.1 References: https://bugzilla.suse.com/1201962 From sle-updates at lists.suse.com Mon Dec 5 10:30:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2022 11:30:33 +0100 (CET) Subject: SUSE-RU-2022:4315-1: moderate: Recommended update for yast2-bootloader Message-ID: <20221205103033.25D8DF3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4315-1 Rating: moderate References: #1201962 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-bootloader fixes the following issues: - Prevent leak of grub2 password to logs (bsc#1201962) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4315=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4315=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-4315=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.3.32-150300.3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.3.32-150300.3.11.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.3.32-150300.3.11.1 References: https://bugzilla.suse.com/1201962 From sle-updates at lists.suse.com Mon Dec 5 10:31:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 5 Dec 2022 11:31:19 +0100 (CET) Subject: SUSE-RU-2022:4317-1: moderate: Recommended update for yast2-bootloader Message-ID: <20221205103119.638E5F3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-bootloader ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4317-1 Rating: moderate References: #1201962 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-bootloader fixes the following issues: - Prevent leak of grub2 password to logs (bsc#1201962) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4317=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4317=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4317=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4317=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4317=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4317=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): yast2-bootloader-4.1.27-150100.3.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): yast2-bootloader-4.1.27-150100.3.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): yast2-bootloader-4.1.27-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): yast2-bootloader-4.1.27-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): yast2-bootloader-4.1.27-150100.3.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): yast2-bootloader-4.1.27-150100.3.8.1 - SUSE CaaS Platform 4.0 (x86_64): yast2-bootloader-4.1.27-150100.3.8.1 References: https://bugzilla.suse.com/1201962 From sle-updates at lists.suse.com Tue Dec 6 05:20:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 06:20:44 +0100 (CET) Subject: SUSE-RU-2022:4321-1: important: Recommended update for hawk2 Message-ID: <20221206052044.3E003F3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4321-1 Rating: important References: #1196673 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hawk2 fixes the following issues: - Fix detection of partial upgrade (bsc#1196673) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-4321=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-4321=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): hawk2-2.6.4+git.1618478925.fbddddd9-3.36.1 hawk2-debuginfo-2.6.4+git.1618478925.fbddddd9-3.36.1 hawk2-debugsource-2.6.4+git.1618478925.fbddddd9-3.36.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): hawk2-2.6.4+git.1618478925.fbddddd9-3.36.1 hawk2-debuginfo-2.6.4+git.1618478925.fbddddd9-3.36.1 hawk2-debugsource-2.6.4+git.1618478925.fbddddd9-3.36.1 References: https://bugzilla.suse.com/1196673 From sle-updates at lists.suse.com Tue Dec 6 05:21:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 06:21:22 +0100 (CET) Subject: SUSE-RU-2022:4322-1: important: Recommended update for pacemaker Message-ID: <20221206052122.91D73F3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4322-1 Rating: important References: #1196673 #1198409 #1198715 #1203367 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - tools: prevent possible memory access violations if multiple commands are specified (bsc#1198409) - controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715) - controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-4322=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.18+20180430.b12c320f5-150000.3.39.2 libpacemaker3-1.1.18+20180430.b12c320f5-150000.3.39.2 libpacemaker3-debuginfo-1.1.18+20180430.b12c320f5-150000.3.39.2 pacemaker-1.1.18+20180430.b12c320f5-150000.3.39.2 pacemaker-cli-1.1.18+20180430.b12c320f5-150000.3.39.2 pacemaker-cli-debuginfo-1.1.18+20180430.b12c320f5-150000.3.39.2 pacemaker-debuginfo-1.1.18+20180430.b12c320f5-150000.3.39.2 pacemaker-debugsource-1.1.18+20180430.b12c320f5-150000.3.39.2 pacemaker-remote-1.1.18+20180430.b12c320f5-150000.3.39.2 pacemaker-remote-debuginfo-1.1.18+20180430.b12c320f5-150000.3.39.2 - SUSE Linux Enterprise High Availability 15 (noarch): pacemaker-cts-1.1.18+20180430.b12c320f5-150000.3.39.2 References: https://bugzilla.suse.com/1196673 https://bugzilla.suse.com/1198409 https://bugzilla.suse.com/1198715 https://bugzilla.suse.com/1203367 From sle-updates at lists.suse.com Tue Dec 6 05:22:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 06:22:15 +0100 (CET) Subject: SUSE-RU-2022:4320-1: important: Recommended update for pacemaker Message-ID: <20221206052215.E8B2AF3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4320-1 Rating: important References: #1196673 #1198409 #1198715 #1203367 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - tools: prevent possible memory access violations if multiple commands are specified (bsc#1198409) - controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715) - controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4320=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-4320=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-1.1.24+20210811.f5abda0ee-3.27.1 libpacemaker3-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-cts-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.27.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): libpacemaker3-1.1.24+20210811.f5abda0ee-3.27.1 libpacemaker3-debuginfo-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-cli-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-cli-debuginfo-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-cts-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-cts-debuginfo-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-debuginfo-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-debugsource-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-remote-1.1.24+20210811.f5abda0ee-3.27.1 pacemaker-remote-debuginfo-1.1.24+20210811.f5abda0ee-3.27.1 References: https://bugzilla.suse.com/1196673 https://bugzilla.suse.com/1198409 https://bugzilla.suse.com/1198715 https://bugzilla.suse.com/1203367 From sle-updates at lists.suse.com Tue Dec 6 05:23:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 06:23:07 +0100 (CET) Subject: SUSE-RU-2022:4319-1: important: Recommended update for pacemaker Message-ID: <20221206052307.B3682F3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4319-1 Rating: important References: #1196673 #1198409 #1198715 #1203367 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Server 12-SP4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - tools: prevent possible memory access violations if multiple commands are specified (bsc#1198409) - controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715) - controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-4319=1 Package List: - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): libpacemaker3-1.1.19+20181105.ccd6b5b10-3.37.1 libpacemaker3-debuginfo-1.1.19+20181105.ccd6b5b10-3.37.1 pacemaker-1.1.19+20181105.ccd6b5b10-3.37.1 pacemaker-cli-1.1.19+20181105.ccd6b5b10-3.37.1 pacemaker-cli-debuginfo-1.1.19+20181105.ccd6b5b10-3.37.1 pacemaker-cts-1.1.19+20181105.ccd6b5b10-3.37.1 pacemaker-cts-debuginfo-1.1.19+20181105.ccd6b5b10-3.37.1 pacemaker-debuginfo-1.1.19+20181105.ccd6b5b10-3.37.1 pacemaker-debugsource-1.1.19+20181105.ccd6b5b10-3.37.1 pacemaker-remote-1.1.19+20181105.ccd6b5b10-3.37.1 pacemaker-remote-debuginfo-1.1.19+20181105.ccd6b5b10-3.37.1 References: https://bugzilla.suse.com/1196673 https://bugzilla.suse.com/1198409 https://bugzilla.suse.com/1198715 https://bugzilla.suse.com/1203367 From sle-updates at lists.suse.com Tue Dec 6 05:23:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 06:23:59 +0100 (CET) Subject: SUSE-RU-2022:4324-1: important: Recommended update for pacemaker Message-ID: <20221206052359.66A9CF3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4324-1 Rating: important References: #1196673 #1198409 #1198715 #1203367 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - tools: fix syntax on resetting options in crm_resource and prevent possible memory access violations (bsc#1198409) - controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715) - controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-4324=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.4+20200616.2deceaa3a-150200.3.21.3 libpacemaker3-2.0.4+20200616.2deceaa3a-150200.3.21.3 libpacemaker3-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.21.3 pacemaker-2.0.4+20200616.2deceaa3a-150200.3.21.3 pacemaker-cli-2.0.4+20200616.2deceaa3a-150200.3.21.3 pacemaker-cli-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.21.3 pacemaker-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.21.3 pacemaker-debugsource-2.0.4+20200616.2deceaa3a-150200.3.21.3 pacemaker-remote-2.0.4+20200616.2deceaa3a-150200.3.21.3 pacemaker-remote-debuginfo-2.0.4+20200616.2deceaa3a-150200.3.21.3 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): pacemaker-cts-2.0.4+20200616.2deceaa3a-150200.3.21.3 References: https://bugzilla.suse.com/1196673 https://bugzilla.suse.com/1198409 https://bugzilla.suse.com/1198715 https://bugzilla.suse.com/1203367 From sle-updates at lists.suse.com Tue Dec 6 05:24:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 06:24:52 +0100 (CET) Subject: SUSE-RU-2022:4325-1: important: Recommended update for pacemaker Message-ID: <20221206052452.2E6FEF3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4325-1 Rating: important References: #1196673 #1198409 #1198715 #1203367 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - tools: fix syntax on resetting options in crm_resource (bsc#1198409) - controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715) - controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4325=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-4325=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.27.2 libpacemaker3-2.0.5+20201202.ba59be712-150300.4.27.2 libpacemaker3-debuginfo-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-cli-debuginfo-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-debuginfo-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-debugsource-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-remote-debuginfo-2.0.5+20201202.ba59be712-150300.4.27.2 - openSUSE Leap 15.3 (noarch): pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.27.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.27.2 libpacemaker3-2.0.5+20201202.ba59be712-150300.4.27.2 libpacemaker3-debuginfo-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-cli-debuginfo-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-debuginfo-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-debugsource-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.27.2 pacemaker-remote-debuginfo-2.0.5+20201202.ba59be712-150300.4.27.2 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.27.2 References: https://bugzilla.suse.com/1196673 https://bugzilla.suse.com/1198409 https://bugzilla.suse.com/1198715 https://bugzilla.suse.com/1203367 From sle-updates at lists.suse.com Tue Dec 6 05:25:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 06:25:58 +0100 (CET) Subject: SUSE-RU-2022:4326-1: important: Recommended update for hawk2 Message-ID: <20221206052558.EFA53F3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for hawk2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4326-1 Rating: important References: #1196673 #1198647 #1199258 #1203367 Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for hawk2 fixes the following issues: - Fix detection of partial upgrade (bsc#1196673,bsc#1203367) - Improve handling of unmatched paths (bsc#1199258) - Allow configuration of cookies to HttpOnly by the use of the environment variable HAWK_COOKIE_HTTP_ONLY=true (bsc#1198647) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4326=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4326=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4326=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-4326=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-4326=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-4326=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-4326=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): hawk2-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debuginfo-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 hawk2-debugsource-2.6.4+git.1667244108.7a0cffe-150000.3.33.2 References: https://bugzilla.suse.com/1196673 https://bugzilla.suse.com/1198647 https://bugzilla.suse.com/1199258 https://bugzilla.suse.com/1203367 From sle-updates at lists.suse.com Tue Dec 6 05:27:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 06:27:04 +0100 (CET) Subject: SUSE-RU-2022:4323-1: important: Recommended update for pacemaker Message-ID: <20221206052704.49037F3CB@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4323-1 Rating: important References: #1196673 #1198409 #1198715 #1203367 Affected Products: SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for pacemaker fixes the following issues: - tools: prevent possible memory access violations if multiple commands are specified (bsc#1198409) - controller: log an info instead of a warning for a stonith/shutdown that is unknown to the new DC (bsc#1198715) - controller: record CRM feature set as a transient attribute (bsc#1196673, bsc#1203367, fate#320759) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-4323=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.1+20190417.13d370ca9-150100.3.30.3 libpacemaker3-2.0.1+20190417.13d370ca9-150100.3.30.3 libpacemaker3-debuginfo-2.0.1+20190417.13d370ca9-150100.3.30.3 pacemaker-2.0.1+20190417.13d370ca9-150100.3.30.3 pacemaker-cli-2.0.1+20190417.13d370ca9-150100.3.30.3 pacemaker-cli-debuginfo-2.0.1+20190417.13d370ca9-150100.3.30.3 pacemaker-debuginfo-2.0.1+20190417.13d370ca9-150100.3.30.3 pacemaker-debugsource-2.0.1+20190417.13d370ca9-150100.3.30.3 pacemaker-remote-2.0.1+20190417.13d370ca9-150100.3.30.3 pacemaker-remote-debuginfo-2.0.1+20190417.13d370ca9-150100.3.30.3 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): pacemaker-cts-2.0.1+20190417.13d370ca9-150100.3.30.3 References: https://bugzilla.suse.com/1196673 https://bugzilla.suse.com/1198409 https://bugzilla.suse.com/1198715 https://bugzilla.suse.com/1203367 From sle-updates at lists.suse.com Tue Dec 6 17:20:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 18:20:48 +0100 (CET) Subject: SUSE-RU-2022:4327-1: moderate: Recommended update for s390-tools Message-ID: <20221206172048.1D8D9FBA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4327-1 Rating: moderate References: #1204965 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - New IBM Z firmware requires all signed boot images to contain a specific trailing data block format. (bsc#1204965) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4327=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4327=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4327=1 Package List: - openSUSE Leap 15.4 (s390x): libekmfweb1-2.19.0-150400.7.10.1 libekmfweb1-debuginfo-2.19.0-150400.7.10.1 libekmfweb1-devel-2.19.0-150400.7.10.1 libkmipclient1-2.19.0-150400.7.10.1 libkmipclient1-debuginfo-2.19.0-150400.7.10.1 libkmipclient1-devel-2.19.0-150400.7.10.1 osasnmpd-2.19.0-150400.7.10.1 osasnmpd-debuginfo-2.19.0-150400.7.10.1 s390-tools-2.19.0-150400.7.10.1 s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.10.1 s390-tools-debuginfo-2.19.0-150400.7.10.1 s390-tools-debugsource-2.19.0-150400.7.10.1 s390-tools-hmcdrvfs-2.19.0-150400.7.10.1 s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.10.1 s390-tools-zdsfs-2.19.0-150400.7.10.1 s390-tools-zdsfs-debuginfo-2.19.0-150400.7.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): libekmfweb1-2.19.0-150400.7.10.1 libekmfweb1-debuginfo-2.19.0-150400.7.10.1 libekmfweb1-devel-2.19.0-150400.7.10.1 libkmipclient1-2.19.0-150400.7.10.1 libkmipclient1-debuginfo-2.19.0-150400.7.10.1 osasnmpd-2.19.0-150400.7.10.1 osasnmpd-debuginfo-2.19.0-150400.7.10.1 s390-tools-2.19.0-150400.7.10.1 s390-tools-chreipl-fcp-mpath-2.19.0-150400.7.10.1 s390-tools-debuginfo-2.19.0-150400.7.10.1 s390-tools-debugsource-2.19.0-150400.7.10.1 s390-tools-hmcdrvfs-2.19.0-150400.7.10.1 s390-tools-hmcdrvfs-debuginfo-2.19.0-150400.7.10.1 s390-tools-zdsfs-2.19.0-150400.7.10.1 s390-tools-zdsfs-debuginfo-2.19.0-150400.7.10.1 - SUSE Linux Enterprise Micro 5.3 (s390x): libekmfweb1-2.19.0-150400.7.10.1 libekmfweb1-debuginfo-2.19.0-150400.7.10.1 libkmipclient1-2.19.0-150400.7.10.1 libkmipclient1-debuginfo-2.19.0-150400.7.10.1 s390-tools-2.19.0-150400.7.10.1 s390-tools-debuginfo-2.19.0-150400.7.10.1 s390-tools-debugsource-2.19.0-150400.7.10.1 References: https://bugzilla.suse.com/1204965 From sle-updates at lists.suse.com Tue Dec 6 17:21:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 18:21:30 +0100 (CET) Subject: SUSE-RU-2022:4328-1: moderate: Recommended update for audit-secondary Message-ID: <20221206172130.9CA23FBA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for audit-secondary ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4328-1 Rating: moderate References: #1204844 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4328=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4328=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4328=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4328=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): audit-3.0.6-150400.4.6.1 audit-audispd-plugins-3.0.6-150400.4.6.1 audit-audispd-plugins-debuginfo-3.0.6-150400.4.6.1 audit-debuginfo-3.0.6-150400.4.6.1 audit-secondary-debugsource-3.0.6-150400.4.6.1 python3-audit-3.0.6-150400.4.6.1 python3-audit-debuginfo-3.0.6-150400.4.6.1 system-group-audit-3.0.6-150400.4.6.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): audit-3.0.6-150400.4.6.1 audit-audispd-plugins-3.0.6-150400.4.6.1 audit-audispd-plugins-debuginfo-3.0.6-150400.4.6.1 audit-debuginfo-3.0.6-150400.4.6.1 audit-secondary-debugsource-3.0.6-150400.4.6.1 python3-audit-3.0.6-150400.4.6.1 python3-audit-debuginfo-3.0.6-150400.4.6.1 system-group-audit-3.0.6-150400.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): audit-3.0.6-150400.4.6.1 audit-audispd-plugins-3.0.6-150400.4.6.1 audit-audispd-plugins-debuginfo-3.0.6-150400.4.6.1 audit-debuginfo-3.0.6-150400.4.6.1 audit-secondary-debugsource-3.0.6-150400.4.6.1 python3-audit-3.0.6-150400.4.6.1 python3-audit-debuginfo-3.0.6-150400.4.6.1 system-group-audit-3.0.6-150400.4.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): audit-3.0.6-150400.4.6.1 audit-audispd-plugins-3.0.6-150400.4.6.1 audit-audispd-plugins-debuginfo-3.0.6-150400.4.6.1 audit-debuginfo-3.0.6-150400.4.6.1 audit-secondary-debugsource-3.0.6-150400.4.6.1 python3-audit-3.0.6-150400.4.6.1 python3-audit-debuginfo-3.0.6-150400.4.6.1 system-group-audit-3.0.6-150400.4.6.1 References: https://bugzilla.suse.com/1204844 From sle-updates at lists.suse.com Tue Dec 6 17:22:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 18:22:17 +0100 (CET) Subject: SUSE-SU-2022:4332-1: important: Security update for xen Message-ID: <20221206172217.1C8A3FBA7@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4332-1 Rating: important References: #1193923 #1203806 #1204482 #1204485 #1204487 #1204488 #1204489 #1204490 #1204494 #1204496 Cross-References: CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVSS scores: CVE-2022-42309 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2022-42309 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42310 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42311 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42312 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42313 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42314 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42315 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42316 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42317 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42318 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42319 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42320 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42320 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-42321 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-42321 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42322 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42322 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42323 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42325 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42325 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2022-42326 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42326 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes 17 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4332=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4332=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 x86_64): xen-debugsource-4.12.4_30-3.82.1 xen-devel-4.12.4_30-3.82.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): xen-4.12.4_30-3.82.1 xen-debugsource-4.12.4_30-3.82.1 xen-doc-html-4.12.4_30-3.82.1 xen-libs-32bit-4.12.4_30-3.82.1 xen-libs-4.12.4_30-3.82.1 xen-libs-debuginfo-32bit-4.12.4_30-3.82.1 xen-libs-debuginfo-4.12.4_30-3.82.1 xen-tools-4.12.4_30-3.82.1 xen-tools-debuginfo-4.12.4_30-3.82.1 xen-tools-domU-4.12.4_30-3.82.1 xen-tools-domU-debuginfo-4.12.4_30-3.82.1 References: https://www.suse.com/security/cve/CVE-2022-42309.html https://www.suse.com/security/cve/CVE-2022-42310.html https://www.suse.com/security/cve/CVE-2022-42311.html https://www.suse.com/security/cve/CVE-2022-42312.html https://www.suse.com/security/cve/CVE-2022-42313.html https://www.suse.com/security/cve/CVE-2022-42314.html https://www.suse.com/security/cve/CVE-2022-42315.html https://www.suse.com/security/cve/CVE-2022-42316.html https://www.suse.com/security/cve/CVE-2022-42317.html https://www.suse.com/security/cve/CVE-2022-42318.html https://www.suse.com/security/cve/CVE-2022-42319.html https://www.suse.com/security/cve/CVE-2022-42320.html https://www.suse.com/security/cve/CVE-2022-42321.html https://www.suse.com/security/cve/CVE-2022-42322.html https://www.suse.com/security/cve/CVE-2022-42323.html https://www.suse.com/security/cve/CVE-2022-42325.html https://www.suse.com/security/cve/CVE-2022-42326.html https://bugzilla.suse.com/1193923 https://bugzilla.suse.com/1203806 https://bugzilla.suse.com/1204482 https://bugzilla.suse.com/1204485 https://bugzilla.suse.com/1204487 https://bugzilla.suse.com/1204488 https://bugzilla.suse.com/1204489 https://bugzilla.suse.com/1204490 https://bugzilla.suse.com/1204494 https://bugzilla.suse.com/1204496 From sle-updates at lists.suse.com Tue Dec 6 17:23:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 18:23:44 +0100 (CET) Subject: SUSE-SU-2022:4331-1: moderate: Security update for bcel Message-ID: <20221206172344.1C94CFBA7@maintenance.suse.de> SUSE Security Update: Security update for bcel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4331-1 Rating: moderate References: #1205125 Cross-References: CVE-2022-42920 CVSS scores: CVE-2022-42920 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42920 (SUSE): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bcel fixes the following issues: - CVE-2022-42920: Fixed producing arbitrary bytecode via out-of-bounds writing (bsc#1205125). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4331=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): bcel-5.2-28.3.1 References: https://www.suse.com/security/cve/CVE-2022-42920.html https://bugzilla.suse.com/1205125 From sle-updates at lists.suse.com Tue Dec 6 17:24:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 18:24:25 +0100 (CET) Subject: SUSE-SU-2022:4330-1: moderate: Security update for LibVNCServer Message-ID: <20221206172425.7FFC8FBA7@maintenance.suse.de> SUSE Security Update: Security update for LibVNCServer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4330-1 Rating: moderate References: #1170916 #1203106 #1204127 #1204129 Cross-References: CVE-2020-29260 CVSS scores: CVE-2020-29260 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29260 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for LibVNCServer fixes the following issues: - CVE-2020-29260: Fixed memory leakage via rfbClientCleanup() (bsc#1203106). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4330=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4330=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.41.1 LibVNCServer-devel-0.9.9-17.41.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): LibVNCServer-debugsource-0.9.9-17.41.1 libvncclient0-0.9.9-17.41.1 libvncclient0-debuginfo-0.9.9-17.41.1 libvncserver0-0.9.9-17.41.1 libvncserver0-debuginfo-0.9.9-17.41.1 References: https://www.suse.com/security/cve/CVE-2020-29260.html https://bugzilla.suse.com/1170916 https://bugzilla.suse.com/1203106 https://bugzilla.suse.com/1204127 https://bugzilla.suse.com/1204129 From sle-updates at lists.suse.com Tue Dec 6 17:25:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 18:25:17 +0100 (CET) Subject: SUSE-RU-2022:4329-1: Recommended update for yast2-printer Message-ID: <20221206172517.E321AFBA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-printer ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4329-1 Rating: low References: #1084277 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-printer fixes the following issues: - Try to connect with SMB3 protocol when testing SMB printers (bsc#1084277) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4329=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): yast2-printer-3.2.1-3.3.1 yast2-printer-debuginfo-3.2.1-3.3.1 yast2-printer-debugsource-3.2.1-3.3.1 References: https://bugzilla.suse.com/1084277 From sle-updates at lists.suse.com Tue Dec 6 20:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 21:20:08 +0100 (CET) Subject: SUSE-SU-2022:4335-1: important: Security update for krb5 Message-ID: <20221206202008.708D1FBA7@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4335-1 Rating: important References: #1205126 Cross-References: CVE-2022-42898 CVSS scores: CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4335=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4335=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4335=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4335=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4335=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4335=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4335=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4335=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): krb5-1.12.5-40.43.1 krb5-32bit-1.12.5-40.43.1 krb5-client-1.12.5-40.43.1 krb5-client-debuginfo-1.12.5-40.43.1 krb5-debuginfo-1.12.5-40.43.1 krb5-debuginfo-32bit-1.12.5-40.43.1 krb5-debugsource-1.12.5-40.43.1 krb5-doc-1.12.5-40.43.1 krb5-plugin-kdb-ldap-1.12.5-40.43.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-otp-1.12.5-40.43.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.43.1 krb5-server-1.12.5-40.43.1 krb5-server-debuginfo-1.12.5-40.43.1 - SUSE OpenStack Cloud 9 (x86_64): krb5-1.12.5-40.43.1 krb5-32bit-1.12.5-40.43.1 krb5-client-1.12.5-40.43.1 krb5-client-debuginfo-1.12.5-40.43.1 krb5-debuginfo-1.12.5-40.43.1 krb5-debuginfo-32bit-1.12.5-40.43.1 krb5-debugsource-1.12.5-40.43.1 krb5-doc-1.12.5-40.43.1 krb5-plugin-kdb-ldap-1.12.5-40.43.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-otp-1.12.5-40.43.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.43.1 krb5-server-1.12.5-40.43.1 krb5-server-debuginfo-1.12.5-40.43.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): krb5-debuginfo-1.12.5-40.43.1 krb5-debugsource-1.12.5-40.43.1 krb5-devel-1.12.5-40.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): krb5-1.12.5-40.43.1 krb5-client-1.12.5-40.43.1 krb5-client-debuginfo-1.12.5-40.43.1 krb5-debuginfo-1.12.5-40.43.1 krb5-debugsource-1.12.5-40.43.1 krb5-doc-1.12.5-40.43.1 krb5-plugin-kdb-ldap-1.12.5-40.43.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-otp-1.12.5-40.43.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.43.1 krb5-server-1.12.5-40.43.1 krb5-server-debuginfo-1.12.5-40.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): krb5-32bit-1.12.5-40.43.1 krb5-debuginfo-32bit-1.12.5-40.43.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.43.1 krb5-client-1.12.5-40.43.1 krb5-client-debuginfo-1.12.5-40.43.1 krb5-debuginfo-1.12.5-40.43.1 krb5-debugsource-1.12.5-40.43.1 krb5-doc-1.12.5-40.43.1 krb5-plugin-kdb-ldap-1.12.5-40.43.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-otp-1.12.5-40.43.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.43.1 krb5-server-1.12.5-40.43.1 krb5-server-debuginfo-1.12.5-40.43.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): krb5-32bit-1.12.5-40.43.1 krb5-debuginfo-32bit-1.12.5-40.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): krb5-1.12.5-40.43.1 krb5-client-1.12.5-40.43.1 krb5-client-debuginfo-1.12.5-40.43.1 krb5-debuginfo-1.12.5-40.43.1 krb5-debugsource-1.12.5-40.43.1 krb5-doc-1.12.5-40.43.1 krb5-plugin-kdb-ldap-1.12.5-40.43.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-otp-1.12.5-40.43.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.43.1 krb5-server-1.12.5-40.43.1 krb5-server-debuginfo-1.12.5-40.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): krb5-32bit-1.12.5-40.43.1 krb5-debuginfo-32bit-1.12.5-40.43.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): krb5-1.12.5-40.43.1 krb5-32bit-1.12.5-40.43.1 krb5-client-1.12.5-40.43.1 krb5-client-debuginfo-1.12.5-40.43.1 krb5-debuginfo-1.12.5-40.43.1 krb5-debuginfo-32bit-1.12.5-40.43.1 krb5-debugsource-1.12.5-40.43.1 krb5-doc-1.12.5-40.43.1 krb5-plugin-kdb-ldap-1.12.5-40.43.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-otp-1.12.5-40.43.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.43.1 krb5-server-1.12.5-40.43.1 krb5-server-debuginfo-1.12.5-40.43.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): krb5-1.12.5-40.43.1 krb5-32bit-1.12.5-40.43.1 krb5-client-1.12.5-40.43.1 krb5-client-debuginfo-1.12.5-40.43.1 krb5-debuginfo-1.12.5-40.43.1 krb5-debuginfo-32bit-1.12.5-40.43.1 krb5-debugsource-1.12.5-40.43.1 krb5-doc-1.12.5-40.43.1 krb5-plugin-kdb-ldap-1.12.5-40.43.1 krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-otp-1.12.5-40.43.1 krb5-plugin-preauth-otp-debuginfo-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-1.12.5-40.43.1 krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.43.1 krb5-server-1.12.5-40.43.1 krb5-server-debuginfo-1.12.5-40.43.1 References: https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1205126 From sle-updates at lists.suse.com Tue Dec 6 20:21:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 21:21:02 +0100 (CET) Subject: SUSE-RU-2022:4333-1: moderate: Recommended update for openssh Message-ID: <20221206202102.3FA00FBA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4333-1 Rating: moderate References: SLE-24949 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for openssh fixes the following issues: - Add ssh-keysign -Y option (jsc#SLE-24949) - Ship added protocol file as documentation. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4333=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4333=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4333=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4333=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4333=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): openssh-7.2p2-78.16.1 openssh-askpass-gnome-7.2p2-78.16.2 openssh-askpass-gnome-debuginfo-7.2p2-78.16.2 openssh-debuginfo-7.2p2-78.16.1 openssh-debugsource-7.2p2-78.16.1 openssh-fips-7.2p2-78.16.1 openssh-helpers-7.2p2-78.16.1 openssh-helpers-debuginfo-7.2p2-78.16.1 - SUSE OpenStack Cloud 9 (x86_64): openssh-7.2p2-78.16.1 openssh-askpass-gnome-7.2p2-78.16.2 openssh-askpass-gnome-debuginfo-7.2p2-78.16.2 openssh-debuginfo-7.2p2-78.16.1 openssh-debugsource-7.2p2-78.16.1 openssh-fips-7.2p2-78.16.1 openssh-helpers-7.2p2-78.16.1 openssh-helpers-debuginfo-7.2p2-78.16.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): openssh-7.2p2-78.16.1 openssh-askpass-gnome-7.2p2-78.16.2 openssh-askpass-gnome-debuginfo-7.2p2-78.16.2 openssh-debuginfo-7.2p2-78.16.1 openssh-debugsource-7.2p2-78.16.1 openssh-fips-7.2p2-78.16.1 openssh-helpers-7.2p2-78.16.1 openssh-helpers-debuginfo-7.2p2-78.16.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): openssh-7.2p2-78.16.1 openssh-askpass-gnome-7.2p2-78.16.2 openssh-askpass-gnome-debuginfo-7.2p2-78.16.2 openssh-debuginfo-7.2p2-78.16.1 openssh-debugsource-7.2p2-78.16.1 openssh-fips-7.2p2-78.16.1 openssh-helpers-7.2p2-78.16.1 openssh-helpers-debuginfo-7.2p2-78.16.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): openssh-7.2p2-78.16.1 openssh-askpass-gnome-7.2p2-78.16.2 openssh-askpass-gnome-debuginfo-7.2p2-78.16.2 openssh-debuginfo-7.2p2-78.16.1 openssh-debugsource-7.2p2-78.16.1 openssh-fips-7.2p2-78.16.1 openssh-helpers-7.2p2-78.16.1 openssh-helpers-debuginfo-7.2p2-78.16.1 References: From sle-updates at lists.suse.com Tue Dec 6 20:21:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 21:21:39 +0100 (CET) Subject: SUSE-RU-2022:4338-1: moderate: Recommended update for 389-ds Message-ID: <20221206202139.BB183FBA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4338-1 Rating: moderate References: SLE-11203 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update of 389-ds fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4338=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4338=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.16~git56.d15a0a7-150400.3.17.1 389-ds-debuginfo-2.0.16~git56.d15a0a7-150400.3.17.1 389-ds-debugsource-2.0.16~git56.d15a0a7-150400.3.17.1 389-ds-devel-2.0.16~git56.d15a0a7-150400.3.17.1 389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.17.1 389-ds-snmp-debuginfo-2.0.16~git56.d15a0a7-150400.3.17.1 lib389-2.0.16~git56.d15a0a7-150400.3.17.1 libsvrcore0-2.0.16~git56.d15a0a7-150400.3.17.1 libsvrcore0-debuginfo-2.0.16~git56.d15a0a7-150400.3.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.16~git56.d15a0a7-150400.3.17.1 389-ds-debuginfo-2.0.16~git56.d15a0a7-150400.3.17.1 389-ds-debugsource-2.0.16~git56.d15a0a7-150400.3.17.1 389-ds-devel-2.0.16~git56.d15a0a7-150400.3.17.1 lib389-2.0.16~git56.d15a0a7-150400.3.17.1 libsvrcore0-2.0.16~git56.d15a0a7-150400.3.17.1 libsvrcore0-debuginfo-2.0.16~git56.d15a0a7-150400.3.17.1 References: From sle-updates at lists.suse.com Tue Dec 6 20:22:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 21:22:13 +0100 (CET) Subject: SUSE-RU-2022:4337-1: moderate: Recommended update for collectd Message-ID: <20221206202213.45F22FBA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for collectd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4337-1 Rating: moderate References: SLE-11203 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update of collectd fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4337=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4337=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): collectd-5.12.0-150400.3.2.1 collectd-debuginfo-5.12.0-150400.3.2.1 collectd-debugsource-5.12.0-150400.3.2.1 collectd-plugin-buddyinfo-5.12.0-150400.3.2.1 collectd-plugin-buddyinfo-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-connectivity-5.12.0-150400.3.2.1 collectd-plugin-connectivity-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-dbi-5.12.0-150400.3.2.1 collectd-plugin-dbi-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-ipmi-5.12.0-150400.3.2.1 collectd-plugin-ipmi-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-java-5.12.0-150400.3.2.1 collectd-plugin-java-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-logparser-5.12.0-150400.3.2.1 collectd-plugin-logparser-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-lua-5.12.0-150400.3.2.1 collectd-plugin-lua-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-mcelog-5.12.0-150400.3.2.1 collectd-plugin-mcelog-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-memcachec-5.12.0-150400.3.2.1 collectd-plugin-memcachec-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-mysql-5.12.0-150400.3.2.1 collectd-plugin-mysql-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-notify-desktop-5.12.0-150400.3.2.1 collectd-plugin-notify-desktop-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-nut-5.12.0-150400.3.2.1 collectd-plugin-nut-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-openldap-5.12.0-150400.3.2.1 collectd-plugin-openldap-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-ovs-5.12.0-150400.3.2.1 collectd-plugin-ovs-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-pcie-5.12.0-150400.3.2.1 collectd-plugin-pcie-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-pinba-5.12.0-150400.3.2.1 collectd-plugin-pinba-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-postgresql-5.12.0-150400.3.2.1 collectd-plugin-postgresql-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-procevent-5.12.0-150400.3.2.1 collectd-plugin-procevent-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-python3-5.12.0-150400.3.2.1 collectd-plugin-python3-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-smart-5.12.0-150400.3.2.1 collectd-plugin-smart-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-snmp-5.12.0-150400.3.2.1 collectd-plugin-snmp-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-synproxy-5.12.0-150400.3.2.1 collectd-plugin-synproxy-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-sysevent-5.12.0-150400.3.2.1 collectd-plugin-sysevent-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-ubi-5.12.0-150400.3.2.1 collectd-plugin-ubi-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-uptime-5.12.0-150400.3.2.1 collectd-plugin-uptime-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-virt-5.12.0-150400.3.2.1 collectd-plugin-virt-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-write_influxdb_udp-5.12.0-150400.3.2.1 collectd-plugin-write_influxdb_udp-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-write_stackdriver-5.12.0-150400.3.2.1 collectd-plugin-write_stackdriver-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-write_syslog-5.12.0-150400.3.2.1 collectd-plugin-write_syslog-debuginfo-5.12.0-150400.3.2.1 collectd-plugins-all-5.12.0-150400.3.2.1 collectd-spamassassin-5.12.0-150400.3.2.1 collectd-web-5.12.0-150400.3.2.1 collectd-web-js-5.12.0-150400.3.2.1 libcollectdclient-devel-5.12.0-150400.3.2.1 libcollectdclient1-5.12.0-150400.3.2.1 libcollectdclient1-debuginfo-5.12.0-150400.3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): collectd-5.12.0-150400.3.2.1 collectd-debuginfo-5.12.0-150400.3.2.1 collectd-debugsource-5.12.0-150400.3.2.1 collectd-plugin-buddyinfo-5.12.0-150400.3.2.1 collectd-plugin-buddyinfo-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-connectivity-5.12.0-150400.3.2.1 collectd-plugin-connectivity-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-dbi-5.12.0-150400.3.2.1 collectd-plugin-dbi-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-ipmi-5.12.0-150400.3.2.1 collectd-plugin-ipmi-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-java-5.12.0-150400.3.2.1 collectd-plugin-java-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-logparser-5.12.0-150400.3.2.1 collectd-plugin-logparser-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-lua-5.12.0-150400.3.2.1 collectd-plugin-lua-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-mcelog-5.12.0-150400.3.2.1 collectd-plugin-mcelog-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-memcachec-5.12.0-150400.3.2.1 collectd-plugin-memcachec-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-mysql-5.12.0-150400.3.2.1 collectd-plugin-mysql-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-notify-desktop-5.12.0-150400.3.2.1 collectd-plugin-notify-desktop-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-nut-5.12.0-150400.3.2.1 collectd-plugin-nut-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-openldap-5.12.0-150400.3.2.1 collectd-plugin-openldap-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-ovs-5.12.0-150400.3.2.1 collectd-plugin-ovs-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-pcie-5.12.0-150400.3.2.1 collectd-plugin-pcie-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-pinba-5.12.0-150400.3.2.1 collectd-plugin-pinba-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-postgresql-5.12.0-150400.3.2.1 collectd-plugin-postgresql-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-procevent-5.12.0-150400.3.2.1 collectd-plugin-procevent-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-python3-5.12.0-150400.3.2.1 collectd-plugin-python3-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-smart-5.12.0-150400.3.2.1 collectd-plugin-smart-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-snmp-5.12.0-150400.3.2.1 collectd-plugin-snmp-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-synproxy-5.12.0-150400.3.2.1 collectd-plugin-synproxy-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-sysevent-5.12.0-150400.3.2.1 collectd-plugin-sysevent-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-ubi-5.12.0-150400.3.2.1 collectd-plugin-ubi-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-uptime-5.12.0-150400.3.2.1 collectd-plugin-uptime-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-virt-5.12.0-150400.3.2.1 collectd-plugin-virt-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-write_influxdb_udp-5.12.0-150400.3.2.1 collectd-plugin-write_influxdb_udp-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-write_stackdriver-5.12.0-150400.3.2.1 collectd-plugin-write_stackdriver-debuginfo-5.12.0-150400.3.2.1 collectd-plugin-write_syslog-5.12.0-150400.3.2.1 collectd-plugin-write_syslog-debuginfo-5.12.0-150400.3.2.1 collectd-plugins-all-5.12.0-150400.3.2.1 collectd-spamassassin-5.12.0-150400.3.2.1 collectd-web-5.12.0-150400.3.2.1 collectd-web-js-5.12.0-150400.3.2.1 libcollectdclient-devel-5.12.0-150400.3.2.1 libcollectdclient1-5.12.0-150400.3.2.1 libcollectdclient1-debuginfo-5.12.0-150400.3.2.1 References: From sle-updates at lists.suse.com Tue Dec 6 20:22:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 21:22:52 +0100 (CET) Subject: SUSE-RU-2022:4339-1: moderate: Recommended update for hplip Message-ID: <20221206202252.34B15FBA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for hplip ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4339-1 Rating: moderate References: SLE-11203 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update of hplip fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4339=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4339=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4339=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): hplip-3.21.10-150400.3.5.1 hplip-debuginfo-3.21.10-150400.3.5.1 hplip-debugsource-3.21.10-150400.3.5.1 hplip-devel-3.21.10-150400.3.5.1 hplip-hpijs-3.21.10-150400.3.5.1 hplip-hpijs-debuginfo-3.21.10-150400.3.5.1 hplip-sane-3.21.10-150400.3.5.1 hplip-sane-debuginfo-3.21.10-150400.3.5.1 hplip-scan-utils-3.21.10-150400.3.5.1 hplip-scan-utils-debuginfo-3.21.10-150400.3.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): hplip-3.21.10-150400.3.5.1 hplip-debuginfo-3.21.10-150400.3.5.1 hplip-debugsource-3.21.10-150400.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): hplip-debuginfo-3.21.10-150400.3.5.1 hplip-debugsource-3.21.10-150400.3.5.1 hplip-devel-3.21.10-150400.3.5.1 hplip-hpijs-3.21.10-150400.3.5.1 hplip-hpijs-debuginfo-3.21.10-150400.3.5.1 hplip-sane-3.21.10-150400.3.5.1 hplip-sane-debuginfo-3.21.10-150400.3.5.1 References: From sle-updates at lists.suse.com Tue Dec 6 20:23:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 21:23:33 +0100 (CET) Subject: SUSE-SU-2022:4334-1: important: Security update for MozillaThunderbird Message-ID: <20221206202333.A4CDBFBA7@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4334-1 Rating: important References: #1205941 Cross-References: CVE-2022-45414 CVSS scores: CVE-2022-45414 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaThunderbird fixes the following issues: Update to version 102.5.1: - CVE-2022-45414: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content (bsc#1205941). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4334=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4334=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4334=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4334=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4334=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4334=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.5.1-150200.8.93.1 MozillaThunderbird-debuginfo-102.5.1-150200.8.93.1 MozillaThunderbird-debugsource-102.5.1-150200.8.93.1 MozillaThunderbird-translations-common-102.5.1-150200.8.93.1 MozillaThunderbird-translations-other-102.5.1-150200.8.93.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.5.1-150200.8.93.1 MozillaThunderbird-debuginfo-102.5.1-150200.8.93.1 MozillaThunderbird-debugsource-102.5.1-150200.8.93.1 MozillaThunderbird-translations-common-102.5.1-150200.8.93.1 MozillaThunderbird-translations-other-102.5.1-150200.8.93.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-102.5.1-150200.8.93.1 MozillaThunderbird-debuginfo-102.5.1-150200.8.93.1 MozillaThunderbird-debugsource-102.5.1-150200.8.93.1 MozillaThunderbird-translations-common-102.5.1-150200.8.93.1 MozillaThunderbird-translations-other-102.5.1-150200.8.93.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-102.5.1-150200.8.93.1 MozillaThunderbird-debuginfo-102.5.1-150200.8.93.1 MozillaThunderbird-debugsource-102.5.1-150200.8.93.1 MozillaThunderbird-translations-common-102.5.1-150200.8.93.1 MozillaThunderbird-translations-other-102.5.1-150200.8.93.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-102.5.1-150200.8.93.1 MozillaThunderbird-debuginfo-102.5.1-150200.8.93.1 MozillaThunderbird-debugsource-102.5.1-150200.8.93.1 MozillaThunderbird-translations-common-102.5.1-150200.8.93.1 MozillaThunderbird-translations-other-102.5.1-150200.8.93.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-102.5.1-150200.8.93.1 MozillaThunderbird-debuginfo-102.5.1-150200.8.93.1 MozillaThunderbird-debugsource-102.5.1-150200.8.93.1 MozillaThunderbird-translations-common-102.5.1-150200.8.93.1 MozillaThunderbird-translations-other-102.5.1-150200.8.93.1 References: https://www.suse.com/security/cve/CVE-2022-45414.html https://bugzilla.suse.com/1205941 From sle-updates at lists.suse.com Tue Dec 6 20:24:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Dec 2022 21:24:17 +0100 (CET) Subject: SUSE-RU-2022:4336-1: moderate: Recommended update for gdb Message-ID: <20221206202417.50BE0FBA7@maintenance.suse.de> SUSE Recommended Update: Recommended update for gdb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4336-1 Rating: moderate References: PED-2035 PM-3603 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for "set max-value-size" and "show max-value-size". - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like "thread apply", but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by "set logging enabled on|off". - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command "exit", in addition to the existing "quit" command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., "16lf#0123abcd#" -- the number of "l"s controls the width of the floating-point type, and the "f" is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4336=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4336=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4336=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gdb-12.1-150400.15.6.1 gdb-debuginfo-12.1-150400.15.6.1 gdb-debugsource-12.1-150400.15.6.1 gdb-testresults-12.1-150400.15.6.1 gdbserver-12.1-150400.15.6.1 gdbserver-debuginfo-12.1-150400.15.6.1 libsource-highlight-devel-3.1.8-150000.3.2.1 libsource-highlight4-3.1.8-150000.3.2.1 libsource-highlight4-debuginfo-3.1.8-150000.3.2.1 source-highlight-3.1.8-150000.3.2.1 source-highlight-cgi-3.1.8-150000.3.2.1 source-highlight-cgi-debuginfo-3.1.8-150000.3.2.1 source-highlight-debuginfo-3.1.8-150000.3.2.1 source-highlight-debugsource-3.1.8-150000.3.2.1 - openSUSE Leap 15.4 (x86_64): libsource-highlight4-32bit-3.1.8-150000.3.2.1 libsource-highlight4-32bit-debuginfo-3.1.8-150000.3.2.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsource-highlight-devel-3.1.8-150000.3.2.1 libsource-highlight4-3.1.8-150000.3.2.1 libsource-highlight4-debuginfo-3.1.8-150000.3.2.1 source-highlight-3.1.8-150000.3.2.1 source-highlight-cgi-3.1.8-150000.3.2.1 source-highlight-cgi-debuginfo-3.1.8-150000.3.2.1 source-highlight-debuginfo-3.1.8-150000.3.2.1 source-highlight-debugsource-3.1.8-150000.3.2.1 - openSUSE Leap 15.3 (x86_64): libsource-highlight4-32bit-3.1.8-150000.3.2.1 libsource-highlight4-32bit-debuginfo-3.1.8-150000.3.2.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): gdb-12.1-150400.15.6.1 gdb-debuginfo-12.1-150400.15.6.1 gdb-debugsource-12.1-150400.15.6.1 gdbserver-12.1-150400.15.6.1 gdbserver-debuginfo-12.1-150400.15.6.1 libsource-highlight-devel-3.1.8-150000.3.2.1 libsource-highlight4-3.1.8-150000.3.2.1 libsource-highlight4-debuginfo-3.1.8-150000.3.2.1 References: From sle-updates at lists.suse.com Wed Dec 7 08:24:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 09:24:53 +0100 (CET) Subject: SUSE-CU-2022:3311-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221207082453.B5F8FFBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3311-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.51 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.51 Severity : moderate Type : security References : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410 1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025 1179203 1181122 1181644 1181872 1182790 1193951 CVE-2020-21913 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4336-1 Released: Tue Dec 6 16:27:50 2022 Summary: Recommended update for gdb Type: recommended Severity: moderate References: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'. - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like 'thread apply', but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by 'set logging enabled on|off'. - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. The following package changes have been done: - ctags-5.8-1.27 added - gdb-12.1-150400.15.6.1 updated - libboost_regex1_66_0-1.66.0-12.3.1 added - libicu-suse65_1-65.1-150200.4.5.1 added - libicu65_1-ledata-65.1-150200.4.5.1 added - libsource-highlight4-3.1.8-150000.3.2.1 added - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Dec 7 08:25:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 09:25:08 +0100 (CET) Subject: SUSE-CU-2022:3312-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20221207082508.9C52BFBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3312-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.14 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.14 Severity : moderate Type : security References : 1041090 1049382 1116658 1136234 1155141 1173404 1173409 1173410 1173471 1174465 1176547 1177955 1178807 1178943 1178944 1179025 1179203 1181122 1181644 1181872 1182790 1193951 CVE-2020-21913 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:927-1 Released: Tue Mar 23 14:07:06 2021 Summary: Recommended update for libreoffice Type: recommended Severity: moderate References: 1041090,1049382,1116658,1136234,1155141,1173404,1173409,1173410,1173471,1174465,1176547,1177955,1178807,1178943,1178944,1179025,1179203,1181122,1181644,1181872,1182790 This update for libreoffice provides the upgrade from version 6.4.5.2 to 7.1.1.2 (jsc#ECO-3150, bsc#1182790) libreoffice: - Image shown with different aspect ratio (bsc#1176547) - Text changes are reproducibly lost on PPTX with SmartArt (bsc#1181644) - Adjust to new Box2D and enable KDE on SUSE Linux Enterprise 15-SP3 or newer (jsc#ECO-3375) - Wrong bullet points in Impress (bsc#1174465) - SmartArt: text wrongly aligned, background boxes not quite right (bsc#1177955) - Update the SUSE color palette to reflect the new SUSE branding. (bsc#1181122, bsc#1173471) - SUSE Mint - SUSE Midnight Blue - SUSE Waterhole Blue - SUSE Persimmon - Fix a crash opening a PPTX. (bsc#1179025) - Fix text box from PowerPoint renders vertically instead of horizontally (bsc#1178807) - Shadow effects for table completely missing (bsc#1178944, bsc#1178943) - Disable firebird integration for the time being (bsc#1179203) - Fixes hang on Writer on scrolling/saving of a document (bsc#1136234) - Wrong rendering of bulleted lists in PPTX document (bsc#1155141) - Sidebar: paragraph widget: numeric fields become inactive/unaccessible after saving (bsc#1173404) - Crash of Writer opening any document having 'invalid' python file in home directory (bsc#1116658) libixion: Update to 0.16.1: - fixed a build issue on 32-bit linux platforms, caused by slicing of integer string ID values. - worked around floating point rounding errors which prevented two theoretically-equal numeric values from being evaluated as equal in test code. - added new function to allow printing of single formula tokens. - added method for setting cached results on formula cells in model_context. - changed the model_context design to ensure that all sheets are of the same size. - added an accessor method to formula_model_access interface (and implicitly in model_context) that directly returns a string value from cell. - added cell_access class for querying of cell states without knowing its type ahead of time. - added document class which provides a layer on top of model_context, to abstract away the handling of formula calculations. - deprecated model_context::erase_cell() in favor of empty_cell(). - added support for 3D references - references that contain multiple sheets. - added support for the exponent (^) and concatenation (&) operators. - fixed incorrect handling of range references containing whole columns such as A:A. - added support for unordered range references - range references whose start row or column is greater than their end position counterparts, such as A3:A1. - fixed a bug that prevented nested formula functions from working properly. - implemented Calc A1 style reference resolver. - formula results now directly store the string values when the results are of string type. They previously stored string ID values after interning the original strings. - Removed build-time dependency on spdlog. libmwaw: Update to 0.3.17: - add a parser for Jazz(Lotus) writer and spreasheet files. The writer parser can only be called if the file still contains its resource fork - add a parser for Canvas 3 and 3.5 files - AppleWorks parser: try to retrieve more Windows presentation - add a parser for Drawing Table files - add a parser for Canvas 2 files - API: add new reserved enums in MWAWDocument.hxx `MWAW_T_RESERVED10..MWAW_T_RESERVED29` and add a new define in libmwaw.hxx `MWAW_INTERFACE_VERSION` to check if these enums are defined - remove the QuarkXPress parser (must be in libqxp) - retrieve the annotation in MsWord 5 document - try to better understand RagTime 5-6 document libnumbertext: Update to 1.0.6 liborcus: Update to 0.16.1 - Add upstream changes to fix build with GCC 11 (bsc#1181872) libstaroffice: Update to 0.0.7: - fix `text:sender-lastname` when creating meta-data libwps: Update to 0.4.11: - XYWrite: add a parser to .fil v2 and v4 files - wks,wk1: correct some problems when retrieving cell's reference. glfw: New package provided on version 3.3.2: - See also: https://www.glfw.org/changelog.html - Sort list of input files to geany for reproducible builds (bsc#1049382, bsc#1041090) * Require pkgconfig(gl) for the devel package to supply needed include GL/gl.h * glfwFocusWindow could terminate on older WMs or without a WM * Creating an undecorated window could fail with BadMatch * Querying a disconnected monitor could segfault * Video modes with a duplicate screen area were discarded * The CMake files did not check for the XInput headers * Key names were not updated when the keyboard layout changed * Decorations could not be enabled after window creation * Content scale fallback value could be inconsistent * Disabled cursor mode was interrupted by indicator windows * Monitor physical dimensions could be reported as zero mm * Window position events were not emitted during resizing * Added on-demand loading of Vulkan and context creation API libraries * [X11] Bugfix: Window size limits were ignored if the minimum or maximum size was set to `GLFW_DONT_CARE` * [X11] Bugfix: Input focus was set before window was visible, causing BadMatch on some non-reparenting WMs * [X11] Bugfix: glfwGetWindowPos and glfwSetWindowPos operated on the window frame instead of the client area * [WGL] Added reporting of errors from `WGL_ARB_create_context` extension * [EGL] Added lib prefix matching between EGL and OpenGL ES library binaries * [EGL] Bugfix: Dynamically loaded entry points were not verified - Made build of geany-tags optional. Box2D: New package provided on version 2.4.1: * Extended distance joint to have a minimum and maximum limit. * `B2_USER_SETTINGS` and `b2_user_settings.h` can control user data, length units, and maximum polygon vertices. * Default user data is now uintptr_t instead of void* * b2FixtureDef::restitutionThreshold lets you set the restitution velocity threshold per fixture. * Collision * Chain and edge shape must now be one-sided to eliminate ghost collisions * Broad-phase optimizations * Added b2ShapeCast for linear shape casting * Dynamics * Joint limits are now predictive and not stateful * Experimental 2D cloth (rope) * b2Body::SetActive -> b2Body::SetEnabled * Better support for running multiple worlds * Handle zero density better * The body behaves like a static body * The body is drawn with a red color * Added translation limit to wheel joint * World dump now writes to box2d_dump.inl * Static bodies are never awake * All joints with spring-dampers now use stiffness and damping * Added utility functions to convert frequency and damping ratio to stiffness and damping * Polygon creation now computes the convex hull. * The convex hull code will merge vertices closer than dm_linearSlop. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3142-1 Released: Wed Sep 7 09:54:18 2022 Summary: Security update for icu Type: security Severity: moderate References: 1193951,CVE-2020-21913 This update for icu fixes the following issues: - CVE-2020-21913: Fixed a memory safetey issue that could lead to use after free (bsc#1193951). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4336-1 Released: Tue Dec 6 16:27:50 2022 Summary: Recommended update for gdb Type: recommended Severity: moderate References: gdb was updated to version 12.1: * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named `template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: - maint set backtrace-on-fatal-signal on|off - maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. - set source open on|off - show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. - set varsize-limit - show varsize-limit These are now deprecated aliases for 'set max-value-size' and 'show max-value-size'. - task apply [all | TASK-IDS...] [FLAG]... COMMAND Like 'thread apply', but applies COMMAND to Ada tasks. - watch [...] task ID Watchpoints can now be restricted to a specific Ada task. - maint set internal-error backtrace on|off - maint show internal-error backtrace - maint set internal-warning backtrace on|off - maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal-error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. - set logging on|off Deprecated and replaced by 'set logging enabled on|off'. - set logging enabled on|off - show logging enabled These commands set or show whether logging is enabled or disabled. - exit You can now exit GDB by using the new command 'exit', in addition to the existing 'quit' command. - set debug threads on|off - show debug threads Print additional debug messages about thread creation and deletion. - set debug linux-nat on|off - show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. - maint flush source-cache Flush the contents of the source code cache. - maint set gnu-source-highlight enabled on|off - maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. - set suppress-cli-notifications (on|off) - show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). - set style disassembler enabled on|off - show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. - set ada source-charset - show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: - print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. - maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. - clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. - set debug lin-lwp on|off - show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. - info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., '16lf#0123abcd#' -- the number of 'l's controls the width of the floating-point type, and the 'f' is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. Update libipt to v2.0.5. The following package changes have been done: - ctags-5.8-1.27 added - gdb-12.1-150400.15.6.1 updated - libboost_regex1_66_0-1.66.0-12.3.1 added - libicu-suse65_1-65.1-150200.4.5.1 added - libicu65_1-ledata-65.1-150200.4.5.1 added - libsource-highlight4-3.1.8-150000.3.2.1 added - libstdc++6-12.2.1+git416-150000.1.5.1 updated From sle-updates at lists.suse.com Wed Dec 7 08:36:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 09:36:20 +0100 (CET) Subject: SUSE-CU-2022:3313-1: Security update of suse/sles12sp4 Message-ID: <20221207083620.59CDBFBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3313-1 Container Tags : suse/sles12sp4:26.539 , suse/sles12sp4:latest Container Release : 26.539 Severity : important Type : security References : 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4335-1 Released: Tue Dec 6 16:03:03 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - base-container-licenses-3.0-1.331 updated - container-suseconnect-2.0.0-1.215 updated - krb5-1.12.5-40.43.1 updated From sle-updates at lists.suse.com Wed Dec 7 08:44:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 09:44:11 +0100 (CET) Subject: SUSE-CU-2022:3314-1: Security update of suse/sles12sp5 Message-ID: <20221207084411.58509FBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3314-1 Container Tags : suse/sles12sp5:6.5.409 , suse/sles12sp5:latest Container Release : 6.5.409 Severity : important Type : security References : 1205126 CVE-2022-42898 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4335-1 Released: Tue Dec 6 16:03:03 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). The following package changes have been done: - krb5-1.12.5-40.43.1 updated From sle-updates at lists.suse.com Wed Dec 7 08:46:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 09:46:13 +0100 (CET) Subject: SUSE-CU-2022:3315-1: Recommended update of suse/389-ds Message-ID: <20221207084613.6860DFBA7@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3315-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.63 , suse/389-ds:latest Container Release : 17.63 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4338-1 Released: Tue Dec 6 16:51:30 2022 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: This update of 389-ds fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). The following package changes have been done: - libsvrcore0-2.0.16~git56.d15a0a7-150400.3.17.1 updated - lib389-2.0.16~git56.d15a0a7-150400.3.17.1 updated - 389-ds-2.0.16~git56.d15a0a7-150400.3.17.1 updated From sle-updates at lists.suse.com Wed Dec 7 17:21:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 18:21:25 +0100 (CET) Subject: SUSE-FU-2022:4343-1: moderate: Feature update for wicked Message-ID: <20221207172125.1CEA4FBA7@maintenance.suse.de> SUSE Feature Update: Feature update for wicked ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4343-1 Rating: moderate References: #1181429 #1184124 #1186787 #1187655 #1189560 #1192508 #1194392 #1198894 #1200505 #1201053 #876845 #877776 #885007 #896188 #988954 SLE-10249 SLE-17762 SLE-24286 SLE-24307 SLE-24310 SLE-25048 SLE-9492 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has 15 feature fixes and contains 7 features can now be installed. Description: This update for wicked fixes the following issues: - auto6: Fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - compat-suse: Match read order of sysctl.d '/etc' vs. '/run' with systemd-sysctl and remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: Fix reading of sysctl variable 'addr_gen_mode' - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - redfish: Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) (jsc#SLE-24286, jsc#SLE-17762) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Fix to not expect colons in 64byte long wpa-psk hex hash string - wireless: Remove libiw dependencies - xml-schema: Reference counting fix to not crash at exit on schema errors - Removed obsolete patch included in the main sources (bsc#1194392) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4343=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4343=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4343=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4343=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4343=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4343=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): wicked-0.6.70-150100.3.27.2 wicked-debuginfo-0.6.70-150100.3.27.2 wicked-debugsource-0.6.70-150100.3.27.2 wicked-service-0.6.70-150100.3.27.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): wicked-0.6.70-150100.3.27.2 wicked-debuginfo-0.6.70-150100.3.27.2 wicked-debugsource-0.6.70-150100.3.27.2 wicked-service-0.6.70-150100.3.27.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): wicked-0.6.70-150100.3.27.2 wicked-debuginfo-0.6.70-150100.3.27.2 wicked-debugsource-0.6.70-150100.3.27.2 wicked-service-0.6.70-150100.3.27.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): wicked-0.6.70-150100.3.27.2 wicked-debuginfo-0.6.70-150100.3.27.2 wicked-debugsource-0.6.70-150100.3.27.2 wicked-service-0.6.70-150100.3.27.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): wicked-0.6.70-150100.3.27.2 wicked-debuginfo-0.6.70-150100.3.27.2 wicked-debugsource-0.6.70-150100.3.27.2 wicked-service-0.6.70-150100.3.27.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): wicked-0.6.70-150100.3.27.2 wicked-debuginfo-0.6.70-150100.3.27.2 wicked-debugsource-0.6.70-150100.3.27.2 wicked-service-0.6.70-150100.3.27.2 - SUSE CaaS Platform 4.0 (x86_64): wicked-0.6.70-150100.3.27.2 wicked-debuginfo-0.6.70-150100.3.27.2 wicked-debugsource-0.6.70-150100.3.27.2 wicked-service-0.6.70-150100.3.27.2 References: https://bugzilla.suse.com/1181429 https://bugzilla.suse.com/1184124 https://bugzilla.suse.com/1186787 https://bugzilla.suse.com/1187655 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192508 https://bugzilla.suse.com/1194392 https://bugzilla.suse.com/1198894 https://bugzilla.suse.com/1200505 https://bugzilla.suse.com/1201053 https://bugzilla.suse.com/876845 https://bugzilla.suse.com/877776 https://bugzilla.suse.com/885007 https://bugzilla.suse.com/896188 https://bugzilla.suse.com/988954 From sle-updates at lists.suse.com Wed Dec 7 17:23:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 18:23:27 +0100 (CET) Subject: SUSE-FU-2022:4340-1: moderate: Feature update for wicked Message-ID: <20221207172327.1CE66FBA7@maintenance.suse.de> SUSE Feature Update: Feature update for wicked ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4340-1 Rating: moderate References: #1184124 #1186787 #1187655 #1189560 #1192508 #1198894 #1200505 #1201053 #876845 #877776 #885007 #896188 #988954 SLE-10249 SLE-24307 SLE-24310 SLE-25048 SLE-9492 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 13 feature fixes and contains 5 features can now be installed. Description: This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4340=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4340=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4340=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): wicked-0.6.70-150400.3.3.1 wicked-debuginfo-0.6.70-150400.3.3.1 wicked-debugsource-0.6.70-150400.3.3.1 wicked-service-0.6.70-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): wicked-0.6.70-150400.3.3.1 wicked-debuginfo-0.6.70-150400.3.3.1 wicked-debugsource-0.6.70-150400.3.3.1 wicked-service-0.6.70-150400.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): wicked-0.6.70-150400.3.3.1 wicked-debuginfo-0.6.70-150400.3.3.1 wicked-debugsource-0.6.70-150400.3.3.1 wicked-service-0.6.70-150400.3.3.1 References: https://bugzilla.suse.com/1184124 https://bugzilla.suse.com/1186787 https://bugzilla.suse.com/1187655 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192508 https://bugzilla.suse.com/1198894 https://bugzilla.suse.com/1200505 https://bugzilla.suse.com/1201053 https://bugzilla.suse.com/876845 https://bugzilla.suse.com/877776 https://bugzilla.suse.com/885007 https://bugzilla.suse.com/896188 https://bugzilla.suse.com/988954 From sle-updates at lists.suse.com Wed Dec 7 17:25:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 18:25:05 +0100 (CET) Subject: SUSE-FU-2022:4344-1: moderate: Feature update for wicked Message-ID: <20221207172505.812DCFBA7@maintenance.suse.de> SUSE Feature Update: Feature update for wicked ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4344-1 Rating: moderate References: #1181429 #1184124 #1186787 #1187655 #1189560 #1192508 #1194392 #1198894 #1200505 #1201053 #876845 #877776 #885007 #896188 #940239 #988954 SLE-10249 SLE-17762 SLE-24286 SLE-24307 SLE-24310 SLE-25048 SLE-9492 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that has 16 feature fixes and contains 7 features can now be installed. Description: This update for wicked fixes the following issues: - auto6: Fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - compat-suse: Match read order of sysctl.d '/etc' vs. '/run' with systemd-sysctl and remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: Fix reading of sysctl variable 'addr_gen_mode' - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - redfish: Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) (jsc#SLE-24286, jsc#SLE-17762) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Fix to not expect colons in 64byte long wpa-psk hex hash string - wireless: Remove libiw dependencies - xml-schema: Reference counting fix to not crash at exit on schema errors - Removed obsolete patch included in the main sources (bsc#1194392) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4344=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4344=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): wicked-0.6.70-38.48.2 wicked-debuginfo-0.6.70-38.48.2 wicked-debugsource-0.6.70-38.48.2 wicked-service-0.6.70-38.48.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): wicked-0.6.70-38.48.2 wicked-debuginfo-0.6.70-38.48.2 wicked-debugsource-0.6.70-38.48.2 wicked-service-0.6.70-38.48.2 References: https://bugzilla.suse.com/1181429 https://bugzilla.suse.com/1184124 https://bugzilla.suse.com/1186787 https://bugzilla.suse.com/1187655 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192508 https://bugzilla.suse.com/1194392 https://bugzilla.suse.com/1198894 https://bugzilla.suse.com/1200505 https://bugzilla.suse.com/1201053 https://bugzilla.suse.com/876845 https://bugzilla.suse.com/877776 https://bugzilla.suse.com/885007 https://bugzilla.suse.com/896188 https://bugzilla.suse.com/940239 https://bugzilla.suse.com/988954 From sle-updates at lists.suse.com Wed Dec 7 17:26:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 18:26:53 +0100 (CET) Subject: SUSE-FU-2022:4342-1: moderate: Feature update for wicked Message-ID: <20221207172653.02655FBA7@maintenance.suse.de> SUSE Feature Update: Feature update for wicked ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4342-1 Rating: moderate References: #1181429 #1184124 #1186787 #1187655 #1189560 #1192508 #1194392 #1198894 #1200505 #1201053 #876845 #877776 #885007 #896188 #988954 SLE-10249 SLE-17762 SLE-24286 SLE-24307 SLE-24310 SLE-25048 SLE-9492 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 15 feature fixes and contains 7 features can now be installed. Description: This update for wicked fixes the following issues: - auto6: Fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - compat-suse: Match read order of sysctl.d '/etc' vs. '/run' with systemd-sysctl and remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: Fix reading of sysctl variable 'addr_gen_mode' - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - redfish: Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) (jsc#SLE-24286, jsc#SLE-17762) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Fix to not expect colons in 64byte long wpa-psk hex hash string - wireless: Remove libiw dependencies - xml-schema: Reference counting fix to not crash at exit on schema errors - Removed obsolete patch included in the main sources (bsc#1194392) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4342=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): wicked-0.6.70-3.19.1 wicked-debuginfo-0.6.70-3.19.1 wicked-debugsource-0.6.70-3.19.1 wicked-service-0.6.70-3.19.1 References: https://bugzilla.suse.com/1181429 https://bugzilla.suse.com/1184124 https://bugzilla.suse.com/1186787 https://bugzilla.suse.com/1187655 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192508 https://bugzilla.suse.com/1194392 https://bugzilla.suse.com/1198894 https://bugzilla.suse.com/1200505 https://bugzilla.suse.com/1201053 https://bugzilla.suse.com/876845 https://bugzilla.suse.com/877776 https://bugzilla.suse.com/885007 https://bugzilla.suse.com/896188 https://bugzilla.suse.com/988954 From sle-updates at lists.suse.com Wed Dec 7 17:28:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 18:28:36 +0100 (CET) Subject: SUSE-RU-2022:4348-1: important: Recommended update for pdsh, slurm_22_05 Message-ID: <20221207172836.028A8FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for pdsh, slurm_22_05 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4348-1 Rating: important References: PED-2305 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for pdsh, slurm_22_05 fixes the following issues: Slurm was updated to 22.05.5 - Fixes a number of moderate severity issues, noteable are: * Load hash plugin at slurmstepd launch time to prevent issues loading the plugin at step completion if the Slurm installation is upgraded. * Update nvml plugin to match the unique id format for MIG devices in new Nvidia drivers. * Fix multi-node step launch failure when nodes in the controller aren't in natural order. This can happen with inconsistent node naming (such as node15 and node052) or with dynamic nodes which can register in any order. * job_container/tmpfs - cleanup containers even when the .ns file isn't mounted anymore. * Wait up to PrologEpilogTimeout before shutting down slurmd to allow prolog and epilog scripts to complete or timeout. Previously, slurmd waited 120 seconds before timing out and killing prolog and epilog scripts. - Do not deduplicate files of testsuite Slurm configuration. This directory is supposed to be mounted over /etc/slurm therefore it must not contain softlinks to the files in this directory. - Fix a potential security vulnerability in the test package (bsc#1201674, CVE-2022-31251). - update to 22.05.2 with following fixes: * Fix regression which allowed the oversubscription of licenses. * Fix a segfault in slurmctld when requesting gres in job arrays. - Allow log in as user 'slurm'. This allows admins to run certain priviledged commands more easily without becoming root. update to 22.05.0 with following changes: - Support for dynamic node addition and removal - Support for native Linux cgroup v2 operation - Newly added plugins to support HPE Slingshot 11 networks (switch/hpe_slingshot), and Intel Xe GPUs (gpu/oneapi) - Added new acct_gather_interconnect/sysfs plugin to collect statistics from arbitrary network interfaces. - Expanded and synced set of environment variables available in the Prolog/Epilog/PrologSlurmctld/EpilogSlurmctld scripts. - New "--prefer" option to job submissions to allow for a "soft constraint" request to influence node selection. - Optional support for license planning in the backfill scheduler with "bf_licenses" option in SchedulerParameters. - Add a comment about the CommunicationParameters=block_null_hash option warning users who migrate - just in case. - Update to 21.08.8 which fixes CVE-2022-29500 (bsc#1199278), CVE-2022-29501 (bsc#1199279), and CVE-2022-29502 (bsc#1199281). - Added 'CommunicationParameters=block_null_hash' to slurm.conf, please add this parameter to existing configurations. - Update to 21.08.7 with following changes: * openapi/v0.0.37 - correct calculation for bf_queue_len_mean in /diag. * Avoid shrinking a reservation when overlapping with downed nodes. * Only check TRES limits against current usage for TRES requested by the job. * Do not allocate shared gres (MPS) in whole-node allocations * Constrain slurmstepd to job/step cgroup like in previous versions of Slurm. * Fix warnings on 32-bit compilers related to printf() formats. * Fix reconfigure issues after disabling/reenabling the GANG PreemptMode. * Fix race condition where a cgroup was being deleted while another step was creating it. * Set the slurmd port correctly if multi-slurmd * Fix FAIL mail not being sent if a job was cancelled due to preemption. * slurmrestd - move debug logs for HTTP handling to be gated by debugflag NETWORK to avoid unnecessary logging of communication contents. * Fix issue with bad memory access when shrinking running steps. * Fix various issues with internal job accounting with GRES when jobs are shrunk. * Fix ipmi polling on slurmd reconfig or restart. * Fix srun crash when reserved ports are being used and het step fails to launch. * openapi/dbv0.0.37 - fix DELETE execution path on /user/{user_name}. * slurmctld - Properly requeue all components of a het job if PrologSlurmctld fails. * rlimits - remove final calls to limit nofiles to 4096 but to instead use the max possible nofiles in slurmd and slurmdbd. * Allow the DBD agent to load large messages (up to MAX_BUF_SIZE) from state. * Fix potential deadlock during slurmctld restart when there is a completing job. * slurmstepd - reduce user requested soft rlimits when they are above max hard rlimits to avoid rlimit request being completely ignored and processes using default limits. * Fix Slurm user commands displaying available features as active features when no features were active. * Don't power down nodes that are rebooting. * Clear pending node reboot on power down request. * Ignore node registrations while node is powering down. * Don't reboot any node that is power down. * Don't allow a node to reboot if it's marked for power down. * Fix issuing reboot and downing when rebooting a powering up node. * Clear DRAIN on node after failing to resume before ResumeTimeout. * Prevent repeating power down if node fails to resume before ResumeTimeout. * Fix federated cloud node communication with srun and cloud_dns. * Fix jobs being scheduled on nodes marked to be powered_down when idle. * Fix problem where a privileged user could not view array tasks specified by _ when PrivateData had the jobs value set. - Changes in Slurm 21.08.6 * Fix plugin_name definitions in a number of plugins to improve logging. * Close sbcast file transfers when job is cancelled. * scrontab - fix handling of --gpus and --ntasks-per-gpu options. * sched/backfill - fix job_queue_rec_t memory leak. * Fix magnetic reservation logic in both main and backfill schedulers. * job_container/tmpfs - fix memory leak when using InitScript. * slurmrestd / openapi - fix memory leaks. * Fix slurmctld segfault due to job array resv_list double free. * Fix multi-reservation job testing logic. * Fix slurmctld segfault due to insufficient job reservation parse validation. * Fix main and backfill schedulers handling for already rejected job array. * sched/backfill - restore resv_ptr after yielding locks. * acct_gather_energy/xcc - appropriately close and destroy the IPMI context. * Protect slurmstepd from making multiple calls to the cleanup logic. * Prevent slurmstepd segfault at cleanup time in mpi_fini(). * Fix slurmctld sometimes hanging if shutdown while PrologSlurmctld or EpilogSlurmctld were running and PrologEpilogTimeout is set in slurm.conf. * Fix affinity of the batch step if batch host is different than the first node in the allocation. * slurmdbd - fix segfault after multiple failover/failback operations. * Fix jobcomp filetxt job selection condition. * Fix -f flag of sacct not being used. * Select cores for job steps according to the socket distribution. Previously, sockets were always filled before selecting cores from the next socket. * Keep node in Future state if epilog completes while in Future state. * Fix erroneous --constraint behavior by preventing multiple sets of brackets. * Make ResetAccrueTime update the job's accrue_time to now. * Fix sattach initialization with configless mode. * Revert packing limit checks affecting pmi2. * sacct - fixed assertion failure when using -c option and a federation display * Fix issue that allowed steps to overallocate the job's memory. * Fix the sanity check mode of AutoDetect so that it actually works. * Fix deallocated nodes that didn't actually launch a job from waiting for Epilogslurmctld to complete before clearing completing node's state. * Job should be in a completing state if EpilogSlurmctld when being requeued. * Fix job not being requeued properly if all node epilog's completed before EpilogSlurmctld finished. * Keep job completing until EpilogSlurmctld is completed even when "downing" a node. * Fix handling reboot with multiple job features. * Fix nodes getting powered down when creating new partitions. * Fix bad bit_realloc which potentially could lead to bad memory access. * slurmctld - remove limit on the number of open files. * Fix bug where job_state file of size above 2GB wasn't saved without any error message. * Fix various issues with no_consume gres. * Fix regression in 21.08.0rc1 where job steps failed to launch on systems that reserved a CPU in a cgroup outside of Slurm (for example, on systems with WekaIO). * Fix OverTimeLimit not being reset on scontrol reconfigure when it is removed from slurm.conf. * serializer/yaml - use dynamic buffer to allow creation of YAML outputs larger than 1MiB. * Fix minor memory leak affecting openapi users at process termination. * Fix batch jobs not resolving the username when nss_slurm is enabled. * slurmrestd - Avoid slurmrestd ignoring invalid HTTP method if the response serialized without error. * openapi/dbv0.0.37 - Correct conditional that caused the diag output to give an internal server error status on success. * Make --mem-bind=sort work with task_affinity * Fix sacctmgr to set MaxJobsAccruePer{User|Account} and MinPrioThres in sacctmgr add qos, modify already worked correctly. * job_container/tmpfs - avoid printing extraneous error messages in Prolog and Epilog, and when the job completes. * Fix step CPU memory allocation with --threads-per-core without --exact. * Remove implicit --exact when --threads-per-core or --hint=nomultithread is used. * Do not allow a step to request more threads per core than the allocation did. * Remove implicit --exact when --cpus-per-task is used. - update to 21.08.5 with following changes: * Fix issue where typeless GRES node updates were not immediately reflected. * Fix setting the default scrontab job working directory so that it's the home of the different user (*u ) and not that of root or SlurmUser editor. * Fix stepd not respecting SlurmdSyslogDebug. * Fix concurrency issue with squeue. * Fix job start time not being reset after launch when job is packed onto already booting node. * Fix updating SLURM_NODE_ALIASES for jobs packed onto powering up nodes. * Cray - Fix issues with starting hetjobs. * auth/jwks - Print fatal() message when jwks is configured but file could not be opened. * If sacctmgr has an association with an unknown qos as the default qos print 'UNKN*###' instead of leaving a blank name. * Correctly determine task count when giving --cpus-per-gpu, --gpus and *-ntasks-per-node without task count. * slurmctld - Fix places where the global last_job_update was not being set to the time of update when a job's reason and description were updated. * slurmctld - Fix case where a job submitted with more than one partition would not have its reason updated while waiting to start. * Fix memory leak in node feature rebooting. * Fix time limit permanetly set to 1 minute by backfill for job array tasks higher than the first with QOS NoReserve flag and PreemptMode configured. * Fix sacct -N to show jobs that started in the current second * Fix issue on running steps where both SLURM_NTASKS_PER_TRES and SLURM_NTASKS_PER_GPU are set. * Handle oversubscription request correctly when also requesting *-ntasks-per-tres. * Correctly detect when a step requests bad gres inside an allocation. * slurmstepd - Correct possible deadlock when UnkillableStepTimeout triggers. * srun - use maximum number of open files while handling job I/O. * Fix writing to Xauthority files on root_squash NFS exports, which was preventing X11 forwarding from completing setup. * Fix regression in 21.08.0rc1 that broke --gres=none. * Fix srun --cpus-per-task and --threads-per-core not implicitly setting *-exact. It was meant to work this way in 21.08. * Fix regression in 21.08.0 that broke dynamic future nodes. * Fix dynamic future nodes remembering active state on restart. * Fix powered down nodes getting stuck in COMPLETING+POWERED_DOWN when job is cancelled before nodes are powering up. updated to 21.08.4 which fixes (CVE-2021-43337) which is only present in 21.08 tree. * CVE-2021-43337: For sites using the new AccountingStoreFlags=job_script and/or job_env options, an issue was reported with the access control rules in SlurmDBD that will permit users to request job scripts and environment files that they should not have access to. (Scripts/environments are meant to only be accessible by user accounts with administrator privileges, by account coordinators for jobs submitted under their account, and by the user themselves.) changes from 21.08.3: * This includes a number of fixes since the last release a month ago, including one critical fix to prevent a communication issue between slurmctld and slurmdbd for sites that have started using the new AccountingStoreFlags=job_script functionality. - Utilize sysuser infrastructure to set user/group slurm. For munge authentication slurm should have a fixed UID across all nodes including the management server. Set it to 120 - Limit firewalld service definitions to SUSE versions >= 15. - added service definitions for firewalld (JSC#SLE-22741) update to 21.08.2 - major change: * removed of support of the TaskAffinity=yes option in cgroup.conf. Please consider using "TaskPlugins=cgroup,affinity" in slurm.conf as an option. - minor changes and bugfixes: * slurmctld - fix how the max number of cores on a node in a partition are calculated when the partition contains multi*socket nodes. This in turn corrects certain jobs node count estimations displayed client*side. * job_submit/cray_aries - fix "craynetwork" GRES specification after changes introduced in 21.08.0rc1 that made TRES always have a type prefix. * Ignore nonsensical check in the slurmd for [Pro|Epi]logSlurmctld. * Fix writing to stderr/syslog when systemd runs slurmctld in the foreground. * Fix issue with updating job started with node range. * Fix issue with nodes not clearing state in the database when the slurmctld is started with clean*start. * Fix hetjob components > 1 timing out due to InactiveLimit. * Fix sprio printing -nan for normalized association priority if PriorityWeightAssoc was not defined. * Disallow FirstJobId=0. * Preserve job start info in the database for a requeued job that hadn't registered the first time in the database yet. * Only send one message on prolog failure from the slurmd. * Remove support for TaskAffinity=yes in cgroup.conf. * accounting_storage/mysql - fix issue where querying jobs via sacct *-whole-hetjob=yes or slurmrestd (which automatically includes this flag) could in some cases return more records than expected. * Fix issue for preemption of job array task that makes afterok dependency fail. Additionally, send emails when requeueing happens due to preemption. * Fix sending requeue mail type. * Properly resize a job's GRES bitmaps and counts when resizing the job. * Fix node being able to transition to CLOUD state from non-cloud state. * Fix regression introduced in 21.08.0rc1 which broke a step's ability to inherit GRES from the job when the step didn't request GRES but the job did. * Fix errors in logic when picking nodes based on bracketed anded constraints. This also enforces the requirement to have a count when using such constraints. * Handle job resize better in the database. * Exclude currently running, resized jobs from the runaway jobs list. * Make it possible to shrink a job more than once. - moved pam module from /lib64 to /usr/lib64 which fixes bsc#1191095 via the macro %_pam_moduledir updated to 21.08.1 with following bug fixes: * Fix potential memory leak if a problem happens while allocating GRES for a job. * If an overallocation of GRES happens terminate the creation of a job. * AutoDetect=nvml: Fatal if no devices found in MIG mode. * Print federation and cluster sacctmgr error messages to stderr. * Fix off by one error in --gpu-bind=mask_gpu. * Add --gpu-bind=none to disable gpu binding when using --gpus-per-task. * Handle the burst buffer state "alloc-revoke" which previously would not display in the job correctly. * Fix issue in the slurmstepd SPANK prolog/epilog handler where configuration values were used before being initialized. * Restore a step's ability to utilize all of an allocations memory if --mem=0. * Fix --cpu-bind=verbose garbage taskid. * Fix cgroup task affinity issues from garbage taskid info. * Make gres_job_state_validate() client logging behavior as before 44466a4641. * Fix steps with --hint overriding an allocation with --threads-per-core. * Require requesting a GPU if --mem-per-gpu is requested. * Return error early if a job is requesting --ntasks-per-gpu and no gpus or task count. * Properly clear out pending step if unavailable to run with available resources. * Kill all processes spawned by burst_buffer.lua including decendents. * openapi/v0.0.{35,36,37} - Avoid setting default values of min_cpus, job name, cwd, mail_type, and contiguous on job update. * openapi/v0.0.{35,36,37} - Clear user hold on job update if hold=false. * Prevent CRON_JOB flag from being cleared when loading job state. * sacctmgr - Fix deleting WCKeys when not specifying a cluster. * Fix getting memory for a step when the first node in the step isn't the first node in the allocation. * Make SelectTypeParameters=CR_Core_Memory default for cons_tres and cons_res. * Correctly handle mutex unlocks in the gres code if failures happen. * Give better error message if -m plane is given with no size. * Fix --distribution=arbitrary for salloc. * Fix jobcomp/script regression introduced in 21.08.0rc1 0c75b9ac9d. * Only send the batch node in the step_hostlist in the job credential. * When setting affinity for the batch step don't assume the batch host is node 0. * In task/affinity better checking for node existence when laying out affinity. * slurmrestd - fix job submission with auth/jwt. - Make configure arg '--with-pmix' conditional. - Move openapi plugins to package slurm-restd. updated to 21.08.0, major changes: * A new "AccountingStoreFlags=job_script" option to store the job scripts directly in SlurmDBD. * Added "sacct -o SubmitLine" format option to get the submit line of a job/step. * Changes to the node state management so that nodes are marked as PLANNED instead of IDLE if the scheduler is still accumulating resources while waiting to launch a job on them. * RS256 token support in auth/jwt. * Overhaul of the cgroup subsystems to simplify operation, mitigate a number of inherent race conditions, and prepare for future cgroup v2 support. * Further improvements to cloud node power state management. * A new child process of the Slurm controller called "slurmscriptd" responsible for executing PrologSlurmctld and EpilogSlurmctld scripts, which significantly reduces performance issues associated with enabling those options. * A new burst_buffer/lua plugin allowing for site-specific asynchronous job data management. * Fixes to the job_container/tmpfs plugin to allow the slurmd process to be restarted while the job is running without issue. * Added json/yaml output to sacct, squeue, and sinfo commands. * Added a new node_features/helpers plugin to provide a generic way to change settings on a compute node across a reboot. * Added support for automatically detecting and broadcasting shared libraries for an executable launched with "srun --bcast". * Added initial OCI container execution support with a new --container option to sbatch and srun. * Improved "configless" support by allowing multiple control servers to be specified through the slurmd --conf-server option, and send additional configuration files at startup including cli_filter.lua. Changes in pdsh: - Preparing pdsh for Slurm 22.05. * No later version of Slurm builds on 32 bit. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2022-4348=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64): libnss_slurm2_22_05-22.05.5-3.3.5 libnss_slurm2_22_05-debuginfo-22.05.5-3.3.5 libpmi0_22_05-22.05.5-3.3.5 libpmi0_22_05-debuginfo-22.05.5-3.3.5 libslurm38-22.05.5-3.3.5 libslurm38-debuginfo-22.05.5-3.3.5 pdsh-2.34-7.35.2 pdsh-debuginfo-2.34-7.35.2 pdsh-debugsource-2.34-7.35.2 pdsh-dshgroup-2.34-7.35.2 pdsh-dshgroup-debuginfo-2.34-7.35.2 pdsh-genders-2.34-7.35.2 pdsh-genders-debuginfo-2.34-7.35.2 pdsh-machines-2.34-7.35.2 pdsh-machines-debuginfo-2.34-7.35.2 pdsh-netgroup-2.34-7.35.2 pdsh-netgroup-debuginfo-2.34-7.35.2 pdsh-slurm-2.34-7.35.2 pdsh-slurm-debuginfo-2.34-7.35.2 pdsh-slurm_18_08-2.34-7.35.3 pdsh-slurm_18_08-debuginfo-2.34-7.35.3 pdsh-slurm_20_02-2.34-7.35.3 pdsh-slurm_20_02-debuginfo-2.34-7.35.3 pdsh-slurm_20_11-2.34-7.35.3 pdsh-slurm_20_11-debuginfo-2.34-7.35.3 pdsh-slurm_22_05-2.34-7.35.5 pdsh-slurm_22_05-debuginfo-2.34-7.35.5 pdsh_slurm_18_08-debugsource-2.34-7.35.3 pdsh_slurm_20_02-debugsource-2.34-7.35.3 pdsh_slurm_20_11-debugsource-2.34-7.35.3 pdsh_slurm_22_05-debugsource-2.34-7.35.5 perl-slurm_22_05-22.05.5-3.3.5 perl-slurm_22_05-debuginfo-22.05.5-3.3.5 slurm_22_05-22.05.5-3.3.5 slurm_22_05-auth-none-22.05.5-3.3.5 slurm_22_05-auth-none-debuginfo-22.05.5-3.3.5 slurm_22_05-debuginfo-22.05.5-3.3.5 slurm_22_05-debugsource-22.05.5-3.3.5 slurm_22_05-devel-22.05.5-3.3.5 slurm_22_05-lua-22.05.5-3.3.5 slurm_22_05-lua-debuginfo-22.05.5-3.3.5 slurm_22_05-munge-22.05.5-3.3.5 slurm_22_05-munge-debuginfo-22.05.5-3.3.5 slurm_22_05-node-22.05.5-3.3.5 slurm_22_05-node-debuginfo-22.05.5-3.3.5 slurm_22_05-pam_slurm-22.05.5-3.3.5 slurm_22_05-pam_slurm-debuginfo-22.05.5-3.3.5 slurm_22_05-plugins-22.05.5-3.3.5 slurm_22_05-plugins-debuginfo-22.05.5-3.3.5 slurm_22_05-slurmdbd-22.05.5-3.3.5 slurm_22_05-slurmdbd-debuginfo-22.05.5-3.3.5 slurm_22_05-sql-22.05.5-3.3.5 slurm_22_05-sql-debuginfo-22.05.5-3.3.5 slurm_22_05-sview-22.05.5-3.3.5 slurm_22_05-sview-debuginfo-22.05.5-3.3.5 slurm_22_05-torque-22.05.5-3.3.5 slurm_22_05-torque-debuginfo-22.05.5-3.3.5 - SUSE Linux Enterprise Module for HPC 12 (noarch): slurm_22_05-config-22.05.5-3.3.5 slurm_22_05-config-man-22.05.5-3.3.5 slurm_22_05-doc-22.05.5-3.3.5 slurm_22_05-webdoc-22.05.5-3.3.5 References: From sle-updates at lists.suse.com Wed Dec 7 17:29:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 18:29:19 +0100 (CET) Subject: SUSE-RU-2022:4345-1: important: Recommended update for lcms2 Message-ID: <20221207172919.B1800FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for lcms2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4345-1 Rating: important References: #1026649 #1203545 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lcms2 fixes the following issues: - Fix a regression introduced by the fix for bug 1026649 (bsc#1203545, bsc#1026649) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4345=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4345=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4345=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4345=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4345=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4345=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4345=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4345=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): lcms2-2.7-9.10.1 lcms2-debuginfo-2.7-9.10.1 lcms2-debugsource-2.7-9.10.1 liblcms2-2-2.7-9.10.1 liblcms2-2-32bit-2.7-9.10.1 liblcms2-2-debuginfo-2.7-9.10.1 liblcms2-2-debuginfo-32bit-2.7-9.10.1 - SUSE OpenStack Cloud 9 (x86_64): lcms2-2.7-9.10.1 lcms2-debuginfo-2.7-9.10.1 lcms2-debugsource-2.7-9.10.1 liblcms2-2-2.7-9.10.1 liblcms2-2-32bit-2.7-9.10.1 liblcms2-2-debuginfo-2.7-9.10.1 liblcms2-2-debuginfo-32bit-2.7-9.10.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): lcms2-debuginfo-2.7-9.10.1 lcms2-debugsource-2.7-9.10.1 liblcms2-devel-2.7-9.10.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): lcms2-2.7-9.10.1 lcms2-debuginfo-2.7-9.10.1 lcms2-debugsource-2.7-9.10.1 liblcms2-2-2.7-9.10.1 liblcms2-2-debuginfo-2.7-9.10.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): liblcms2-2-32bit-2.7-9.10.1 liblcms2-2-debuginfo-32bit-2.7-9.10.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): lcms2-2.7-9.10.1 lcms2-debuginfo-2.7-9.10.1 lcms2-debugsource-2.7-9.10.1 liblcms2-2-2.7-9.10.1 liblcms2-2-debuginfo-2.7-9.10.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): liblcms2-2-32bit-2.7-9.10.1 liblcms2-2-debuginfo-32bit-2.7-9.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): lcms2-2.7-9.10.1 lcms2-debuginfo-2.7-9.10.1 lcms2-debugsource-2.7-9.10.1 liblcms2-2-2.7-9.10.1 liblcms2-2-debuginfo-2.7-9.10.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): liblcms2-2-32bit-2.7-9.10.1 liblcms2-2-debuginfo-32bit-2.7-9.10.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): lcms2-2.7-9.10.1 lcms2-debuginfo-2.7-9.10.1 lcms2-debugsource-2.7-9.10.1 liblcms2-2-2.7-9.10.1 liblcms2-2-32bit-2.7-9.10.1 liblcms2-2-debuginfo-2.7-9.10.1 liblcms2-2-debuginfo-32bit-2.7-9.10.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): lcms2-2.7-9.10.1 lcms2-debuginfo-2.7-9.10.1 lcms2-debugsource-2.7-9.10.1 liblcms2-2-2.7-9.10.1 liblcms2-2-32bit-2.7-9.10.1 liblcms2-2-debuginfo-2.7-9.10.1 liblcms2-2-debuginfo-32bit-2.7-9.10.1 References: https://bugzilla.suse.com/1026649 https://bugzilla.suse.com/1203545 From sle-updates at lists.suse.com Wed Dec 7 17:30:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 18:30:13 +0100 (CET) Subject: SUSE-RU-2022:4347-1: moderate: Recommended update for clone-master-clean-up Message-ID: <20221207173013.47A37FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for clone-master-clean-up ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4347-1 Rating: moderate References: #1203024 #1204835 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for clone-master-clean-up fixes the following issues: Version update from 1.8 to 1.10: - Fix failure if postfix is not installed by adding a check for the directory's existance (bsc#1204835) - Cleannup initiatorname.iscsi (bsc#1203024) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4347=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): clone-master-clean-up-1.10-4.14.1 References: https://bugzilla.suse.com/1203024 https://bugzilla.suse.com/1204835 From sle-updates at lists.suse.com Wed Dec 7 17:31:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 18:31:02 +0100 (CET) Subject: SUSE-FU-2022:4341-1: moderate: Feature update for wicked Message-ID: <20221207173102.CD032FBAC@maintenance.suse.de> SUSE Feature Update: Feature update for wicked ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4341-1 Rating: moderate References: #1181429 #1184124 #1186787 #1187655 #1189560 #1192508 #1194392 #1198894 #1200505 #1201053 #876845 #877776 #885007 #896188 #988954 SLE-10249 SLE-17762 SLE-24286 SLE-24307 SLE-24310 SLE-25048 SLE-9492 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has 15 feature fixes and contains 7 features can now be installed. Description: This update for wicked fixes the following issues: - auto6: Fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - compat-suse: Match read order of sysctl.d '/etc' vs. '/run' with systemd-sysctl and remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: Fix reading of sysctl variable 'addr_gen_mode' - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - redfish: Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) (jsc#SLE-24286, jsc#SLE-17762) - Removed obsolete patch included in the main sources (bsc#1194392) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Fix to not expect colons in 64byte long wpa-psk hex hash string - wireless: Remove libiw dependencies - xml-schema: Reference counting fix to not crash at exit on schema errors Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4341=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4341=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4341=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4341=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4341=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): wicked-0.6.70-150300.4.8.1 wicked-debuginfo-0.6.70-150300.4.8.1 wicked-debugsource-0.6.70-150300.4.8.1 wicked-service-0.6.70-150300.4.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): wicked-0.6.70-150300.4.8.1 wicked-debuginfo-0.6.70-150300.4.8.1 wicked-debugsource-0.6.70-150300.4.8.1 wicked-service-0.6.70-150300.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): wicked-0.6.70-150300.4.8.1 wicked-debuginfo-0.6.70-150300.4.8.1 wicked-debugsource-0.6.70-150300.4.8.1 wicked-service-0.6.70-150300.4.8.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): wicked-0.6.70-150300.4.8.1 wicked-debuginfo-0.6.70-150300.4.8.1 wicked-debugsource-0.6.70-150300.4.8.1 wicked-service-0.6.70-150300.4.8.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): wicked-0.6.70-150300.4.8.1 wicked-debuginfo-0.6.70-150300.4.8.1 wicked-debugsource-0.6.70-150300.4.8.1 wicked-service-0.6.70-150300.4.8.1 References: https://bugzilla.suse.com/1181429 https://bugzilla.suse.com/1184124 https://bugzilla.suse.com/1186787 https://bugzilla.suse.com/1187655 https://bugzilla.suse.com/1189560 https://bugzilla.suse.com/1192508 https://bugzilla.suse.com/1194392 https://bugzilla.suse.com/1198894 https://bugzilla.suse.com/1200505 https://bugzilla.suse.com/1201053 https://bugzilla.suse.com/876845 https://bugzilla.suse.com/877776 https://bugzilla.suse.com/885007 https://bugzilla.suse.com/896188 https://bugzilla.suse.com/988954 From sle-updates at lists.suse.com Wed Dec 7 17:32:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 18:32:59 +0100 (CET) Subject: SUSE-FU-2022:4346-1: moderate: Feature update for lsvpd and libvpd Message-ID: <20221207173259.E18DFFBAC@maintenance.suse.de> SUSE Feature Update: Feature update for lsvpd and libvpd ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4346-1 Rating: moderate References: #1187665 SLE-24497 SLE-24498 SLE-24521 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one feature fix and contains three features can now be installed. Description: This update for lsvpd and libvpd fixes the following issues: lsvpd: - Update to avoid VPD database corruption (jsc#SLE-24497, jsc#SLE-24521, bsc#1187665) libvpd: - New package at version 2.2.9 needed by lsvpd (jsc#SLE-24497, jsc#SLE-24521) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4346=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4346=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libvpd-2_2-3-debuginfo-2.2.9-8.3.5 libvpd-debugsource-2.2.9-8.3.5 libvpd-devel-2.2.9-8.3.5 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvpd-2_2-3-2.2.9-8.3.5 libvpd-2_2-3-debuginfo-2.2.9-8.3.5 libvpd-debugsource-2.2.9-8.3.5 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): lsvpd-1.7.9-5.3.5 lsvpd-debuginfo-1.7.9-5.3.5 lsvpd-debugsource-1.7.9-5.3.5 References: https://bugzilla.suse.com/1187665 From sle-updates at lists.suse.com Wed Dec 7 20:19:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 21:19:46 +0100 (CET) Subject: SUSE-SU-2022:4349-1: important: Security update for buildah Message-ID: <20221207201946.EB98BFBAC@maintenance.suse.de> SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4349-1 Rating: important References: #1167864 #1202812 Cross-References: CVE-2020-10696 CVE-2022-2990 CVSS scores: CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2990 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-2990 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for buildah fixes the following issues: Version update to 1.28.2. - CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812). - CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4349=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4349=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): buildah-1.28.2-150400.3.11.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): buildah-1.28.2-150400.3.11.1 References: https://www.suse.com/security/cve/CVE-2020-10696.html https://www.suse.com/security/cve/CVE-2022-2990.html https://bugzilla.suse.com/1167864 https://bugzilla.suse.com/1202812 From sle-updates at lists.suse.com Wed Dec 7 20:20:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 21:20:33 +0100 (CET) Subject: SUSE-SU-2022:4350-1: important: Security update for buildah Message-ID: <20221207202033.F0F31FBAC@maintenance.suse.de> SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4350-1 Rating: important References: #1167864 #1202812 Cross-References: CVE-2020-10696 CVE-2022-2990 CVSS scores: CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2990 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-2990 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for buildah fixes the following issues: Version update to 1.28.2. - CVE-2022-2990: Fixed a possible information disclosure and modification vulnerability (bsc#1202812). - CVE-2020-10696: Fixed an issue with a crafted input tar file that may lead to a local file overwriting during image build process (bsc#1167864). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4350=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4350=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): buildah-1.28.2-150300.8.14.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): buildah-1.28.2-150300.8.14.1 References: https://www.suse.com/security/cve/CVE-2020-10696.html https://www.suse.com/security/cve/CVE-2022-2990.html https://bugzilla.suse.com/1167864 https://bugzilla.suse.com/1202812 From sle-updates at lists.suse.com Wed Dec 7 20:21:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 7 Dec 2022 21:21:19 +0100 (CET) Subject: SUSE-SU-2022:4351-1: important: Security update for osc Message-ID: <20221207202119.F0DD8FBAC@maintenance.suse.de> SUSE Security Update: Security update for osc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4351-1 Rating: important References: #1089025 #1097996 #1122675 #1125243 #1126055 #1126058 #1127932 #1129757 #1129889 #1131512 #1136584 #1137477 #1138165 #1138977 #1140697 #1142518 #1142662 #1144211 #1154972 #1155953 #1156501 #1160446 #1166537 #1173926 OBS-203 Cross-References: CVE-2019-3681 CVE-2019-3685 CVSS scores: CVE-2019-3681 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-3681 (SUSE): 4.2 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2019-3685 (NVD) : 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2019-3685 (SUSE): 7.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has 22 fixes is now available. Description: This update for osc fixes the following issues: osc was updated to version 0.182.0 (bsc#1154972, bsc#1144211, bsc#1142662, bsc#1140697, bsc#1138165): - Added MFA support (jsc#OBS-203). - CVE-2019-3681: Fixed vulnerability where osc stored downloaded RPMs in network controlled paths (bsc#1122675). - CVE-2019-3685: Fixed broken TLS certificate handling (bsc#1142518). Bugfixes: - Removed use of chardet to guess encoding. Utf-8 or latin-1 is now assumed, which will speed up decoding (bsc#1173926). - Added helper method _html_escape to enable python3.8 and python2.* compatibility (bsc#1166537). - Added MR creation to honor orev (bsc#1160446). - Fixed local build outside of the working copy of a package (bsc#1136584). - Don't enforce password reuse (bsc#1156501). - osc vc --file=foo bar.changes now writes the content from foo into bar.changes instead of creating a new file (bsc#1155953). - Fixed decoding on osc lbl (bsc#1137477). - Simplified and fixed osc meta -e (bsc#1138977). - osc lbl now works with non utf8 encoding (bsc#1129889). - Added full python3 compatibility (bsc#1125243, bsc#1131512, bsc#1129757). - Fixed slowdown of rbl with readline(bufsize) function (bsc#1127932). - Fixed osc build -p dir TypeError (bsc#1126055). - Fixed osc buildinfo -p TypeError (bsc#1126058). - Added new options --unexpand and --meta to diff command (bsc#1089025). - Fixed Requires to python-base which does not contain ssl.py (bsc#1097996). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4351=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): osc-0.182.0-15.12.1 References: https://www.suse.com/security/cve/CVE-2019-3681.html https://www.suse.com/security/cve/CVE-2019-3685.html https://bugzilla.suse.com/1089025 https://bugzilla.suse.com/1097996 https://bugzilla.suse.com/1122675 https://bugzilla.suse.com/1125243 https://bugzilla.suse.com/1126055 https://bugzilla.suse.com/1126058 https://bugzilla.suse.com/1127932 https://bugzilla.suse.com/1129757 https://bugzilla.suse.com/1129889 https://bugzilla.suse.com/1131512 https://bugzilla.suse.com/1136584 https://bugzilla.suse.com/1137477 https://bugzilla.suse.com/1138165 https://bugzilla.suse.com/1138977 https://bugzilla.suse.com/1140697 https://bugzilla.suse.com/1142518 https://bugzilla.suse.com/1142662 https://bugzilla.suse.com/1144211 https://bugzilla.suse.com/1154972 https://bugzilla.suse.com/1155953 https://bugzilla.suse.com/1156501 https://bugzilla.suse.com/1160446 https://bugzilla.suse.com/1166537 https://bugzilla.suse.com/1173926 From sle-updates at lists.suse.com Thu Dec 8 17:23:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 18:23:06 +0100 (CET) Subject: SUSE-RU-2022:4354-1: moderate: Recommended update for mvapich2 Message-ID: <20221208172306.F4157FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for mvapich2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4354-1 Rating: moderate References: #1175679 #1199808 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP3 SUSE Linux Enterprise Module for HPC 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mvapich2 fixes the following issues: - Fix SIGFPE during MPI_Init on non-NUMA systems (bsc#1199808, bsc#1175679) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4354=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4354=1 - SUSE Linux Enterprise Module for HPC 15-SP4: zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2022-4354=1 - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-4354=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mvapich2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-doc-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-macros-devel-2.3.3-150200.3.3.1 - openSUSE Leap 15.4 (x86_64): mvapich2-psm2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-doc-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-macros-devel-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-doc-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-macros-devel-2.3.3-150200.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): mvapich2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-doc-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-macros-devel-2.3.3-150200.3.3.1 - openSUSE Leap 15.3 (x86_64): mvapich2-psm2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-doc-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-macros-devel-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-doc-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-macros-devel-2.3.3-150200.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP4 (aarch64 x86_64): mvapich2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP4 (x86_64): mvapich2-psm2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): mvapich2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (x86_64): mvapich2-psm2_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2-psm2_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-debuginfo-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-debugsource-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-devel-2.3.3-150200.3.3.1 mvapich2-psm_2_3_3-gnu-hpc-devel-static-2.3.3-150200.3.3.1 References: https://bugzilla.suse.com/1175679 https://bugzilla.suse.com/1199808 From sle-updates at lists.suse.com Thu Dec 8 17:24:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 18:24:32 +0100 (CET) Subject: SUSE-RU-2022:4353-1: moderate: Recommended update for vsftpd Message-ID: <20221208172432.CD01EFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for vsftpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4353-1 Rating: moderate References: #1196918 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for vsftpd fixes the following issues: - Stop reporting "Unknown lvalue 'PrivateDevices'" when the daemon starts (bsc#1196918) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4353=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): vsftpd-3.0.5-54.1 vsftpd-debuginfo-3.0.5-54.1 vsftpd-debugsource-3.0.5-54.1 References: https://bugzilla.suse.com/1196918 From sle-updates at lists.suse.com Thu Dec 8 17:25:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 18:25:14 +0100 (CET) Subject: SUSE-RU-2022:4355-1: moderate: Recommended update for yast2 packages Message-ID: <20221208172514.842B8FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2 packages ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4355-1 Rating: moderate References: #1195059 #1198642 #1198848 #1199091 #1199480 #1199554 #1199746 #1200155 #1200274 #1200780 #1201129 #1201953 #1203866 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 13 recommended fixes can now be installed. Description: This update for yast2: schema, network, installation, autoyast2, fcoe-client and registration fixes the following issues: yast2-schema: - Added missing route extrapara element to the networking section (bsc#1201129) - Support for flatten and nested "category_filter" element in the "online_update_configuration" section (bsc#1198848). yast2-network: - Allow more than 6 domains in resolver search list (bsc#1200155) - Added a class to generate the configuration needed for a FCoE device being aware of it during the installation (bsc#1199554) - Fixed issue when writing the NetworkManager config without a gateway (bsc#1203866) yast2-installation: - Do not restart services when updating the package (bsc#1199480,bsc#1200274) - AutoYaST SecondStage: Added a missing dependency to the service to prevent getty-autogeneration listen on 5901 port (bsc#1199746) - AutoYaST SecondStage: Revert changes introduced in 4.3.46 running the initscript service before systemd-user-sessions again once systemd patched logind. (bsc#1195059, bsc#1200780) yast2-registration: - Import SSL certificate from the reg. server; - AutoYaST data also in the self-update step (bsc#1199091, bsc#1198642) autoyast2: - Revert the modification done in version 4.3.97 running the initscripts before systed-user-sessions service again once systemd fixed logind (bsc#1195059, bsc#1200780) - Process the task-list section in an installed system once the general section is imported (bsc#1201953) yast2-fcoe-client: - Use yast2-network to write the sysconfig files in order to be aware of the new connections added during the installation (bsc#1199554). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4355=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4355=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4355=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-4355=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): yast2-schema-4.3.31-150300.3.20.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): yast2-schema-4.3.31-150300.3.20.3 - openSUSE Leap 15.3 (noarch): autoyast2-4.3.104-150300.3.52.1 autoyast2-installation-4.3.104-150300.3.52.1 yast2-fcoe-client-4.3.2-150300.3.6.1 yast2-installation-4.3.55-150300.3.34.2 yast2-network-4.3.86-150300.3.35.1 yast2-registration-4.3.26-150300.3.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-schema-4.3.31-150300.3.20.3 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): autoyast2-4.3.104-150300.3.52.1 autoyast2-installation-4.3.104-150300.3.52.1 yast2-fcoe-client-4.3.2-150300.3.6.1 yast2-installation-4.3.55-150300.3.34.2 yast2-network-4.3.86-150300.3.35.1 yast2-registration-4.3.26-150300.3.12.2 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-schema-4.3.31-150300.3.20.3 - SUSE Linux Enterprise Installer 15-SP3 (noarch): autoyast2-4.3.104-150300.3.52.1 autoyast2-installation-4.3.104-150300.3.52.1 yast2-installation-4.3.55-150300.3.34.2 yast2-network-4.3.86-150300.3.35.1 References: https://bugzilla.suse.com/1195059 https://bugzilla.suse.com/1198642 https://bugzilla.suse.com/1198848 https://bugzilla.suse.com/1199091 https://bugzilla.suse.com/1199480 https://bugzilla.suse.com/1199554 https://bugzilla.suse.com/1199746 https://bugzilla.suse.com/1200155 https://bugzilla.suse.com/1200274 https://bugzilla.suse.com/1200780 https://bugzilla.suse.com/1201129 https://bugzilla.suse.com/1201953 https://bugzilla.suse.com/1203866 From sle-updates at lists.suse.com Thu Dec 8 17:26:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 18:26:55 +0100 (CET) Subject: SUSE-SU-2022:15116-1: important: Security update for rubygem-actionpack-3_2 Message-ID: <20221208172655.42B86FD2D@maintenance.suse.de> SUSE Security Update: Security update for rubygem-actionpack-3_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:15116-1 Rating: important References: #1185715 #968850 Cross-References: CVE-2016-2097 CVE-2021-22885 CVSS scores: CVE-2016-2097 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-22885 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22885 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Webyast 1.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-actionpack-3_2 fixes the following issues: - CVE-2021-22885: Fixed Possible Information Disclosure / Unintended Method Execution in Action Pack (bsc#1185715). - CVE-2016-2097: Fixed Possible Information Leak Vulnerability in Action View (bsc#968850). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Webyast 1.3: zypper in -t patch slewyst13-rubygem-actionpack-3_2-15116=1 Package List: - SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64): rubygem-actionpack-3_2-3.2.12-0.27.3.1 References: https://www.suse.com/security/cve/CVE-2016-2097.html https://www.suse.com/security/cve/CVE-2021-22885.html https://bugzilla.suse.com/1185715 https://bugzilla.suse.com/968850 From sle-updates at lists.suse.com Thu Dec 8 17:27:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 18:27:43 +0100 (CET) Subject: SUSE-RU-2022:4358-1: moderate: Recommended update for rsyslog Message-ID: <20221208172743.E7B62FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4358-1 Rating: moderate References: #1205275 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issue: - Parsing of legacy config syntax (bsc#1205275) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4358=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4358=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4358=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150200.4.35.1 rsyslog-debuginfo-8.2106.0-150200.4.35.1 rsyslog-debugsource-8.2106.0-150200.4.35.1 rsyslog-diag-tools-8.2106.0-150200.4.35.1 rsyslog-diag-tools-debuginfo-8.2106.0-150200.4.35.1 rsyslog-doc-8.2106.0-150200.4.35.1 rsyslog-module-dbi-8.2106.0-150200.4.35.1 rsyslog-module-dbi-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-elasticsearch-8.2106.0-150200.4.35.1 rsyslog-module-elasticsearch-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-gcrypt-8.2106.0-150200.4.35.1 rsyslog-module-gcrypt-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-gssapi-8.2106.0-150200.4.35.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-gtls-8.2106.0-150200.4.35.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.35.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-mysql-8.2106.0-150200.4.35.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-omamqp1-8.2106.0-150200.4.35.1 rsyslog-module-omamqp1-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-omhttpfs-8.2106.0-150200.4.35.1 rsyslog-module-omhttpfs-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-omtcl-8.2106.0-150200.4.35.1 rsyslog-module-omtcl-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-ossl-8.2106.0-150200.4.35.1 rsyslog-module-ossl-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-pgsql-8.2106.0-150200.4.35.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-relp-8.2106.0-150200.4.35.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-snmp-8.2106.0-150200.4.35.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-udpspoof-8.2106.0-150200.4.35.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.35.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.2106.0-150200.4.35.1 rsyslog-debugsource-8.2106.0-150200.4.35.1 rsyslog-module-gssapi-8.2106.0-150200.4.35.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-gtls-8.2106.0-150200.4.35.1 rsyslog-module-gtls-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-mmnormalize-8.2106.0-150200.4.35.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-mysql-8.2106.0-150200.4.35.1 rsyslog-module-mysql-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-pgsql-8.2106.0-150200.4.35.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-relp-8.2106.0-150200.4.35.1 rsyslog-module-relp-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-snmp-8.2106.0-150200.4.35.1 rsyslog-module-snmp-debuginfo-8.2106.0-150200.4.35.1 rsyslog-module-udpspoof-8.2106.0-150200.4.35.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150200.4.35.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150200.4.35.1 rsyslog-debuginfo-8.2106.0-150200.4.35.1 rsyslog-debugsource-8.2106.0-150200.4.35.1 References: https://bugzilla.suse.com/1205275 From sle-updates at lists.suse.com Thu Dec 8 17:28:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 18:28:38 +0100 (CET) Subject: SUSE-RU-2022:4356-1: moderate: Recommended update for sg3_utils Message-ID: <20221208172838.71341FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sg3_utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4356-1 Rating: moderate References: #1186628 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sg3_utils fixes the following issues: - Do not report error for standby or unavailable ports (bsc#1186628) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4356=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4356=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4356=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4356=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4356=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4356=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4356=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4356=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsgutils2-2-1.43+48.63a5696-16.29.1 libsgutils2-2-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-1.43+48.63a5696-16.29.1 sg3_utils-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-debugsource-1.43+48.63a5696-16.29.1 - SUSE OpenStack Cloud 9 (x86_64): libsgutils2-2-1.43+48.63a5696-16.29.1 libsgutils2-2-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-1.43+48.63a5696-16.29.1 sg3_utils-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-debugsource-1.43+48.63a5696-16.29.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsgutils-devel-1.43+48.63a5696-16.29.1 sg3_utils-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-debugsource-1.43+48.63a5696-16.29.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsgutils2-2-1.43+48.63a5696-16.29.1 libsgutils2-2-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-1.43+48.63a5696-16.29.1 sg3_utils-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-debugsource-1.43+48.63a5696-16.29.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsgutils2-2-1.43+48.63a5696-16.29.1 libsgutils2-2-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-1.43+48.63a5696-16.29.1 sg3_utils-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-debugsource-1.43+48.63a5696-16.29.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsgutils2-2-1.43+48.63a5696-16.29.1 libsgutils2-2-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-1.43+48.63a5696-16.29.1 sg3_utils-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-debugsource-1.43+48.63a5696-16.29.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsgutils2-2-1.43+48.63a5696-16.29.1 libsgutils2-2-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-1.43+48.63a5696-16.29.1 sg3_utils-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-debugsource-1.43+48.63a5696-16.29.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsgutils2-2-1.43+48.63a5696-16.29.1 libsgutils2-2-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-1.43+48.63a5696-16.29.1 sg3_utils-debuginfo-1.43+48.63a5696-16.29.1 sg3_utils-debugsource-1.43+48.63a5696-16.29.1 References: https://bugzilla.suse.com/1186628 From sle-updates at lists.suse.com Thu Dec 8 17:30:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 18:30:07 +0100 (CET) Subject: SUSE-FU-2022:4352-1: moderate: Feature update for python3-paramiko, python3-scp Message-ID: <20221208173007.BF4ECFD2D@maintenance.suse.de> SUSE Feature Update: Feature update for python3-paramiko, python3-scp ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4352-1 Rating: moderate References: SLE-25001 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This update for python3-paramiko, python3-scp fixes the following issues: - Add python3-paramiko, python3-scp and rebuild it's dependencies (jsc#SLE-25001) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-4352=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-4352=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libsodium-debugsource-1.0.16-1.9.3 libsodium23-1.0.16-1.9.3 libsodium23-debuginfo-1.0.16-1.9.3 - SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64): libsodium23-1.0.16-1.9.3 References: From sle-updates at lists.suse.com Thu Dec 8 17:30:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 18:30:53 +0100 (CET) Subject: SUSE-RU-2022:4357-1: moderate: Recommended update for tar Message-ID: <20221208173053.16111FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for tar ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4357-1 Rating: moderate References: #1200657 #1203600 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Fix race condition while creating intermediate subdirectories (bsc#1200657) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4357=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4357=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4357=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4357=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4357=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4357=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4357=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): tar-1.27.1-15.12.1 tar-debuginfo-1.27.1-15.12.1 tar-debugsource-1.27.1-15.12.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): tar-lang-1.27.1-15.12.1 - SUSE OpenStack Cloud 9 (x86_64): tar-1.27.1-15.12.1 tar-debuginfo-1.27.1-15.12.1 tar-debugsource-1.27.1-15.12.1 - SUSE OpenStack Cloud 9 (noarch): tar-lang-1.27.1-15.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): tar-1.27.1-15.12.1 tar-debuginfo-1.27.1-15.12.1 tar-debugsource-1.27.1-15.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tar-lang-1.27.1-15.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): tar-1.27.1-15.12.1 tar-debuginfo-1.27.1-15.12.1 tar-debugsource-1.27.1-15.12.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): tar-lang-1.27.1-15.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): tar-1.27.1-15.12.1 tar-debuginfo-1.27.1-15.12.1 tar-debugsource-1.27.1-15.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tar-lang-1.27.1-15.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): tar-1.27.1-15.12.1 tar-debuginfo-1.27.1-15.12.1 tar-debugsource-1.27.1-15.12.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): tar-lang-1.27.1-15.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): tar-1.27.1-15.12.1 tar-debuginfo-1.27.1-15.12.1 tar-debugsource-1.27.1-15.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): tar-lang-1.27.1-15.12.1 References: https://bugzilla.suse.com/1200657 https://bugzilla.suse.com/1203600 From sle-updates at lists.suse.com Thu Dec 8 20:21:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:21:20 +0100 (CET) Subject: SUSE-SU-2022:4371-1: moderate: Security update for busybox Message-ID: <20221208202120.D7047FBAC@maintenance.suse.de> SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4371-1 Rating: moderate References: #1199744 #914660 Cross-References: CVE-2014-9645 CVE-2022-30065 CVSS scores: CVE-2014-9645 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2022-30065 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30065 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744). - CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660). - Update to 1.35.0 also introduced: - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: "mount -o rw ...." should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire "PID,args" as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4371=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4371=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150400.3.8.1 busybox-static-1.35.0-150400.3.8.1 busybox-testsuite-1.35.0-150400.3.8.1 - openSUSE Leap 15.4 (aarch64 x86_64): busybox-warewulf3-1.35.0-150400.3.8.1 - openSUSE Leap 15.4 (noarch): busybox-adduser-1.35.0-150400.4.3.14 busybox-attr-1.35.0-150400.4.3.14 busybox-bc-1.35.0-150400.4.3.14 busybox-bind-utils-1.35.0-150400.4.3.14 busybox-bzip2-1.35.0-150400.4.3.14 busybox-coreutils-1.35.0-150400.4.3.14 busybox-cpio-1.35.0-150400.4.3.14 busybox-diffutils-1.35.0-150400.4.3.14 busybox-dos2unix-1.35.0-150400.4.3.14 busybox-ed-1.35.0-150400.4.3.14 busybox-findutils-1.35.0-150400.4.3.14 busybox-gawk-1.35.0-150400.4.3.14 busybox-grep-1.35.0-150400.4.3.14 busybox-gzip-1.35.0-150400.4.3.14 busybox-hostname-1.35.0-150400.4.3.14 busybox-iproute2-1.35.0-150400.4.3.14 busybox-iputils-1.35.0-150400.4.3.14 busybox-kbd-1.35.0-150400.4.3.14 busybox-kmod-1.35.0-150400.4.3.14 busybox-less-1.35.0-150400.4.3.14 busybox-links-1.35.0-150400.4.3.14 busybox-man-1.35.0-150400.4.3.14 busybox-misc-1.35.0-150400.4.3.14 busybox-ncurses-utils-1.35.0-150400.4.3.14 busybox-net-tools-1.35.0-150400.4.3.14 busybox-netcat-1.35.0-150400.4.3.14 busybox-patch-1.35.0-150400.4.3.14 busybox-policycoreutils-1.35.0-150400.4.3.14 busybox-procps-1.35.0-150400.4.3.14 busybox-psmisc-1.35.0-150400.4.3.14 busybox-sed-1.35.0-150400.4.3.14 busybox-selinux-tools-1.35.0-150400.4.3.14 busybox-sendmail-1.35.0-150400.4.3.14 busybox-sh-1.35.0-150400.4.3.14 busybox-sharutils-1.35.0-150400.4.3.14 busybox-syslogd-1.35.0-150400.4.3.14 busybox-sysvinit-tools-1.35.0-150400.4.3.14 busybox-tar-1.35.0-150400.4.3.14 busybox-telnet-1.35.0-150400.4.3.14 busybox-tftp-1.35.0-150400.4.3.14 busybox-time-1.35.0-150400.4.3.14 busybox-traceroute-1.35.0-150400.4.3.14 busybox-tunctl-1.35.0-150400.4.3.14 busybox-unzip-1.35.0-150400.4.3.14 busybox-util-linux-1.35.0-150400.4.3.14 busybox-vi-1.35.0-150400.4.3.14 busybox-vlan-1.35.0-150400.4.3.14 busybox-wget-1.35.0-150400.4.3.14 busybox-which-1.35.0-150400.4.3.14 busybox-whois-1.35.0-150400.4.3.14 busybox-xz-1.35.0-150400.4.3.14 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-150400.3.8.1 busybox-static-1.35.0-150400.3.8.1 References: https://www.suse.com/security/cve/CVE-2014-9645.html https://www.suse.com/security/cve/CVE-2022-30065.html https://bugzilla.suse.com/1199744 https://bugzilla.suse.com/914660 From sle-updates at lists.suse.com Thu Dec 8 20:22:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:22:05 +0100 (CET) Subject: SUSE-SU-2022:4360-1: important: Security update for netatalk Message-ID: <20221208202205.4F1DAFBAC@maintenance.suse.de> SUSE Security Update: Security update for netatalk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4360-1 Rating: important References: #1205393 Cross-References: CVE-2022-45188 CVSS scores: CVE-2022-45188 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-45188 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netatalk fixes the following issues: - CVE-2022-45188: Fixed heap-based buffer overflow in afp_getappl() (bsc#1205393). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-4360=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4360=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libatalk12-3.1.0-3.11.1 libatalk12-debuginfo-3.1.0-3.11.1 netatalk-3.1.0-3.11.1 netatalk-debuginfo-3.1.0-3.11.1 netatalk-debugsource-3.1.0-3.11.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libatalk12-3.1.0-3.11.1 libatalk12-debuginfo-3.1.0-3.11.1 netatalk-3.1.0-3.11.1 netatalk-debuginfo-3.1.0-3.11.1 netatalk-debugsource-3.1.0-3.11.1 netatalk-devel-3.1.0-3.11.1 References: https://www.suse.com/security/cve/CVE-2022-45188.html https://bugzilla.suse.com/1205393 From sle-updates at lists.suse.com Thu Dec 8 20:22:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:22:43 +0100 (CET) Subject: SUSE-RU-2022:4362-1: important: Recommended update for pdsh, slurm_22_05 Message-ID: <20221208202243.CA0EDFBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for pdsh, slurm_22_05 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4362-1 Rating: important References: SLE-21334 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for pdsh, slurm_22_05 fixes the following issues: Slurm was updated to 22.05.5 - Fixes a number of moderate severity issues, noteable are: * Load hash plugin at slurmstepd launch time to prevent issues loading the plugin at step completion if the Slurm installation is upgraded. * Update nvml plugin to match the unique id format for MIG devices in new Nvidia drivers. * Fix multi-node step launch failure when nodes in the controller aren't in natural order. This can happen with inconsistent node naming (such as node15 and node052) or with dynamic nodes which can register in any order. * job_container/tmpfs - cleanup containers even when the .ns file isn't mounted anymore. * Wait up to PrologEpilogTimeout before shutting down slurmd to allow prolog and epilog scripts to complete or timeout. Previously, slurmd waited 120 seconds before timing out and killing prolog and epilog scripts. - Do not deduplicate files of testsuite Slurm configuration. This directory is supposed to be mounted over /etc/slurm therefore it must not contain softlinks to the files in this directory. - Fix a potential security vulnerability in the test package (bsc#1201674, CVE-2022-31251). - update to 22.05.2 with following fixes: * Fix regression which allowed the oversubscription of licenses. * Fix a segfault in slurmctld when requesting gres in job arrays. - Allow log in as user 'slurm'. This allows admins to run certain priviledged commands more easily without becoming root. update to 22.05.0 with following changes: - Support for dynamic node addition and removal - Support for native Linux cgroup v2 operation - Newly added plugins to support HPE Slingshot 11 networks (switch/hpe_slingshot), and Intel Xe GPUs (gpu/oneapi) - Added new acct_gather_interconnect/sysfs plugin to collect statistics from arbitrary network interfaces. - Expanded and synced set of environment variables available in the Prolog/Epilog/PrologSlurmctld/EpilogSlurmctld scripts. - New "--prefer" option to job submissions to allow for a "soft constraint" request to influence node selection. - Optional support for license planning in the backfill scheduler with "bf_licenses" option in SchedulerParameters. - Add a comment about the CommunicationParameters=block_null_hash option warning users who migrate - just in case. - Update to 21.08.8 which fixes CVE-2022-29500 (bsc#1199278), CVE-2022-29501 (bsc#1199279), and CVE-2022-29502 (bsc#1199281). - Added 'CommunicationParameters=block_null_hash' to slurm.conf, please add this parameter to existing configurations. - Update to 21.08.7 with following changes: * openapi/v0.0.37 - correct calculation for bf_queue_len_mean in /diag. * Avoid shrinking a reservation when overlapping with downed nodes. * Only check TRES limits against current usage for TRES requested by the job. * Do not allocate shared gres (MPS) in whole-node allocations * Constrain slurmstepd to job/step cgroup like in previous versions of Slurm. * Fix warnings on 32-bit compilers related to printf() formats. * Fix reconfigure issues after disabling/reenabling the GANG PreemptMode. * Fix race condition where a cgroup was being deleted while another step was creating it. * Set the slurmd port correctly if multi-slurmd * Fix FAIL mail not being sent if a job was cancelled due to preemption. * slurmrestd - move debug logs for HTTP handling to be gated by debugflag NETWORK to avoid unnecessary logging of communication contents. * Fix issue with bad memory access when shrinking running steps. * Fix various issues with internal job accounting with GRES when jobs are shrunk. * Fix ipmi polling on slurmd reconfig or restart. * Fix srun crash when reserved ports are being used and het step fails to launch. * openapi/dbv0.0.37 - fix DELETE execution path on /user/{user_name}. * slurmctld - Properly requeue all components of a het job if PrologSlurmctld fails. * rlimits - remove final calls to limit nofiles to 4096 but to instead use the max possible nofiles in slurmd and slurmdbd. * Allow the DBD agent to load large messages (up to MAX_BUF_SIZE) from state. * Fix potential deadlock during slurmctld restart when there is a completing job. * slurmstepd - reduce user requested soft rlimits when they are above max hard rlimits to avoid rlimit request being completely ignored and processes using default limits. * Fix Slurm user commands displaying available features as active features when no features were active. * Don't power down nodes that are rebooting. * Clear pending node reboot on power down request. * Ignore node registrations while node is powering down. * Don't reboot any node that is power down. * Don't allow a node to reboot if it's marked for power down. * Fix issuing reboot and downing when rebooting a powering up node. * Clear DRAIN on node after failing to resume before ResumeTimeout. * Prevent repeating power down if node fails to resume before ResumeTimeout. * Fix federated cloud node communication with srun and cloud_dns. * Fix jobs being scheduled on nodes marked to be powered_down when idle. * Fix problem where a privileged user could not view array tasks specified by _ when PrivateData had the jobs value set. - Changes in Slurm 21.08.6 * Fix plugin_name definitions in a number of plugins to improve logging. * Close sbcast file transfers when job is cancelled. * scrontab - fix handling of --gpus and --ntasks-per-gpu options. * sched/backfill - fix job_queue_rec_t memory leak. * Fix magnetic reservation logic in both main and backfill schedulers. * job_container/tmpfs - fix memory leak when using InitScript. * slurmrestd / openapi - fix memory leaks. * Fix slurmctld segfault due to job array resv_list double free. * Fix multi-reservation job testing logic. * Fix slurmctld segfault due to insufficient job reservation parse validation. * Fix main and backfill schedulers handling for already rejected job array. * sched/backfill - restore resv_ptr after yielding locks. * acct_gather_energy/xcc - appropriately close and destroy the IPMI context. * Protect slurmstepd from making multiple calls to the cleanup logic. * Prevent slurmstepd segfault at cleanup time in mpi_fini(). * Fix slurmctld sometimes hanging if shutdown while PrologSlurmctld or EpilogSlurmctld were running and PrologEpilogTimeout is set in slurm.conf. * Fix affinity of the batch step if batch host is different than the first node in the allocation. * slurmdbd - fix segfault after multiple failover/failback operations. * Fix jobcomp filetxt job selection condition. * Fix -f flag of sacct not being used. * Select cores for job steps according to the socket distribution. Previously, sockets were always filled before selecting cores from the next socket. * Keep node in Future state if epilog completes while in Future state. * Fix erroneous --constraint behavior by preventing multiple sets of brackets. * Make ResetAccrueTime update the job's accrue_time to now. * Fix sattach initialization with configless mode. * Revert packing limit checks affecting pmi2. * sacct - fixed assertion failure when using -c option and a federation display * Fix issue that allowed steps to overallocate the job's memory. * Fix the sanity check mode of AutoDetect so that it actually works. * Fix deallocated nodes that didn't actually launch a job from waiting for Epilogslurmctld to complete before clearing completing node's state. * Job should be in a completing state if EpilogSlurmctld when being requeued. * Fix job not being requeued properly if all node epilog's completed before EpilogSlurmctld finished. * Keep job completing until EpilogSlurmctld is completed even when "downing" a node. * Fix handling reboot with multiple job features. * Fix nodes getting powered down when creating new partitions. * Fix bad bit_realloc which potentially could lead to bad memory access. * slurmctld - remove limit on the number of open files. * Fix bug where job_state file of size above 2GB wasn't saved without any error message. * Fix various issues with no_consume gres. * Fix regression in 21.08.0rc1 where job steps failed to launch on systems that reserved a CPU in a cgroup outside of Slurm (for example, on systems with WekaIO). * Fix OverTimeLimit not being reset on scontrol reconfigure when it is removed from slurm.conf. * serializer/yaml - use dynamic buffer to allow creation of YAML outputs larger than 1MiB. * Fix minor memory leak affecting openapi users at process termination. * Fix batch jobs not resolving the username when nss_slurm is enabled. * slurmrestd - Avoid slurmrestd ignoring invalid HTTP method if the response serialized without error. * openapi/dbv0.0.37 - Correct conditional that caused the diag output to give an internal server error status on success. * Make --mem-bind=sort work with task_affinity * Fix sacctmgr to set MaxJobsAccruePer{User|Account} and MinPrioThres in sacctmgr add qos, modify already worked correctly. * job_container/tmpfs - avoid printing extraneous error messages in Prolog and Epilog, and when the job completes. * Fix step CPU memory allocation with --threads-per-core without --exact. * Remove implicit --exact when --threads-per-core or --hint=nomultithread is used. * Do not allow a step to request more threads per core than the allocation did. * Remove implicit --exact when --cpus-per-task is used. - update to 21.08.5 with following changes: * Fix issue where typeless GRES node updates were not immediately reflected. * Fix setting the default scrontab job working directory so that it's the home of the different user (*u ) and not that of root or SlurmUser editor. * Fix stepd not respecting SlurmdSyslogDebug. * Fix concurrency issue with squeue. * Fix job start time not being reset after launch when job is packed onto already booting node. * Fix updating SLURM_NODE_ALIASES for jobs packed onto powering up nodes. * Cray - Fix issues with starting hetjobs. * auth/jwks - Print fatal() message when jwks is configured but file could not be opened. * If sacctmgr has an association with an unknown qos as the default qos print 'UNKN*###' instead of leaving a blank name. * Correctly determine task count when giving --cpus-per-gpu, --gpus and *-ntasks-per-node without task count. * slurmctld - Fix places where the global last_job_update was not being set to the time of update when a job's reason and description were updated. * slurmctld - Fix case where a job submitted with more than one partition would not have its reason updated while waiting to start. * Fix memory leak in node feature rebooting. * Fix time limit permanetly set to 1 minute by backfill for job array tasks higher than the first with QOS NoReserve flag and PreemptMode configured. * Fix sacct -N to show jobs that started in the current second * Fix issue on running steps where both SLURM_NTASKS_PER_TRES and SLURM_NTASKS_PER_GPU are set. * Handle oversubscription request correctly when also requesting *-ntasks-per-tres. * Correctly detect when a step requests bad gres inside an allocation. * slurmstepd - Correct possible deadlock when UnkillableStepTimeout triggers. * srun - use maximum number of open files while handling job I/O. * Fix writing to Xauthority files on root_squash NFS exports, which was preventing X11 forwarding from completing setup. * Fix regression in 21.08.0rc1 that broke --gres=none. * Fix srun --cpus-per-task and --threads-per-core not implicitly setting *-exact. It was meant to work this way in 21.08. * Fix regression in 21.08.0 that broke dynamic future nodes. * Fix dynamic future nodes remembering active state on restart. * Fix powered down nodes getting stuck in COMPLETING+POWERED_DOWN when job is cancelled before nodes are powering up. updated to 21.08.4 which fixes (CVE-2021-43337) which is only present in 21.08 tree. * CVE-2021-43337: For sites using the new AccountingStoreFlags=job_script and/or job_env options, an issue was reported with the access control rules in SlurmDBD that will permit users to request job scripts and environment files that they should not have access to. (Scripts/environments are meant to only be accessible by user accounts with administrator privileges, by account coordinators for jobs submitted under their account, and by the user themselves.) changes from 21.08.3: * This includes a number of fixes since the last release a month ago, including one critical fix to prevent a communication issue between slurmctld and slurmdbd for sites that have started using the new AccountingStoreFlags=job_script functionality. - Utilize sysuser infrastructure to set user/group slurm. For munge authentication slurm should have a fixed UID across all nodes including the management server. Set it to 120 - Limit firewalld service definitions to SUSE versions >= 15. - added service definitions for firewalld (JSC#SLE-22741) update to 21.08.2 - major change: * removed of support of the TaskAffinity=yes option in cgroup.conf. Please consider using "TaskPlugins=cgroup,affinity" in slurm.conf as an option. - minor changes and bugfixes: * slurmctld - fix how the max number of cores on a node in a partition are calculated when the partition contains multi*socket nodes. This in turn corrects certain jobs node count estimations displayed client*side. * job_submit/cray_aries - fix "craynetwork" GRES specification after changes introduced in 21.08.0rc1 that made TRES always have a type prefix. * Ignore nonsensical check in the slurmd for [Pro|Epi]logSlurmctld. * Fix writing to stderr/syslog when systemd runs slurmctld in the foreground. * Fix issue with updating job started with node range. * Fix issue with nodes not clearing state in the database when the slurmctld is started with clean*start. * Fix hetjob components > 1 timing out due to InactiveLimit. * Fix sprio printing -nan for normalized association priority if PriorityWeightAssoc was not defined. * Disallow FirstJobId=0. * Preserve job start info in the database for a requeued job that hadn't registered the first time in the database yet. * Only send one message on prolog failure from the slurmd. * Remove support for TaskAffinity=yes in cgroup.conf. * accounting_storage/mysql - fix issue where querying jobs via sacct *-whole-hetjob=yes or slurmrestd (which automatically includes this flag) could in some cases return more records than expected. * Fix issue for preemption of job array task that makes afterok dependency fail. Additionally, send emails when requeueing happens due to preemption. * Fix sending requeue mail type. * Properly resize a job's GRES bitmaps and counts when resizing the job. * Fix node being able to transition to CLOUD state from non-cloud state. * Fix regression introduced in 21.08.0rc1 which broke a step's ability to inherit GRES from the job when the step didn't request GRES but the job did. * Fix errors in logic when picking nodes based on bracketed anded constraints. This also enforces the requirement to have a count when using such constraints. * Handle job resize better in the database. * Exclude currently running, resized jobs from the runaway jobs list. * Make it possible to shrink a job more than once. - moved pam module from /lib64 to /usr/lib64 which fixes bsc#1191095 via the macro %_pam_moduledir updated to 21.08.1 with following bug fixes: * Fix potential memory leak if a problem happens while allocating GRES for a job. * If an overallocation of GRES happens terminate the creation of a job. * AutoDetect=nvml: Fatal if no devices found in MIG mode. * Print federation and cluster sacctmgr error messages to stderr. * Fix off by one error in --gpu-bind=mask_gpu. * Add --gpu-bind=none to disable gpu binding when using --gpus-per-task. * Handle the burst buffer state "alloc-revoke" which previously would not display in the job correctly. * Fix issue in the slurmstepd SPANK prolog/epilog handler where configuration values were used before being initialized. * Restore a step's ability to utilize all of an allocations memory if --mem=0. * Fix --cpu-bind=verbose garbage taskid. * Fix cgroup task affinity issues from garbage taskid info. * Make gres_job_state_validate() client logging behavior as before 44466a4641. * Fix steps with --hint overriding an allocation with --threads-per-core. * Require requesting a GPU if --mem-per-gpu is requested. * Return error early if a job is requesting --ntasks-per-gpu and no gpus or task count. * Properly clear out pending step if unavailable to run with available resources. * Kill all processes spawned by burst_buffer.lua including decendents. * openapi/v0.0.{35,36,37} - Avoid setting default values of min_cpus, job name, cwd, mail_type, and contiguous on job update. * openapi/v0.0.{35,36,37} - Clear user hold on job update if hold=false. * Prevent CRON_JOB flag from being cleared when loading job state. * sacctmgr - Fix deleting WCKeys when not specifying a cluster. * Fix getting memory for a step when the first node in the step isn't the first node in the allocation. * Make SelectTypeParameters=CR_Core_Memory default for cons_tres and cons_res. * Correctly handle mutex unlocks in the gres code if failures happen. * Give better error message if -m plane is given with no size. * Fix --distribution=arbitrary for salloc. * Fix jobcomp/script regression introduced in 21.08.0rc1 0c75b9ac9d. * Only send the batch node in the step_hostlist in the job credential. * When setting affinity for the batch step don't assume the batch host is node 0. * In task/affinity better checking for node existence when laying out affinity. * slurmrestd - fix job submission with auth/jwt. - Make configure arg '--with-pmix' conditional. - Move openapi plugins to package slurm-restd. updated to 21.08.0, major changes: * A new "AccountingStoreFlags=job_script" option to store the job scripts directly in SlurmDBD. * Added "sacct -o SubmitLine" format option to get the submit line of a job/step. * Changes to the node state management so that nodes are marked as PLANNED instead of IDLE if the scheduler is still accumulating resources while waiting to launch a job on them. * RS256 token support in auth/jwt. * Overhaul of the cgroup subsystems to simplify operation, mitigate a number of inherent race conditions, and prepare for future cgroup v2 support. * Further improvements to cloud node power state management. * A new child process of the Slurm controller called "slurmscriptd" responsible for executing PrologSlurmctld and EpilogSlurmctld scripts, which significantly reduces performance issues associated with enabling those options. * A new burst_buffer/lua plugin allowing for site-specific asynchronous job data management. * Fixes to the job_container/tmpfs plugin to allow the slurmd process to be restarted while the job is running without issue. * Added json/yaml output to sacct, squeue, and sinfo commands. * Added a new node_features/helpers plugin to provide a generic way to change settings on a compute node across a reboot. * Added support for automatically detecting and broadcasting shared libraries for an executable launched with "srun --bcast". * Added initial OCI container execution support with a new --container option to sbatch and srun. * Improved "configless" support by allowing multiple control servers to be specified through the slurmd --conf-server option, and send additional configuration files at startup including cli_filter.lua. Changes in pdsh: - Preparing pdsh for Slurm 22.05. * No later version of Slurm builds on 32 bit. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4362=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4362=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4362=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4362=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pdsh-slurm_20_11-2.34-150200.4.6.2 pdsh-slurm_20_11-debuginfo-2.34-150200.4.6.2 pdsh_slurm_20_11-debugsource-2.34-150200.4.6.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): pdsh-slurm_20_11-2.34-150200.4.6.2 pdsh-slurm_20_11-debuginfo-2.34-150200.4.6.2 pdsh_slurm_20_11-debugsource-2.34-150200.4.6.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libnss_slurm2_22_05-22.05.5-150200.5.3.2 libnss_slurm2_22_05-debuginfo-22.05.5-150200.5.3.2 libpmi0_22_05-22.05.5-150200.5.3.2 libpmi0_22_05-debuginfo-22.05.5-150200.5.3.2 libslurm38-22.05.5-150200.5.3.2 libslurm38-debuginfo-22.05.5-150200.5.3.2 pdsh-2.34-150200.4.6.2 pdsh-debuginfo-2.34-150200.4.6.2 pdsh-debugsource-2.34-150200.4.6.2 pdsh-dshgroup-2.34-150200.4.6.2 pdsh-dshgroup-debuginfo-2.34-150200.4.6.2 pdsh-genders-2.34-150200.4.6.2 pdsh-genders-debuginfo-2.34-150200.4.6.2 pdsh-machines-2.34-150200.4.6.2 pdsh-machines-debuginfo-2.34-150200.4.6.2 pdsh-netgroup-2.34-150200.4.6.2 pdsh-netgroup-debuginfo-2.34-150200.4.6.2 pdsh-slurm-2.34-150200.4.6.2 pdsh-slurm-debuginfo-2.34-150200.4.6.2 pdsh-slurm_22_05-2.34-150200.4.6.2 pdsh-slurm_22_05-debuginfo-2.34-150200.4.6.2 pdsh_slurm_22_05-debugsource-2.34-150200.4.6.2 perl-slurm_22_05-22.05.5-150200.5.3.2 perl-slurm_22_05-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-22.05.5-150200.5.3.2 slurm_22_05-auth-none-22.05.5-150200.5.3.2 slurm_22_05-auth-none-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-debugsource-22.05.5-150200.5.3.2 slurm_22_05-devel-22.05.5-150200.5.3.2 slurm_22_05-lua-22.05.5-150200.5.3.2 slurm_22_05-lua-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-munge-22.05.5-150200.5.3.2 slurm_22_05-munge-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-node-22.05.5-150200.5.3.2 slurm_22_05-node-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-pam_slurm-22.05.5-150200.5.3.2 slurm_22_05-pam_slurm-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-plugins-22.05.5-150200.5.3.2 slurm_22_05-plugins-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-rest-22.05.5-150200.5.3.2 slurm_22_05-rest-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-slurmdbd-22.05.5-150200.5.3.2 slurm_22_05-slurmdbd-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-sql-22.05.5-150200.5.3.2 slurm_22_05-sql-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-sview-22.05.5-150200.5.3.2 slurm_22_05-sview-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-torque-22.05.5-150200.5.3.2 slurm_22_05-torque-debuginfo-22.05.5-150200.5.3.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): slurm_22_05-config-22.05.5-150200.5.3.2 slurm_22_05-config-man-22.05.5-150200.5.3.2 slurm_22_05-doc-22.05.5-150200.5.3.2 slurm_22_05-webdoc-22.05.5-150200.5.3.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libnss_slurm2_22_05-22.05.5-150200.5.3.2 libnss_slurm2_22_05-debuginfo-22.05.5-150200.5.3.2 libpmi0_22_05-22.05.5-150200.5.3.2 libpmi0_22_05-debuginfo-22.05.5-150200.5.3.2 libslurm38-22.05.5-150200.5.3.2 libslurm38-debuginfo-22.05.5-150200.5.3.2 pdsh-2.34-150200.4.6.2 pdsh-debuginfo-2.34-150200.4.6.2 pdsh-debugsource-2.34-150200.4.6.2 pdsh-dshgroup-2.34-150200.4.6.2 pdsh-dshgroup-debuginfo-2.34-150200.4.6.2 pdsh-genders-2.34-150200.4.6.2 pdsh-genders-debuginfo-2.34-150200.4.6.2 pdsh-machines-2.34-150200.4.6.2 pdsh-machines-debuginfo-2.34-150200.4.6.2 pdsh-netgroup-2.34-150200.4.6.2 pdsh-netgroup-debuginfo-2.34-150200.4.6.2 pdsh-slurm-2.34-150200.4.6.2 pdsh-slurm-debuginfo-2.34-150200.4.6.2 pdsh-slurm_22_05-2.34-150200.4.6.2 pdsh-slurm_22_05-debuginfo-2.34-150200.4.6.2 pdsh_slurm_22_05-debugsource-2.34-150200.4.6.2 perl-slurm_22_05-22.05.5-150200.5.3.2 perl-slurm_22_05-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-22.05.5-150200.5.3.2 slurm_22_05-auth-none-22.05.5-150200.5.3.2 slurm_22_05-auth-none-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-debugsource-22.05.5-150200.5.3.2 slurm_22_05-devel-22.05.5-150200.5.3.2 slurm_22_05-lua-22.05.5-150200.5.3.2 slurm_22_05-lua-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-munge-22.05.5-150200.5.3.2 slurm_22_05-munge-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-node-22.05.5-150200.5.3.2 slurm_22_05-node-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-pam_slurm-22.05.5-150200.5.3.2 slurm_22_05-pam_slurm-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-plugins-22.05.5-150200.5.3.2 slurm_22_05-plugins-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-rest-22.05.5-150200.5.3.2 slurm_22_05-rest-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-slurmdbd-22.05.5-150200.5.3.2 slurm_22_05-slurmdbd-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-sql-22.05.5-150200.5.3.2 slurm_22_05-sql-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-sview-22.05.5-150200.5.3.2 slurm_22_05-sview-debuginfo-22.05.5-150200.5.3.2 slurm_22_05-torque-22.05.5-150200.5.3.2 slurm_22_05-torque-debuginfo-22.05.5-150200.5.3.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): slurm_22_05-config-22.05.5-150200.5.3.2 slurm_22_05-config-man-22.05.5-150200.5.3.2 slurm_22_05-doc-22.05.5-150200.5.3.2 slurm_22_05-webdoc-22.05.5-150200.5.3.2 References: From sle-updates at lists.suse.com Thu Dec 8 20:23:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:23:21 +0100 (CET) Subject: SUSE-RU-2022:4365-1: moderate: Recommended update for powerman Message-ID: <20221208202321.133EDFBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerman ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4365-1 Rating: moderate References: SLE-11203 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update of powerman fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4365=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4365=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpowerman0-2.3.26-150400.3.2.1 libpowerman0-debuginfo-2.3.26-150400.3.2.1 powerman-2.3.26-150400.3.2.1 powerman-debuginfo-2.3.26-150400.3.2.1 powerman-debugsource-2.3.26-150400.3.2.1 powerman-devel-2.3.26-150400.3.2.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libpowerman0-2.3.26-150400.3.2.1 libpowerman0-debuginfo-2.3.26-150400.3.2.1 powerman-2.3.26-150400.3.2.1 powerman-debuginfo-2.3.26-150400.3.2.1 powerman-debugsource-2.3.26-150400.3.2.1 References: From sle-updates at lists.suse.com Thu Dec 8 20:23:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:23:58 +0100 (CET) Subject: SUSE-RU-2022:4366-1: moderate: Recommended update for hplip Message-ID: <20221208202358.52444FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for hplip ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4366-1 Rating: moderate References: SLE-11203 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update of hplip fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4366=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4366=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4366=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): hplip-3.21.10-150300.4.8.1 hplip-debuginfo-3.21.10-150300.4.8.1 hplip-debugsource-3.21.10-150300.4.8.1 hplip-devel-3.21.10-150300.4.8.1 hplip-hpijs-3.21.10-150300.4.8.1 hplip-hpijs-debuginfo-3.21.10-150300.4.8.1 hplip-sane-3.21.10-150300.4.8.1 hplip-sane-debuginfo-3.21.10-150300.4.8.1 hplip-scan-utils-3.21.10-150300.4.8.1 hplip-scan-utils-debuginfo-3.21.10-150300.4.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): hplip-3.21.10-150300.4.8.1 hplip-debuginfo-3.21.10-150300.4.8.1 hplip-debugsource-3.21.10-150300.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): hplip-debuginfo-3.21.10-150300.4.8.1 hplip-debugsource-3.21.10-150300.4.8.1 hplip-devel-3.21.10-150300.4.8.1 hplip-hpijs-3.21.10-150300.4.8.1 hplip-hpijs-debuginfo-3.21.10-150300.4.8.1 hplip-sane-3.21.10-150300.4.8.1 hplip-sane-debuginfo-3.21.10-150300.4.8.1 References: From sle-updates at lists.suse.com Thu Dec 8 20:24:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:24:36 +0100 (CET) Subject: SUSE-RU-2022:4375-1: moderate: Recommended update for pam_saslauthd Message-ID: <20221208202436.512C8FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for pam_saslauthd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4375-1 Rating: moderate References: PED-2701 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for pam_saslauthd fixes the following issues: Initial shipment of version 0.1.0~1. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4375=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4375=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): pam_saslauthd-0.1.0~1-150400.9.4.1 pam_saslauthd-debuginfo-0.1.0~1-150400.9.4.1 pam_saslauthd-debugsource-0.1.0~1-150400.9.4.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): pam_saslauthd-0.1.0~1-150400.9.4.1 pam_saslauthd-debuginfo-0.1.0~1-150400.9.4.1 pam_saslauthd-debugsource-0.1.0~1-150400.9.4.1 References: From sle-updates at lists.suse.com Thu Dec 8 20:25:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:25:12 +0100 (CET) Subject: SUSE-RU-2022:4363-1: moderate: Recommended update for postgresql10 Message-ID: <20221208202512.06EB8FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4363-1 Rating: moderate References: #1205300 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql10 fixes the following issues: postgresql10 was updated to 10.23: (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/10/release-10-23.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4363=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4363=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-4363=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): postgresql10-10.23-150100.8.53.1 postgresql10-contrib-10.23-150100.8.53.1 postgresql10-contrib-debuginfo-10.23-150100.8.53.1 postgresql10-debuginfo-10.23-150100.8.53.1 postgresql10-debugsource-10.23-150100.8.53.1 postgresql10-llvmjit-devel-10.23-150100.8.53.1 postgresql10-plperl-10.23-150100.8.53.1 postgresql10-plperl-debuginfo-10.23-150100.8.53.1 postgresql10-plpython-10.23-150100.8.53.1 postgresql10-plpython-debuginfo-10.23-150100.8.53.1 postgresql10-pltcl-10.23-150100.8.53.1 postgresql10-pltcl-debuginfo-10.23-150100.8.53.1 postgresql10-server-10.23-150100.8.53.1 postgresql10-server-debuginfo-10.23-150100.8.53.1 postgresql10-test-10.23-150100.8.53.1 - openSUSE Leap 15.4 (noarch): postgresql10-docs-10.23-150100.8.53.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): postgresql10-10.23-150100.8.53.1 postgresql10-contrib-10.23-150100.8.53.1 postgresql10-contrib-debuginfo-10.23-150100.8.53.1 postgresql10-debuginfo-10.23-150100.8.53.1 postgresql10-debugsource-10.23-150100.8.53.1 postgresql10-plperl-10.23-150100.8.53.1 postgresql10-plperl-debuginfo-10.23-150100.8.53.1 postgresql10-plpython-10.23-150100.8.53.1 postgresql10-plpython-debuginfo-10.23-150100.8.53.1 postgresql10-pltcl-10.23-150100.8.53.1 postgresql10-pltcl-debuginfo-10.23-150100.8.53.1 postgresql10-server-10.23-150100.8.53.1 postgresql10-server-debuginfo-10.23-150100.8.53.1 postgresql10-test-10.23-150100.8.53.1 - openSUSE Leap 15.3 (noarch): postgresql10-docs-10.23-150100.8.53.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql10-10.23-150100.8.53.1 postgresql10-contrib-10.23-150100.8.53.1 postgresql10-contrib-debuginfo-10.23-150100.8.53.1 postgresql10-debuginfo-10.23-150100.8.53.1 postgresql10-debugsource-10.23-150100.8.53.1 postgresql10-devel-10.23-150100.8.53.1 postgresql10-devel-debuginfo-10.23-150100.8.53.1 postgresql10-plperl-10.23-150100.8.53.1 postgresql10-plperl-debuginfo-10.23-150100.8.53.1 postgresql10-plpython-10.23-150100.8.53.1 postgresql10-plpython-debuginfo-10.23-150100.8.53.1 postgresql10-pltcl-10.23-150100.8.53.1 postgresql10-pltcl-debuginfo-10.23-150100.8.53.1 postgresql10-server-10.23-150100.8.53.1 postgresql10-server-debuginfo-10.23-150100.8.53.1 References: https://bugzilla.suse.com/1205300 From sle-updates at lists.suse.com Thu Dec 8 20:25:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:25:53 +0100 (CET) Subject: SUSE-RU-2022:4376-1: moderate: Recommended update for postgresql12 Message-ID: <20221208202553.693B3FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4376-1 Rating: moderate References: #1205300 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql12 fixes the following issues: postgresql12 was updated to 12.13 (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/12/release-12-13.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4376=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4376=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-debugsource-12.13-3.33.1 postgresql12-devel-12.13-3.33.1 postgresql12-devel-debuginfo-12.13-3.33.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql12-server-devel-12.13-3.33.1 postgresql12-server-devel-debuginfo-12.13-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql12-12.13-3.33.1 postgresql12-contrib-12.13-3.33.1 postgresql12-contrib-debuginfo-12.13-3.33.1 postgresql12-debuginfo-12.13-3.33.1 postgresql12-debugsource-12.13-3.33.1 postgresql12-plperl-12.13-3.33.1 postgresql12-plperl-debuginfo-12.13-3.33.1 postgresql12-plpython-12.13-3.33.1 postgresql12-plpython-debuginfo-12.13-3.33.1 postgresql12-pltcl-12.13-3.33.1 postgresql12-pltcl-debuginfo-12.13-3.33.1 postgresql12-server-12.13-3.33.1 postgresql12-server-debuginfo-12.13-3.33.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql12-docs-12.13-3.33.1 References: https://bugzilla.suse.com/1205300 From sle-updates at lists.suse.com Thu Dec 8 20:26:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:26:54 +0100 (CET) Subject: SUSE-RU-2022:4367-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <20221208202654.51211FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4367-1 Rating: critical References: #1191880 #1195924 #1195925 #1203382 #1205089 #1206082 Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924) - Implement functionality to detect if an update server has a new cert. Import the new cert when it is detected. - From 10.0.6 (bsc#1205089) - Credentials are equal when username and password are the same ignore other entries in the credentials file - Handle multiple zypper names in process table, zypper and Zypp-main to properly detect the running process - Require dmidecode only on supported archs (bsc#1206082) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4367=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4367=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4367=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4367=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4367=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4367=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4367=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-4367=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-4367=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4367=1 Package List: - openSUSE Leap Micro 5.3 (noarch): cloud-regionsrv-client-10.0.7-150000.6.83.2 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.83.2 cloud-regionsrv-client-generic-config-1.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.83.2 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.83.2 - openSUSE Leap 15.4 (noarch): cloud-regionsrv-client-10.0.7-150000.6.83.2 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.83.2 cloud-regionsrv-client-generic-config-1.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.83.2 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.83.2 - openSUSE Leap 15.3 (noarch): cloud-regionsrv-client-10.0.7-150000.6.83.2 cloud-regionsrv-client-generic-config-1.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.83.2 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.83.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): cloud-regionsrv-client-10.0.7-150000.6.83.2 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.83.2 cloud-regionsrv-client-generic-config-1.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.83.2 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.83.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-10.0.7-150000.6.83.2 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.83.2 cloud-regionsrv-client-generic-config-1.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.83.2 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.83.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-10.0.7-150000.6.83.2 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.83.2 cloud-regionsrv-client-generic-config-1.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.83.2 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.83.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-10.0.7-150000.6.83.2 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.83.2 cloud-regionsrv-client-generic-config-1.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.83.2 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.83.2 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-10.0.7-150000.6.83.2 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.83.2 cloud-regionsrv-client-generic-config-1.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.83.2 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.83.2 - SUSE Linux Enterprise Micro 5.3 (noarch): cloud-regionsrv-client-10.0.7-150000.6.83.2 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.83.2 cloud-regionsrv-client-generic-config-1.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.83.2 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.83.2 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.83.2 References: https://bugzilla.suse.com/1191880 https://bugzilla.suse.com/1195924 https://bugzilla.suse.com/1195925 https://bugzilla.suse.com/1203382 https://bugzilla.suse.com/1205089 https://bugzilla.suse.com/1206082 From sle-updates at lists.suse.com Thu Dec 8 20:28:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:28:18 +0100 (CET) Subject: SUSE-RU-2022:4377-1: moderate: Recommended update for postgresql10 Message-ID: <20221208202818.57A11FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql10 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4377-1 Rating: moderate References: #1205300 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql10 fixes the following issues: postgresql10 was updated to 10.23 (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/10/release-10-23.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4377=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4377=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql10-debugsource-10.23-4.34.1 postgresql10-devel-10.23-4.34.1 postgresql10-devel-debuginfo-10.23-4.34.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql10-10.23-4.34.1 postgresql10-contrib-10.23-4.34.1 postgresql10-contrib-debuginfo-10.23-4.34.1 postgresql10-debuginfo-10.23-4.34.1 postgresql10-debugsource-10.23-4.34.1 postgresql10-plperl-10.23-4.34.1 postgresql10-plperl-debuginfo-10.23-4.34.1 postgresql10-plpython-10.23-4.34.1 postgresql10-plpython-debuginfo-10.23-4.34.1 postgresql10-pltcl-10.23-4.34.1 postgresql10-pltcl-debuginfo-10.23-4.34.1 postgresql10-server-10.23-4.34.1 postgresql10-server-debuginfo-10.23-4.34.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql10-docs-10.23-4.34.1 References: https://bugzilla.suse.com/1205300 From sle-updates at lists.suse.com Thu Dec 8 20:28:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:28:58 +0100 (CET) Subject: SUSE-SU-2022:4372-1: moderate: Security update for busybox Message-ID: <20221208202858.C8EF6FBAC@maintenance.suse.de> SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4372-1 Rating: moderate References: #1199744 Cross-References: CVE-2022-30065 CVSS scores: CVE-2022-30065 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-30065 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4372=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): busybox-1.35.0-4.6.2 References: https://www.suse.com/security/cve/CVE-2022-30065.html https://bugzilla.suse.com/1199744 From sle-updates at lists.suse.com Thu Dec 8 20:29:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:29:45 +0100 (CET) Subject: SUSE-SU-2022:4373-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <20221208202945.7F212FBAC@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4373-1 Rating: moderate References: #1204471 #1204472 #1204473 #1204475 Cross-References: CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVSS scores: CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4373=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4373=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4373=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4373=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4373=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4373=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4373=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-openjdk-1.8.0.352-27.81.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-debugsource-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-1.8.0.352-27.81.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-1.8.0.352-27.81.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-1.8.0.352-27.81.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-27.81.1 References: https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21626.html https://www.suse.com/security/cve/CVE-2022-21628.html https://bugzilla.suse.com/1204471 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475 From sle-updates at lists.suse.com Thu Dec 8 20:30:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:30:51 +0100 (CET) Subject: SUSE-RU-2022:4370-1: moderate: Recommended update for rsyslog Message-ID: <20221208203051.65ABAFBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4370-1 Rating: moderate References: #1191833 #1205275 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4370=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4370=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4370=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150400.5.11.1 rsyslog-debuginfo-8.2106.0-150400.5.11.1 rsyslog-debugsource-8.2106.0-150400.5.11.1 rsyslog-diag-tools-8.2106.0-150400.5.11.1 rsyslog-diag-tools-debuginfo-8.2106.0-150400.5.11.1 rsyslog-doc-8.2106.0-150400.5.11.1 rsyslog-module-dbi-8.2106.0-150400.5.11.1 rsyslog-module-dbi-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-elasticsearch-8.2106.0-150400.5.11.1 rsyslog-module-elasticsearch-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-gcrypt-8.2106.0-150400.5.11.1 rsyslog-module-gcrypt-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-gssapi-8.2106.0-150400.5.11.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-gtls-8.2106.0-150400.5.11.1 rsyslog-module-gtls-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-kafka-8.2106.0-150400.5.11.1 rsyslog-module-kafka-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-mmnormalize-8.2106.0-150400.5.11.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-mysql-8.2106.0-150400.5.11.1 rsyslog-module-mysql-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-omamqp1-8.2106.0-150400.5.11.1 rsyslog-module-omamqp1-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-omhttpfs-8.2106.0-150400.5.11.1 rsyslog-module-omhttpfs-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-omtcl-8.2106.0-150400.5.11.1 rsyslog-module-omtcl-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-ossl-8.2106.0-150400.5.11.1 rsyslog-module-ossl-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-pgsql-8.2106.0-150400.5.11.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-relp-8.2106.0-150400.5.11.1 rsyslog-module-relp-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-snmp-8.2106.0-150400.5.11.1 rsyslog-module-snmp-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-udpspoof-8.2106.0-150400.5.11.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150400.5.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.2106.0-150400.5.11.1 rsyslog-debugsource-8.2106.0-150400.5.11.1 rsyslog-module-gssapi-8.2106.0-150400.5.11.1 rsyslog-module-gssapi-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-gtls-8.2106.0-150400.5.11.1 rsyslog-module-gtls-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-mmnormalize-8.2106.0-150400.5.11.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-mysql-8.2106.0-150400.5.11.1 rsyslog-module-mysql-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-pgsql-8.2106.0-150400.5.11.1 rsyslog-module-pgsql-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-relp-8.2106.0-150400.5.11.1 rsyslog-module-relp-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-snmp-8.2106.0-150400.5.11.1 rsyslog-module-snmp-debuginfo-8.2106.0-150400.5.11.1 rsyslog-module-udpspoof-8.2106.0-150400.5.11.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-150400.5.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-150400.5.11.1 rsyslog-debuginfo-8.2106.0-150400.5.11.1 rsyslog-debugsource-8.2106.0-150400.5.11.1 References: https://bugzilla.suse.com/1191833 https://bugzilla.suse.com/1205275 From sle-updates at lists.suse.com Thu Dec 8 20:31:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:31:41 +0100 (CET) Subject: SUSE-RU-2022:4364-1: moderate: Recommended update for postgresql13 Message-ID: <20221208203141.BCB7EFBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4364-1 Rating: moderate References: #1205300 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql13 fixes the following issues: postgresql13 was updated to 13.9: (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/13/release-13-9.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4364=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4364=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-debugsource-13.9-3.27.1 postgresql13-devel-13.9-3.27.1 postgresql13-devel-debuginfo-13.9-3.27.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): postgresql13-server-devel-13.9-3.27.1 postgresql13-server-devel-debuginfo-13.9-3.27.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): postgresql13-13.9-3.27.1 postgresql13-contrib-13.9-3.27.1 postgresql13-contrib-debuginfo-13.9-3.27.1 postgresql13-debuginfo-13.9-3.27.1 postgresql13-debugsource-13.9-3.27.1 postgresql13-plperl-13.9-3.27.1 postgresql13-plperl-debuginfo-13.9-3.27.1 postgresql13-plpython-13.9-3.27.1 postgresql13-plpython-debuginfo-13.9-3.27.1 postgresql13-pltcl-13.9-3.27.1 postgresql13-pltcl-debuginfo-13.9-3.27.1 postgresql13-server-13.9-3.27.1 postgresql13-server-debuginfo-13.9-3.27.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql13-docs-13.9-3.27.1 References: https://bugzilla.suse.com/1205300 From sle-updates at lists.suse.com Thu Dec 8 20:32:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:32:21 +0100 (CET) Subject: SUSE-RU-2022:4374-1: moderate: Recommended update for rsyslog Message-ID: <20221208203221.65917FBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4374-1 Rating: moderate References: #1205275 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issue: - Parsing of legacy config syntax (bsc#1205275) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4374=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-8.14.1 rsyslog-debuginfo-8.2106.0-8.14.1 rsyslog-debugsource-8.2106.0-8.14.1 rsyslog-diag-tools-8.2106.0-8.14.1 rsyslog-diag-tools-debuginfo-8.2106.0-8.14.1 rsyslog-doc-8.2106.0-8.14.1 rsyslog-module-gssapi-8.2106.0-8.14.1 rsyslog-module-gssapi-debuginfo-8.2106.0-8.14.1 rsyslog-module-gtls-8.2106.0-8.14.1 rsyslog-module-gtls-debuginfo-8.2106.0-8.14.1 rsyslog-module-mmnormalize-8.2106.0-8.14.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-8.14.1 rsyslog-module-mysql-8.2106.0-8.14.1 rsyslog-module-mysql-debuginfo-8.2106.0-8.14.1 rsyslog-module-pgsql-8.2106.0-8.14.1 rsyslog-module-pgsql-debuginfo-8.2106.0-8.14.1 rsyslog-module-relp-8.2106.0-8.14.1 rsyslog-module-relp-debuginfo-8.2106.0-8.14.1 rsyslog-module-snmp-8.2106.0-8.14.1 rsyslog-module-snmp-debuginfo-8.2106.0-8.14.1 rsyslog-module-udpspoof-8.2106.0-8.14.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-8.14.1 References: https://bugzilla.suse.com/1205275 From sle-updates at lists.suse.com Thu Dec 8 20:33:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:33:04 +0100 (CET) Subject: SUSE-RU-2022:4368-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <20221208203304.3F01CFBAC@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4368-1 Rating: critical References: #1191880 #1195924 #1195925 #1203382 #1205089 #1206082 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 6 recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924) - Implement functionality to detect if an update server has a new cert. Import the new cert when it is detected. - From 10.0.6 (bsc#1205089) - Credentials are equal when username and password are the same ignore other entries in the credentials file - Handle multiple zypper names in process table, zypper and Zypp-main to properly detect the running process - Require dmidecode only on supported archs (bsc#1206082) - Add patch to block IPv6 on SLE12 (bsc#1203382) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-4368=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-4368=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-10.0.7-52.87.1 cloud-regionsrv-client-addon-azure-1.0.5-52.87.1 cloud-regionsrv-client-generic-config-1.0.0-52.87.1 cloud-regionsrv-client-plugin-azure-2.0.0-52.87.1 cloud-regionsrv-client-plugin-ec2-1.0.2-52.87.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.87.1 References: https://bugzilla.suse.com/1191880 https://bugzilla.suse.com/1195924 https://bugzilla.suse.com/1195925 https://bugzilla.suse.com/1203382 https://bugzilla.suse.com/1205089 https://bugzilla.suse.com/1206082 From sle-updates at lists.suse.com Thu Dec 8 20:34:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:34:09 +0100 (CET) Subject: SUSE-RU-2022:4361-1: important: Recommended update for pdsh, slurm_22_05 Message-ID: <20221208203409.04454FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pdsh, slurm_22_05 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4361-1 Rating: important References: SLE-21334 Affected Products: SUSE Linux Enterprise Module for HPC 15-SP3 SUSE Linux Enterprise Module for HPC 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for pdsh, slurm_22_05 fixes the following issues: Slurm was updated to 22.05.5 - Fixes a number of moderate severity issues, noteable are: * Load hash plugin at slurmstepd launch time to prevent issues loading the plugin at step completion if the Slurm installation is upgraded. * Update nvml plugin to match the unique id format for MIG devices in new Nvidia drivers. * Fix multi-node step launch failure when nodes in the controller aren't in natural order. This can happen with inconsistent node naming (such as node15 and node052) or with dynamic nodes which can register in any order. * job_container/tmpfs - cleanup containers even when the .ns file isn't mounted anymore. * Wait up to PrologEpilogTimeout before shutting down slurmd to allow prolog and epilog scripts to complete or timeout. Previously, slurmd waited 120 seconds before timing out and killing prolog and epilog scripts. - Do not deduplicate files of testsuite Slurm configuration. This directory is supposed to be mounted over /etc/slurm therefore it must not contain softlinks to the files in this directory. - Fix a potential security vulnerability in the test package (bsc#1201674, CVE-2022-31251). - update to 22.05.2 with following fixes: * Fix regression which allowed the oversubscription of licenses. * Fix a segfault in slurmctld when requesting gres in job arrays. - Allow log in as user 'slurm'. This allows admins to run certain priviledged commands more easily without becoming root. update to 22.05.0 with following changes: - Support for dynamic node addition and removal - Support for native Linux cgroup v2 operation - Newly added plugins to support HPE Slingshot 11 networks (switch/hpe_slingshot), and Intel Xe GPUs (gpu/oneapi) - Added new acct_gather_interconnect/sysfs plugin to collect statistics from arbitrary network interfaces. - Expanded and synced set of environment variables available in the Prolog/Epilog/PrologSlurmctld/EpilogSlurmctld scripts. - New "--prefer" option to job submissions to allow for a "soft constraint" request to influence node selection. - Optional support for license planning in the backfill scheduler with "bf_licenses" option in SchedulerParameters. - Add a comment about the CommunicationParameters=block_null_hash option warning users who migrate - just in case. - Update to 21.08.8 which fixes CVE-2022-29500 (bsc#1199278), CVE-2022-29501 (bsc#1199279), and CVE-2022-29502 (bsc#1199281). - Added 'CommunicationParameters=block_null_hash' to slurm.conf, please add this parameter to existing configurations. - Update to 21.08.7 with following changes: * openapi/v0.0.37 - correct calculation for bf_queue_len_mean in /diag. * Avoid shrinking a reservation when overlapping with downed nodes. * Only check TRES limits against current usage for TRES requested by the job. * Do not allocate shared gres (MPS) in whole-node allocations * Constrain slurmstepd to job/step cgroup like in previous versions of Slurm. * Fix warnings on 32-bit compilers related to printf() formats. * Fix reconfigure issues after disabling/reenabling the GANG PreemptMode. * Fix race condition where a cgroup was being deleted while another step was creating it. * Set the slurmd port correctly if multi-slurmd * Fix FAIL mail not being sent if a job was cancelled due to preemption. * slurmrestd - move debug logs for HTTP handling to be gated by debugflag NETWORK to avoid unnecessary logging of communication contents. * Fix issue with bad memory access when shrinking running steps. * Fix various issues with internal job accounting with GRES when jobs are shrunk. * Fix ipmi polling on slurmd reconfig or restart. * Fix srun crash when reserved ports are being used and het step fails to launch. * openapi/dbv0.0.37 - fix DELETE execution path on /user/{user_name}. * slurmctld - Properly requeue all components of a het job if PrologSlurmctld fails. * rlimits - remove final calls to limit nofiles to 4096 but to instead use the max possible nofiles in slurmd and slurmdbd. * Allow the DBD agent to load large messages (up to MAX_BUF_SIZE) from state. * Fix potential deadlock during slurmctld restart when there is a completing job. * slurmstepd - reduce user requested soft rlimits when they are above max hard rlimits to avoid rlimit request being completely ignored and processes using default limits. * Fix Slurm user commands displaying available features as active features when no features were active. * Don't power down nodes that are rebooting. * Clear pending node reboot on power down request. * Ignore node registrations while node is powering down. * Don't reboot any node that is power down. * Don't allow a node to reboot if it's marked for power down. * Fix issuing reboot and downing when rebooting a powering up node. * Clear DRAIN on node after failing to resume before ResumeTimeout. * Prevent repeating power down if node fails to resume before ResumeTimeout. * Fix federated cloud node communication with srun and cloud_dns. * Fix jobs being scheduled on nodes marked to be powered_down when idle. * Fix problem where a privileged user could not view array tasks specified by _ when PrivateData had the jobs value set. - Changes in Slurm 21.08.6 * Fix plugin_name definitions in a number of plugins to improve logging. * Close sbcast file transfers when job is cancelled. * scrontab - fix handling of --gpus and --ntasks-per-gpu options. * sched/backfill - fix job_queue_rec_t memory leak. * Fix magnetic reservation logic in both main and backfill schedulers. * job_container/tmpfs - fix memory leak when using InitScript. * slurmrestd / openapi - fix memory leaks. * Fix slurmctld segfault due to job array resv_list double free. * Fix multi-reservation job testing logic. * Fix slurmctld segfault due to insufficient job reservation parse validation. * Fix main and backfill schedulers handling for already rejected job array. * sched/backfill - restore resv_ptr after yielding locks. * acct_gather_energy/xcc - appropriately close and destroy the IPMI context. * Protect slurmstepd from making multiple calls to the cleanup logic. * Prevent slurmstepd segfault at cleanup time in mpi_fini(). * Fix slurmctld sometimes hanging if shutdown while PrologSlurmctld or EpilogSlurmctld were running and PrologEpilogTimeout is set in slurm.conf. * Fix affinity of the batch step if batch host is different than the first node in the allocation. * slurmdbd - fix segfault after multiple failover/failback operations. * Fix jobcomp filetxt job selection condition. * Fix -f flag of sacct not being used. * Select cores for job steps according to the socket distribution. Previously, sockets were always filled before selecting cores from the next socket. * Keep node in Future state if epilog completes while in Future state. * Fix erroneous --constraint behavior by preventing multiple sets of brackets. * Make ResetAccrueTime update the job's accrue_time to now. * Fix sattach initialization with configless mode. * Revert packing limit checks affecting pmi2. * sacct - fixed assertion failure when using -c option and a federation display * Fix issue that allowed steps to overallocate the job's memory. * Fix the sanity check mode of AutoDetect so that it actually works. * Fix deallocated nodes that didn't actually launch a job from waiting for Epilogslurmctld to complete before clearing completing node's state. * Job should be in a completing state if EpilogSlurmctld when being requeued. * Fix job not being requeued properly if all node epilog's completed before EpilogSlurmctld finished. * Keep job completing until EpilogSlurmctld is completed even when "downing" a node. * Fix handling reboot with multiple job features. * Fix nodes getting powered down when creating new partitions. * Fix bad bit_realloc which potentially could lead to bad memory access. * slurmctld - remove limit on the number of open files. * Fix bug where job_state file of size above 2GB wasn't saved without any error message. * Fix various issues with no_consume gres. * Fix regression in 21.08.0rc1 where job steps failed to launch on systems that reserved a CPU in a cgroup outside of Slurm (for example, on systems with WekaIO). * Fix OverTimeLimit not being reset on scontrol reconfigure when it is removed from slurm.conf. * serializer/yaml - use dynamic buffer to allow creation of YAML outputs larger than 1MiB. * Fix minor memory leak affecting openapi users at process termination. * Fix batch jobs not resolving the username when nss_slurm is enabled. * slurmrestd - Avoid slurmrestd ignoring invalid HTTP method if the response serialized without error. * openapi/dbv0.0.37 - Correct conditional that caused the diag output to give an internal server error status on success. * Make --mem-bind=sort work with task_affinity * Fix sacctmgr to set MaxJobsAccruePer{User|Account} and MinPrioThres in sacctmgr add qos, modify already worked correctly. * job_container/tmpfs - avoid printing extraneous error messages in Prolog and Epilog, and when the job completes. * Fix step CPU memory allocation with --threads-per-core without --exact. * Remove implicit --exact when --threads-per-core or --hint=nomultithread is used. * Do not allow a step to request more threads per core than the allocation did. * Remove implicit --exact when --cpus-per-task is used. - update to 21.08.5 with following changes: * Fix issue where typeless GRES node updates were not immediately reflected. * Fix setting the default scrontab job working directory so that it's the home of the different user (*u ) and not that of root or SlurmUser editor. * Fix stepd not respecting SlurmdSyslogDebug. * Fix concurrency issue with squeue. * Fix job start time not being reset after launch when job is packed onto already booting node. * Fix updating SLURM_NODE_ALIASES for jobs packed onto powering up nodes. * Cray - Fix issues with starting hetjobs. * auth/jwks - Print fatal() message when jwks is configured but file could not be opened. * If sacctmgr has an association with an unknown qos as the default qos print 'UNKN*###' instead of leaving a blank name. * Correctly determine task count when giving --cpus-per-gpu, --gpus and *-ntasks-per-node without task count. * slurmctld - Fix places where the global last_job_update was not being set to the time of update when a job's reason and description were updated. * slurmctld - Fix case where a job submitted with more than one partition would not have its reason updated while waiting to start. * Fix memory leak in node feature rebooting. * Fix time limit permanetly set to 1 minute by backfill for job array tasks higher than the first with QOS NoReserve flag and PreemptMode configured. * Fix sacct -N to show jobs that started in the current second * Fix issue on running steps where both SLURM_NTASKS_PER_TRES and SLURM_NTASKS_PER_GPU are set. * Handle oversubscription request correctly when also requesting *-ntasks-per-tres. * Correctly detect when a step requests bad gres inside an allocation. * slurmstepd - Correct possible deadlock when UnkillableStepTimeout triggers. * srun - use maximum number of open files while handling job I/O. * Fix writing to Xauthority files on root_squash NFS exports, which was preventing X11 forwarding from completing setup. * Fix regression in 21.08.0rc1 that broke --gres=none. * Fix srun --cpus-per-task and --threads-per-core not implicitly setting *-exact. It was meant to work this way in 21.08. * Fix regression in 21.08.0 that broke dynamic future nodes. * Fix dynamic future nodes remembering active state on restart. * Fix powered down nodes getting stuck in COMPLETING+POWERED_DOWN when job is cancelled before nodes are powering up. updated to 21.08.4 which fixes (CVE-2021-43337) which is only present in 21.08 tree. * CVE-2021-43337: For sites using the new AccountingStoreFlags=job_script and/or job_env options, an issue was reported with the access control rules in SlurmDBD that will permit users to request job scripts and environment files that they should not have access to. (Scripts/environments are meant to only be accessible by user accounts with administrator privileges, by account coordinators for jobs submitted under their account, and by the user themselves.) changes from 21.08.3: * This includes a number of fixes since the last release a month ago, including one critical fix to prevent a communication issue between slurmctld and slurmdbd for sites that have started using the new AccountingStoreFlags=job_script functionality. - Utilize sysuser infrastructure to set user/group slurm. For munge authentication slurm should have a fixed UID across all nodes including the management server. Set it to 120 - Limit firewalld service definitions to SUSE versions >= 15. - added service definitions for firewalld (JSC#SLE-22741) update to 21.08.2 - major change: * removed of support of the TaskAffinity=yes option in cgroup.conf. Please consider using "TaskPlugins=cgroup,affinity" in slurm.conf as an option. - minor changes and bugfixes: * slurmctld - fix how the max number of cores on a node in a partition are calculated when the partition contains multi*socket nodes. This in turn corrects certain jobs node count estimations displayed client*side. * job_submit/cray_aries - fix "craynetwork" GRES specification after changes introduced in 21.08.0rc1 that made TRES always have a type prefix. * Ignore nonsensical check in the slurmd for [Pro|Epi]logSlurmctld. * Fix writing to stderr/syslog when systemd runs slurmctld in the foreground. * Fix issue with updating job started with node range. * Fix issue with nodes not clearing state in the database when the slurmctld is started with clean*start. * Fix hetjob components > 1 timing out due to InactiveLimit. * Fix sprio printing -nan for normalized association priority if PriorityWeightAssoc was not defined. * Disallow FirstJobId=0. * Preserve job start info in the database for a requeued job that hadn't registered the first time in the database yet. * Only send one message on prolog failure from the slurmd. * Remove support for TaskAffinity=yes in cgroup.conf. * accounting_storage/mysql - fix issue where querying jobs via sacct *-whole-hetjob=yes or slurmrestd (which automatically includes this flag) could in some cases return more records than expected. * Fix issue for preemption of job array task that makes afterok dependency fail. Additionally, send emails when requeueing happens due to preemption. * Fix sending requeue mail type. * Properly resize a job's GRES bitmaps and counts when resizing the job. * Fix node being able to transition to CLOUD state from non-cloud state. * Fix regression introduced in 21.08.0rc1 which broke a step's ability to inherit GRES from the job when the step didn't request GRES but the job did. * Fix errors in logic when picking nodes based on bracketed anded constraints. This also enforces the requirement to have a count when using such constraints. * Handle job resize better in the database. * Exclude currently running, resized jobs from the runaway jobs list. * Make it possible to shrink a job more than once. - moved pam module from /lib64 to /usr/lib64 which fixes bsc#1191095 via the macro %_pam_moduledir updated to 21.08.1 with following bug fixes: * Fix potential memory leak if a problem happens while allocating GRES for a job. * If an overallocation of GRES happens terminate the creation of a job. * AutoDetect=nvml: Fatal if no devices found in MIG mode. * Print federation and cluster sacctmgr error messages to stderr. * Fix off by one error in --gpu-bind=mask_gpu. * Add --gpu-bind=none to disable gpu binding when using --gpus-per-task. * Handle the burst buffer state "alloc-revoke" which previously would not display in the job correctly. * Fix issue in the slurmstepd SPANK prolog/epilog handler where configuration values were used before being initialized. * Restore a step's ability to utilize all of an allocations memory if --mem=0. * Fix --cpu-bind=verbose garbage taskid. * Fix cgroup task affinity issues from garbage taskid info. * Make gres_job_state_validate() client logging behavior as before 44466a4641. * Fix steps with --hint overriding an allocation with --threads-per-core. * Require requesting a GPU if --mem-per-gpu is requested. * Return error early if a job is requesting --ntasks-per-gpu and no gpus or task count. * Properly clear out pending step if unavailable to run with available resources. * Kill all processes spawned by burst_buffer.lua including decendents. * openapi/v0.0.{35,36,37} - Avoid setting default values of min_cpus, job name, cwd, mail_type, and contiguous on job update. * openapi/v0.0.{35,36,37} - Clear user hold on job update if hold=false. * Prevent CRON_JOB flag from being cleared when loading job state. * sacctmgr - Fix deleting WCKeys when not specifying a cluster. * Fix getting memory for a step when the first node in the step isn't the first node in the allocation. * Make SelectTypeParameters=CR_Core_Memory default for cons_tres and cons_res. * Correctly handle mutex unlocks in the gres code if failures happen. * Give better error message if -m plane is given with no size. * Fix --distribution=arbitrary for salloc. * Fix jobcomp/script regression introduced in 21.08.0rc1 0c75b9ac9d. * Only send the batch node in the step_hostlist in the job credential. * When setting affinity for the batch step don't assume the batch host is node 0. * In task/affinity better checking for node existence when laying out affinity. * slurmrestd - fix job submission with auth/jwt. - Make configure arg '--with-pmix' conditional. - Move openapi plugins to package slurm-restd. updated to 21.08.0, major changes: * A new "AccountingStoreFlags=job_script" option to store the job scripts directly in SlurmDBD. * Added "sacct -o SubmitLine" format option to get the submit line of a job/step. * Changes to the node state management so that nodes are marked as PLANNED instead of IDLE if the scheduler is still accumulating resources while waiting to launch a job on them. * RS256 token support in auth/jwt. * Overhaul of the cgroup subsystems to simplify operation, mitigate a number of inherent race conditions, and prepare for future cgroup v2 support. * Further improvements to cloud node power state management. * A new child process of the Slurm controller called "slurmscriptd" responsible for executing PrologSlurmctld and EpilogSlurmctld scripts, which significantly reduces performance issues associated with enabling those options. * A new burst_buffer/lua plugin allowing for site-specific asynchronous job data management. * Fixes to the job_container/tmpfs plugin to allow the slurmd process to be restarted while the job is running without issue. * Added json/yaml output to sacct, squeue, and sinfo commands. * Added a new node_features/helpers plugin to provide a generic way to change settings on a compute node across a reboot. * Added support for automatically detecting and broadcasting shared libraries for an executable launched with "srun --bcast". * Added initial OCI container execution support with a new --container option to sbatch and srun. * Improved "configless" support by allowing multiple control servers to be specified through the slurmd --conf-server option, and send additional configuration files at startup including cli_filter.lua. Changes in pdsh: - Preparing pdsh for Slurm 22.05. * No later version of Slurm builds on 32 bit. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4361=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4361=1 - SUSE Linux Enterprise Module for HPC 15-SP4: zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2022-4361=1 - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-4361=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libnss_slurm2_22_05-22.05.5-150300.7.3.2 libnss_slurm2_22_05-debuginfo-22.05.5-150300.7.3.2 libpmi0_22_05-22.05.5-150300.7.3.2 libpmi0_22_05-debuginfo-22.05.5-150300.7.3.2 libslurm38-22.05.5-150300.7.3.2 libslurm38-debuginfo-22.05.5-150300.7.3.2 pdsh-2.34-150300.35.2 pdsh-debuginfo-2.34-150300.35.2 pdsh-debugsource-2.34-150300.35.2 pdsh-dshgroup-2.34-150300.35.2 pdsh-dshgroup-debuginfo-2.34-150300.35.2 pdsh-genders-2.34-150300.35.2 pdsh-genders-debuginfo-2.34-150300.35.2 pdsh-machines-2.34-150300.35.2 pdsh-machines-debuginfo-2.34-150300.35.2 pdsh-netgroup-2.34-150300.35.2 pdsh-netgroup-debuginfo-2.34-150300.35.2 pdsh-slurm-2.34-150300.35.2 pdsh-slurm-debuginfo-2.34-150300.35.2 pdsh-slurm_22_05-2.34-150300.35.2 pdsh-slurm_22_05-debuginfo-2.34-150300.35.2 pdsh_slurm_22_05-debugsource-2.34-150300.35.2 perl-slurm_22_05-22.05.5-150300.7.3.2 perl-slurm_22_05-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-22.05.5-150300.7.3.2 slurm_22_05-auth-none-22.05.5-150300.7.3.2 slurm_22_05-auth-none-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-cray-22.05.5-150300.7.3.2 slurm_22_05-cray-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-debugsource-22.05.5-150300.7.3.2 slurm_22_05-devel-22.05.5-150300.7.3.2 slurm_22_05-hdf5-22.05.5-150300.7.3.2 slurm_22_05-hdf5-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-lua-22.05.5-150300.7.3.2 slurm_22_05-lua-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-munge-22.05.5-150300.7.3.2 slurm_22_05-munge-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-node-22.05.5-150300.7.3.2 slurm_22_05-node-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-openlava-22.05.5-150300.7.3.2 slurm_22_05-pam_slurm-22.05.5-150300.7.3.2 slurm_22_05-pam_slurm-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-plugins-22.05.5-150300.7.3.2 slurm_22_05-plugins-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-rest-22.05.5-150300.7.3.2 slurm_22_05-rest-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-seff-22.05.5-150300.7.3.2 slurm_22_05-sjstat-22.05.5-150300.7.3.2 slurm_22_05-slurmdbd-22.05.5-150300.7.3.2 slurm_22_05-slurmdbd-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-sql-22.05.5-150300.7.3.2 slurm_22_05-sql-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-sview-22.05.5-150300.7.3.2 slurm_22_05-sview-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-testsuite-22.05.5-150300.7.3.2 slurm_22_05-torque-22.05.5-150300.7.3.2 slurm_22_05-torque-debuginfo-22.05.5-150300.7.3.2 - openSUSE Leap 15.4 (noarch): slurm_22_05-config-22.05.5-150300.7.3.2 slurm_22_05-config-man-22.05.5-150300.7.3.2 slurm_22_05-doc-22.05.5-150300.7.3.2 slurm_22_05-webdoc-22.05.5-150300.7.3.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libnss_slurm2_22_05-22.05.5-150300.7.3.2 libnss_slurm2_22_05-debuginfo-22.05.5-150300.7.3.2 libpmi0_22_05-22.05.5-150300.7.3.2 libpmi0_22_05-debuginfo-22.05.5-150300.7.3.2 libslurm38-22.05.5-150300.7.3.2 libslurm38-debuginfo-22.05.5-150300.7.3.2 pdsh-2.34-150300.35.2 pdsh-debuginfo-2.34-150300.35.2 pdsh-debugsource-2.34-150300.35.2 pdsh-dshgroup-2.34-150300.35.2 pdsh-dshgroup-debuginfo-2.34-150300.35.2 pdsh-genders-2.34-150300.35.2 pdsh-genders-debuginfo-2.34-150300.35.2 pdsh-machines-2.34-150300.35.2 pdsh-machines-debuginfo-2.34-150300.35.2 pdsh-netgroup-2.34-150300.35.2 pdsh-netgroup-debuginfo-2.34-150300.35.2 pdsh-slurm-2.34-150300.35.2 pdsh-slurm-debuginfo-2.34-150300.35.2 pdsh-slurm_22_05-2.34-150300.35.2 pdsh-slurm_22_05-debuginfo-2.34-150300.35.2 pdsh_slurm_22_05-debugsource-2.34-150300.35.2 perl-slurm_22_05-22.05.5-150300.7.3.2 perl-slurm_22_05-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-22.05.5-150300.7.3.2 slurm_22_05-auth-none-22.05.5-150300.7.3.2 slurm_22_05-auth-none-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-cray-22.05.5-150300.7.3.2 slurm_22_05-cray-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-debugsource-22.05.5-150300.7.3.2 slurm_22_05-devel-22.05.5-150300.7.3.2 slurm_22_05-hdf5-22.05.5-150300.7.3.2 slurm_22_05-hdf5-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-lua-22.05.5-150300.7.3.2 slurm_22_05-lua-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-munge-22.05.5-150300.7.3.2 slurm_22_05-munge-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-node-22.05.5-150300.7.3.2 slurm_22_05-node-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-openlava-22.05.5-150300.7.3.2 slurm_22_05-pam_slurm-22.05.5-150300.7.3.2 slurm_22_05-pam_slurm-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-plugins-22.05.5-150300.7.3.2 slurm_22_05-plugins-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-rest-22.05.5-150300.7.3.2 slurm_22_05-rest-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-seff-22.05.5-150300.7.3.2 slurm_22_05-sjstat-22.05.5-150300.7.3.2 slurm_22_05-slurmdbd-22.05.5-150300.7.3.2 slurm_22_05-slurmdbd-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-sql-22.05.5-150300.7.3.2 slurm_22_05-sql-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-sview-22.05.5-150300.7.3.2 slurm_22_05-sview-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-testsuite-22.05.5-150300.7.3.2 slurm_22_05-torque-22.05.5-150300.7.3.2 slurm_22_05-torque-debuginfo-22.05.5-150300.7.3.2 - openSUSE Leap 15.3 (noarch): slurm_22_05-config-22.05.5-150300.7.3.2 slurm_22_05-config-man-22.05.5-150300.7.3.2 slurm_22_05-doc-22.05.5-150300.7.3.2 slurm_22_05-webdoc-22.05.5-150300.7.3.2 - SUSE Linux Enterprise Module for HPC 15-SP4 (aarch64 x86_64): libnss_slurm2_22_05-22.05.5-150300.7.3.2 libnss_slurm2_22_05-debuginfo-22.05.5-150300.7.3.2 libpmi0_22_05-22.05.5-150300.7.3.2 libpmi0_22_05-debuginfo-22.05.5-150300.7.3.2 libslurm38-22.05.5-150300.7.3.2 libslurm38-debuginfo-22.05.5-150300.7.3.2 pdsh-2.34-150300.35.2 pdsh-debuginfo-2.34-150300.35.2 pdsh-debugsource-2.34-150300.35.2 pdsh-dshgroup-2.34-150300.35.2 pdsh-dshgroup-debuginfo-2.34-150300.35.2 pdsh-genders-2.34-150300.35.2 pdsh-genders-debuginfo-2.34-150300.35.2 pdsh-machines-2.34-150300.35.2 pdsh-machines-debuginfo-2.34-150300.35.2 pdsh-netgroup-2.34-150300.35.2 pdsh-netgroup-debuginfo-2.34-150300.35.2 pdsh-slurm-2.34-150300.35.2 pdsh-slurm-debuginfo-2.34-150300.35.2 pdsh-slurm_22_05-2.34-150300.35.2 pdsh-slurm_22_05-debuginfo-2.34-150300.35.2 pdsh_slurm_22_05-debugsource-2.34-150300.35.2 perl-slurm_22_05-22.05.5-150300.7.3.2 perl-slurm_22_05-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-22.05.5-150300.7.3.2 slurm_22_05-auth-none-22.05.5-150300.7.3.2 slurm_22_05-auth-none-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-cray-22.05.5-150300.7.3.2 slurm_22_05-cray-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-debugsource-22.05.5-150300.7.3.2 slurm_22_05-devel-22.05.5-150300.7.3.2 slurm_22_05-lua-22.05.5-150300.7.3.2 slurm_22_05-lua-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-munge-22.05.5-150300.7.3.2 slurm_22_05-munge-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-node-22.05.5-150300.7.3.2 slurm_22_05-node-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-pam_slurm-22.05.5-150300.7.3.2 slurm_22_05-pam_slurm-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-plugins-22.05.5-150300.7.3.2 slurm_22_05-plugins-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-rest-22.05.5-150300.7.3.2 slurm_22_05-rest-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-slurmdbd-22.05.5-150300.7.3.2 slurm_22_05-slurmdbd-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-sql-22.05.5-150300.7.3.2 slurm_22_05-sql-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-sview-22.05.5-150300.7.3.2 slurm_22_05-sview-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-torque-22.05.5-150300.7.3.2 slurm_22_05-torque-debuginfo-22.05.5-150300.7.3.2 - SUSE Linux Enterprise Module for HPC 15-SP4 (noarch): slurm_22_05-config-22.05.5-150300.7.3.2 slurm_22_05-config-man-22.05.5-150300.7.3.2 slurm_22_05-doc-22.05.5-150300.7.3.2 slurm_22_05-webdoc-22.05.5-150300.7.3.2 - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): libnss_slurm2_22_05-22.05.5-150300.7.3.2 libnss_slurm2_22_05-debuginfo-22.05.5-150300.7.3.2 libpmi0_22_05-22.05.5-150300.7.3.2 libpmi0_22_05-debuginfo-22.05.5-150300.7.3.2 libslurm38-22.05.5-150300.7.3.2 libslurm38-debuginfo-22.05.5-150300.7.3.2 pdsh-2.34-150300.35.2 pdsh-debuginfo-2.34-150300.35.2 pdsh-debugsource-2.34-150300.35.2 pdsh-dshgroup-2.34-150300.35.2 pdsh-dshgroup-debuginfo-2.34-150300.35.2 pdsh-genders-2.34-150300.35.2 pdsh-genders-debuginfo-2.34-150300.35.2 pdsh-machines-2.34-150300.35.2 pdsh-machines-debuginfo-2.34-150300.35.2 pdsh-netgroup-2.34-150300.35.2 pdsh-netgroup-debuginfo-2.34-150300.35.2 pdsh-slurm-2.34-150300.35.2 pdsh-slurm-debuginfo-2.34-150300.35.2 pdsh-slurm_22_05-2.34-150300.35.2 pdsh-slurm_22_05-debuginfo-2.34-150300.35.2 pdsh_slurm_22_05-debugsource-2.34-150300.35.2 perl-slurm_22_05-22.05.5-150300.7.3.2 perl-slurm_22_05-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-22.05.5-150300.7.3.2 slurm_22_05-auth-none-22.05.5-150300.7.3.2 slurm_22_05-auth-none-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-debugsource-22.05.5-150300.7.3.2 slurm_22_05-devel-22.05.5-150300.7.3.2 slurm_22_05-lua-22.05.5-150300.7.3.2 slurm_22_05-lua-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-munge-22.05.5-150300.7.3.2 slurm_22_05-munge-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-node-22.05.5-150300.7.3.2 slurm_22_05-node-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-pam_slurm-22.05.5-150300.7.3.2 slurm_22_05-pam_slurm-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-plugins-22.05.5-150300.7.3.2 slurm_22_05-plugins-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-rest-22.05.5-150300.7.3.2 slurm_22_05-rest-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-slurmdbd-22.05.5-150300.7.3.2 slurm_22_05-slurmdbd-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-sql-22.05.5-150300.7.3.2 slurm_22_05-sql-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-sview-22.05.5-150300.7.3.2 slurm_22_05-sview-debuginfo-22.05.5-150300.7.3.2 slurm_22_05-torque-22.05.5-150300.7.3.2 slurm_22_05-torque-debuginfo-22.05.5-150300.7.3.2 - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch): slurm_22_05-config-22.05.5-150300.7.3.2 slurm_22_05-config-man-22.05.5-150300.7.3.2 slurm_22_05-doc-22.05.5-150300.7.3.2 slurm_22_05-webdoc-22.05.5-150300.7.3.2 References: From sle-updates at lists.suse.com Thu Dec 8 20:34:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 8 Dec 2022 21:34:49 +0100 (CET) Subject: SUSE-SU-2022:4378-1: moderate: Security update for rabbitmq-server Message-ID: <20221208203449.BB728FD2D@maintenance.suse.de> SUSE Security Update: Security update for rabbitmq-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4378-1 Rating: moderate References: #1205267 Cross-References: CVE-2022-31008 CVSS scores: CVE-2022-31008 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31008 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rabbitmq-server fixes the following issues: - CVE-2022-31008: Fixed predictable secret seed in URI encryption (bsc#1205267). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4378=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4378=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4378=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4378=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-150300.3.11.1 rabbitmq-server-3.8.11-150300.3.11.1 rabbitmq-server-plugins-3.8.11-150300.3.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-150300.3.11.1 rabbitmq-server-3.8.11-150300.3.11.1 rabbitmq-server-plugins-3.8.11-150300.3.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-150300.3.11.1 rabbitmq-server-3.8.11-150300.3.11.1 rabbitmq-server-plugins-3.8.11-150300.3.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): erlang-rabbitmq-client-3.8.11-150300.3.11.1 rabbitmq-server-3.8.11-150300.3.11.1 rabbitmq-server-plugins-3.8.11-150300.3.11.1 References: https://www.suse.com/security/cve/CVE-2022-31008.html https://bugzilla.suse.com/1205267 From sle-updates at lists.suse.com Fri Dec 9 08:22:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:22:56 +0100 (CET) Subject: SUSE-RU-2022:4384-1: moderate: Recommended update for migrate-sles-to-sles4sap Message-ID: <20221209082256.81395FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for migrate-sles-to-sles4sap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4384-1 Rating: moderate References: #1205281 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for migrate-sles-to-sles4sap fixes the following issues: - Add missing required package dependencies to wget, coreutils, openssl and SUSE Connect (bsc#1205281) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4384=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4384=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): migrate-sles-to-sles4sap-15.1.2-150100.3.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): migrate-sles-to-sles4sap-15.1.2-150100.3.12.1 References: https://bugzilla.suse.com/1205281 From sle-updates at lists.suse.com Fri Dec 9 08:23:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:23:41 +0100 (CET) Subject: SUSE-RU-2022:4381-1: important: Recommended update for nvme-cli Message-ID: <20221209082341.B7F94FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvme-cli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4381-1 Rating: important References: #1192761 #1199865 #1204827 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for nvme-cli fixes the following issues: - Drop support for unique discovery subsystem NQN (bsc#1199865 bsc#1192761 bsc#1204827) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4381=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4381=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4381=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4381=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4381=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): nvme-cli-1.13-150300.3.23.2 nvme-cli-debuginfo-1.13-150300.3.23.2 nvme-cli-debugsource-1.13-150300.3.23.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.13-150300.3.23.2 nvme-cli-debuginfo-1.13-150300.3.23.2 nvme-cli-debugsource-1.13-150300.3.23.2 nvme-cli-regress-script-1.13-150300.3.23.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nvme-cli-1.13-150300.3.23.2 nvme-cli-debuginfo-1.13-150300.3.23.2 nvme-cli-debugsource-1.13-150300.3.23.2 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): nvme-cli-1.13-150300.3.23.2 nvme-cli-debuginfo-1.13-150300.3.23.2 nvme-cli-debugsource-1.13-150300.3.23.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): nvme-cli-1.13-150300.3.23.2 nvme-cli-debuginfo-1.13-150300.3.23.2 nvme-cli-debugsource-1.13-150300.3.23.2 References: https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1199865 https://bugzilla.suse.com/1204827 From sle-updates at lists.suse.com Fri Dec 9 08:24:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:24:40 +0100 (CET) Subject: SUSE-FU-2022:4380-1: important: Feature update for ipset Message-ID: <20221209082440.1A095FCC9@maintenance.suse.de> SUSE Feature Update: Feature update for ipset ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4380-1 Rating: important References: #1116432 #1122853 PED-2086 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has two feature fixes and contains one feature can now be installed. Description: This update for ipset fixes the following issues: Version update from 6.36 to 7.15 (jsc#PED-2086): - Update needed to match kernel protocol version - Fix bug with 'ipset save -file ' that wrongly produced empty files (bsc#1116432) - A new internal protocol version between the kernel and userspace is used. This is required in order to support two new functions and the extendend LIST operation, which makes possible to run ipset in every case entirely over netlink without the need to use getsockopt() - Allow specifying protocols by number - Enable memory accounting for ipset allocations - Fix argument parsing buffer overflow in ipset_parse_argv - Fix parsing the service names for ports - Fix memory accounting for hash types on resize - Fix rename concurrency with listing, which can result broken list/save results - Fix to list/save into file specified by option - Implement sorting for hash types in the ipset tool - Limit the maximum range of consecutive elements to add/delete - Support the '-exist' flag with the destroy command - For the full list of changes please consult the changelog at https://ipset.netfilter.org/changelog.html Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4380=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4380=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4380=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4380=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 ppc64le s390x x86_64): ipset-7.15-150400.12.3.2 libipset13-7.15-150400.12.3.2 libipset13-debuginfo-7.15-150400.12.3.2 - openSUSE Leap Micro 5.3 (aarch64 x86_64): ipset-debuginfo-7.15-150400.12.3.2 ipset-debugsource-7.15-150400.12.3.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ipset-7.15-150400.12.3.2 ipset-debuginfo-7.15-150400.12.3.2 ipset-debugsource-7.15-150400.12.3.2 ipset-devel-7.15-150400.12.3.2 libipset13-7.15-150400.12.3.2 libipset13-debuginfo-7.15-150400.12.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): ipset-7.15-150400.12.3.2 ipset-debuginfo-7.15-150400.12.3.2 ipset-debugsource-7.15-150400.12.3.2 ipset-devel-7.15-150400.12.3.2 libipset13-7.15-150400.12.3.2 libipset13-debuginfo-7.15-150400.12.3.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): ipset-7.15-150400.12.3.2 ipset-debuginfo-7.15-150400.12.3.2 ipset-debugsource-7.15-150400.12.3.2 libipset13-7.15-150400.12.3.2 libipset13-debuginfo-7.15-150400.12.3.2 References: https://bugzilla.suse.com/1116432 https://bugzilla.suse.com/1122853 From sle-updates at lists.suse.com Fri Dec 9 08:25:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:25:37 +0100 (CET) Subject: SUSE-RU-2022:4383-1: important: Recommended update for iputils Message-ID: <20221209082537.91E7BFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for iputils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4383-1 Rating: important References: #1203957 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4383=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4383=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4383=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4383=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4383=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): iputils-20211215-150400.3.3.2 iputils-debuginfo-20211215-150400.3.3.2 iputils-debugsource-20211215-150400.3.3.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): iputils-20211215-150400.3.3.2 iputils-debuginfo-20211215-150400.3.3.2 iputils-debugsource-20211215-150400.3.3.2 rarpd-20211215-150400.3.3.2 rarpd-debuginfo-20211215-150400.3.3.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): iputils-debuginfo-20211215-150400.3.3.2 iputils-debugsource-20211215-150400.3.3.2 rarpd-20211215-150400.3.3.2 rarpd-debuginfo-20211215-150400.3.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): iputils-20211215-150400.3.3.2 iputils-debuginfo-20211215-150400.3.3.2 iputils-debugsource-20211215-150400.3.3.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): iputils-20211215-150400.3.3.2 iputils-debuginfo-20211215-150400.3.3.2 iputils-debugsource-20211215-150400.3.3.2 References: https://bugzilla.suse.com/1203957 From sle-updates at lists.suse.com Fri Dec 9 08:26:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:26:32 +0100 (CET) Subject: SUSE-RU-2022:4385-1: moderate: Recommended update for clone-master-clean-up Message-ID: <20221209082632.6FAF8FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for clone-master-clean-up ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4385-1 Rating: moderate References: #1203024 #1204835 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for clone-master-clean-up fixes the following issues: Version update from 1.8 to 1.10: - Fix failure if postfix is not installed by adding a check for the directory's existance (bsc#1204835) - Clean up initiatorname.iscsi (bsc#1203024) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4385=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4385=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4385=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4385=1 Package List: - openSUSE Leap 15.4 (noarch): clone-master-clean-up-1.10-150100.3.17.1 - openSUSE Leap 15.3 (noarch): clone-master-clean-up-1.10-150100.3.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): clone-master-clean-up-1.10-150100.3.17.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): clone-master-clean-up-1.10-150100.3.17.1 References: https://bugzilla.suse.com/1203024 https://bugzilla.suse.com/1204835 From sle-updates at lists.suse.com Fri Dec 9 08:27:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:27:26 +0100 (CET) Subject: SUSE-RU-2022:4382-1: important: Recommended update for libnvme Message-ID: <20221209082726.CAC80FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libnvme ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4382-1 Rating: important References: #1200089 #1203163 #1203204 #1205019 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for libnvme fixes the following issues: libnvme: - Fix 'connect-all' failures when handling JSON configuration file (bsc#1205019) nvme-cli: - Honor JSON config file in 'connect-all' command (bsc#1203204 bsc#1203163) - Add 'show-topology' command (bsc#1200089) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4382=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4382=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4382=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4382=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libnvme-debuginfo-1.0-150400.3.9.3 libnvme-debugsource-1.0-150400.3.9.3 libnvme1-1.0-150400.3.9.3 libnvme1-debuginfo-1.0-150400.3.9.3 nvme-cli-2.0-150400.3.9.3 nvme-cli-debuginfo-2.0-150400.3.9.3 nvme-cli-debugsource-2.0-150400.3.9.3 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libnvme-debuginfo-1.0-150400.3.9.3 libnvme-debugsource-1.0-150400.3.9.3 libnvme-devel-1.0-150400.3.9.3 libnvme1-1.0-150400.3.9.3 libnvme1-debuginfo-1.0-150400.3.9.3 nvme-cli-2.0-150400.3.9.3 nvme-cli-bash-completion-2.0-150400.3.9.3 nvme-cli-debuginfo-2.0-150400.3.9.3 nvme-cli-debugsource-2.0-150400.3.9.3 nvme-cli-regress-script-2.0-150400.3.9.3 nvme-cli-zsh-completion-2.0-150400.3.9.3 python3-libnvme-1.0-150400.3.9.3 python3-libnvme-debuginfo-1.0-150400.3.9.3 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libnvme-debuginfo-1.0-150400.3.9.3 libnvme-debugsource-1.0-150400.3.9.3 libnvme-devel-1.0-150400.3.9.3 libnvme1-1.0-150400.3.9.3 libnvme1-debuginfo-1.0-150400.3.9.3 nvme-cli-2.0-150400.3.9.3 nvme-cli-bash-completion-2.0-150400.3.9.3 nvme-cli-debuginfo-2.0-150400.3.9.3 nvme-cli-debugsource-2.0-150400.3.9.3 nvme-cli-zsh-completion-2.0-150400.3.9.3 python3-libnvme-1.0-150400.3.9.3 python3-libnvme-debuginfo-1.0-150400.3.9.3 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libnvme-debuginfo-1.0-150400.3.9.3 libnvme-debugsource-1.0-150400.3.9.3 libnvme1-1.0-150400.3.9.3 libnvme1-debuginfo-1.0-150400.3.9.3 nvme-cli-2.0-150400.3.9.3 nvme-cli-debuginfo-2.0-150400.3.9.3 nvme-cli-debugsource-2.0-150400.3.9.3 References: https://bugzilla.suse.com/1200089 https://bugzilla.suse.com/1203163 https://bugzilla.suse.com/1203204 https://bugzilla.suse.com/1205019 From sle-updates at lists.suse.com Fri Dec 9 08:28:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:28:33 +0100 (CET) Subject: SUSE-RU-2022:4388-1: moderate: Recommended update for gnutls Message-ID: <20221209082833.2FD21FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4388-1 Rating: moderate References: #1204511 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for gnutls fixes the following issues: - Fix potential to free an invalid pointer (bsc#1204511) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4388=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4388=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4388=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4388=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4388=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): gnutls-3.6.7-150200.14.22.1 gnutls-debuginfo-3.6.7-150200.14.22.1 gnutls-debugsource-3.6.7-150200.14.22.1 libgnutls30-3.6.7-150200.14.22.1 libgnutls30-debuginfo-3.6.7-150200.14.22.1 libgnutls30-hmac-3.6.7-150200.14.22.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-150200.14.22.1 gnutls-debuginfo-3.6.7-150200.14.22.1 gnutls-debugsource-3.6.7-150200.14.22.1 gnutls-guile-3.6.7-150200.14.22.1 gnutls-guile-debuginfo-3.6.7-150200.14.22.1 libgnutls-devel-3.6.7-150200.14.22.1 libgnutls30-3.6.7-150200.14.22.1 libgnutls30-debuginfo-3.6.7-150200.14.22.1 libgnutls30-hmac-3.6.7-150200.14.22.1 libgnutlsxx-devel-3.6.7-150200.14.22.1 libgnutlsxx28-3.6.7-150200.14.22.1 libgnutlsxx28-debuginfo-3.6.7-150200.14.22.1 - openSUSE Leap 15.3 (x86_64): libgnutls-devel-32bit-3.6.7-150200.14.22.1 libgnutls30-32bit-3.6.7-150200.14.22.1 libgnutls30-32bit-debuginfo-3.6.7-150200.14.22.1 libgnutls30-hmac-32bit-3.6.7-150200.14.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): gnutls-3.6.7-150200.14.22.1 gnutls-debuginfo-3.6.7-150200.14.22.1 gnutls-debugsource-3.6.7-150200.14.22.1 libgnutls-devel-3.6.7-150200.14.22.1 libgnutls30-3.6.7-150200.14.22.1 libgnutls30-debuginfo-3.6.7-150200.14.22.1 libgnutls30-hmac-3.6.7-150200.14.22.1 libgnutlsxx-devel-3.6.7-150200.14.22.1 libgnutlsxx28-3.6.7-150200.14.22.1 libgnutlsxx28-debuginfo-3.6.7-150200.14.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libgnutls30-32bit-3.6.7-150200.14.22.1 libgnutls30-32bit-debuginfo-3.6.7-150200.14.22.1 libgnutls30-hmac-32bit-3.6.7-150200.14.22.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): gnutls-3.6.7-150200.14.22.1 gnutls-debuginfo-3.6.7-150200.14.22.1 gnutls-debugsource-3.6.7-150200.14.22.1 libgnutls30-3.6.7-150200.14.22.1 libgnutls30-debuginfo-3.6.7-150200.14.22.1 libgnutls30-hmac-3.6.7-150200.14.22.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): gnutls-debuginfo-3.6.7-150200.14.22.1 gnutls-debugsource-3.6.7-150200.14.22.1 libgnutls30-3.6.7-150200.14.22.1 libgnutls30-debuginfo-3.6.7-150200.14.22.1 libgnutls30-hmac-3.6.7-150200.14.22.1 References: https://bugzilla.suse.com/1204511 From sle-updates at lists.suse.com Fri Dec 9 08:29:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:29:37 +0100 (CET) Subject: SUSE-RU-2022:4387-1: moderate: Recommended update for libteam Message-ID: <20221209082937.2653DFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for libteam ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4387-1 Rating: moderate References: #1200505 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libteam fixes the following issues: - Set ports priority to local and kernel configurations (bsc#1200505) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4387=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4387=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4387=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4387=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4387=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4387=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-150000.4.6.1 libteam-debugsource-1.27-150000.4.6.1 libteam-devel-1.27-150000.4.6.1 libteam-tools-1.27-150000.4.6.1 libteam-tools-debuginfo-1.27-150000.4.6.1 libteam5-1.27-150000.4.6.1 libteam5-debuginfo-1.27-150000.4.6.1 libteamdctl0-1.27-150000.4.6.1 libteamdctl0-debuginfo-1.27-150000.4.6.1 python-libteam-1.27-150000.4.6.1 python-libteam-debuginfo-1.27-150000.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-150000.4.6.1 libteam-debugsource-1.27-150000.4.6.1 libteam-devel-1.27-150000.4.6.1 libteam-tools-1.27-150000.4.6.1 libteam-tools-debuginfo-1.27-150000.4.6.1 libteam5-1.27-150000.4.6.1 libteam5-debuginfo-1.27-150000.4.6.1 libteamdctl0-1.27-150000.4.6.1 libteamdctl0-debuginfo-1.27-150000.4.6.1 python-libteam-1.27-150000.4.6.1 python-libteam-debuginfo-1.27-150000.4.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-150000.4.6.1 libteam-debugsource-1.27-150000.4.6.1 libteam-tools-1.27-150000.4.6.1 libteam-tools-debuginfo-1.27-150000.4.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-150000.4.6.1 libteam-debugsource-1.27-150000.4.6.1 libteam-tools-1.27-150000.4.6.1 libteam-tools-debuginfo-1.27-150000.4.6.1 python-libteam-1.27-150000.4.6.1 python-libteam-debuginfo-1.27-150000.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-150000.4.6.1 libteam-debugsource-1.27-150000.4.6.1 libteam-devel-1.27-150000.4.6.1 libteam5-1.27-150000.4.6.1 libteam5-debuginfo-1.27-150000.4.6.1 libteamdctl0-1.27-150000.4.6.1 libteamdctl0-debuginfo-1.27-150000.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libteam-debuginfo-1.27-150000.4.6.1 libteam-debugsource-1.27-150000.4.6.1 libteam-devel-1.27-150000.4.6.1 libteam5-1.27-150000.4.6.1 libteam5-debuginfo-1.27-150000.4.6.1 libteamdctl0-1.27-150000.4.6.1 libteamdctl0-debuginfo-1.27-150000.4.6.1 References: https://bugzilla.suse.com/1200505 From sle-updates at lists.suse.com Fri Dec 9 08:30:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:30:34 +0100 (CET) Subject: SUSE-RU-2022:4386-1: moderate: Recommended update for python-pylint Message-ID: <20221209083034.0443CFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-pylint ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4386-1 Rating: moderate References: #1199219 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-pylint fixes the following issues: - Remove an unnecessary requirement to /usr/bin/python (bsc#1199219) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4386=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4386=1 Package List: - openSUSE Leap 15.4 (noarch): python3-pylint-1.8.2-150000.3.3.1 - openSUSE Leap 15.3 (noarch): python2-pylint-1.8.2-150000.3.3.1 python3-pylint-1.8.2-150000.3.3.1 References: https://bugzilla.suse.com/1199219 From sle-updates at lists.suse.com Fri Dec 9 08:37:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:37:03 +0100 (CET) Subject: SUSE-CU-2022:3318-1: Security update of bci/bci-busybox Message-ID: <20221209083703.39B15FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3318-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.13.3 , bci/bci-busybox:latest Container Release : 13.3 Severity : moderate Type : security References : 1199744 914660 CVE-2014-9645 CVE-2022-30065 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4371-1 Released: Thu Dec 8 17:19:43 2022 Summary: Security update for busybox Type: security Severity: moderate References: 1199744,914660,CVE-2014-9645,CVE-2022-30065 This update for busybox fixes the following issues: - CVE-2022-30065: Fixed use-after-free in the AWK applet (bsc#1199744). - CVE-2014-9645: Fixed loading of unwanted module with / in module names (bsc#914660). - Update to 1.35.0 also introduced: - awk: fix printf %%, fix read beyond end of buffer - chrt: silence analyzer warning - libarchive: remove duplicate forward declaration - mount: 'mount -o rw ....' should not fall back to RO mount - ps: fix -o pid=PID,args interpreting entire 'PID,args' as header - tar: prevent malicious archives with long name sizes causing OOM - udhcpc6: fix udhcp_find_option to actually find DHCP6 options - xxd: fix -p -r - support for new optoins added to basename, cpio, date, find, mktemp, wget and others The following package changes have been done: - busybox-adduser-1.35.0-150400.4.3.14 updated - busybox-attr-1.35.0-150400.4.3.14 updated - busybox-bc-1.35.0-150400.4.3.14 updated - busybox-bind-utils-1.35.0-150400.4.3.14 updated - busybox-bzip2-1.35.0-150400.4.3.14 updated - busybox-coreutils-1.35.0-150400.4.3.14 updated - busybox-cpio-1.35.0-150400.4.3.14 updated - busybox-diffutils-1.35.0-150400.4.3.14 updated - busybox-dos2unix-1.35.0-150400.4.3.14 updated - busybox-ed-1.35.0-150400.4.3.14 updated - busybox-findutils-1.35.0-150400.4.3.14 updated - busybox-gawk-1.35.0-150400.4.3.14 updated - busybox-grep-1.35.0-150400.4.3.14 updated - busybox-gzip-1.35.0-150400.4.3.14 updated - busybox-hostname-1.35.0-150400.4.3.14 updated - busybox-iproute2-1.35.0-150400.4.3.14 updated - busybox-iputils-1.35.0-150400.4.3.14 updated - busybox-kbd-1.35.0-150400.4.3.14 updated - busybox-less-1.35.0-150400.4.3.14 updated - busybox-links-1.35.0-150400.4.3.14 updated - busybox-man-1.35.0-150400.4.3.14 updated - busybox-misc-1.35.0-150400.4.3.14 updated - busybox-ncurses-utils-1.35.0-150400.4.3.14 updated - busybox-net-tools-1.35.0-150400.4.3.14 updated - busybox-netcat-1.35.0-150400.4.3.14 updated - busybox-patch-1.35.0-150400.4.3.14 updated - busybox-policycoreutils-1.35.0-150400.4.3.14 updated - busybox-procps-1.35.0-150400.4.3.14 updated - busybox-psmisc-1.35.0-150400.4.3.14 updated - busybox-sed-1.35.0-150400.4.3.14 updated - busybox-selinux-tools-1.35.0-150400.4.3.14 updated - busybox-sendmail-1.35.0-150400.4.3.14 updated - busybox-sharutils-1.35.0-150400.4.3.14 updated - busybox-sh-1.35.0-150400.4.3.14 updated - busybox-syslogd-1.35.0-150400.4.3.14 updated - busybox-sysvinit-tools-1.35.0-150400.4.3.14 updated - busybox-tar-1.35.0-150400.4.3.14 updated - busybox-telnet-1.35.0-150400.4.3.14 updated - busybox-tftp-1.35.0-150400.4.3.14 updated - busybox-time-1.35.0-150400.4.3.14 updated - busybox-traceroute-1.35.0-150400.4.3.14 updated - busybox-tunctl-1.35.0-150400.4.3.14 updated - busybox-unzip-1.35.0-150400.4.3.14 updated - busybox-util-linux-1.35.0-150400.4.3.14 updated - busybox-vi-1.35.0-150400.4.3.14 updated - busybox-vlan-1.35.0-150400.4.3.14 updated - busybox-wget-1.35.0-150400.4.3.14 updated - busybox-which-1.35.0-150400.4.3.14 updated - busybox-whois-1.35.0-150400.4.3.14 updated - busybox-xz-1.35.0-150400.4.3.14 updated - busybox-1.35.0-150400.3.8.1 updated From sle-updates at lists.suse.com Fri Dec 9 08:43:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 09:43:46 +0100 (CET) Subject: SUSE-CU-2022:3322-1: Recommended update of suse/pcp Message-ID: <20221209084346.AA0C4FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3322-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.101 , suse/pcp:latest Container Release : 11.101 Severity : moderate Type : recommended References : 1184124 1186787 1187655 1189560 1192508 1198894 1200505 1201053 876845 877776 885007 896188 988954 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4340-1 Released: Wed Dec 7 12:54:47 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies The following package changes have been done: - wicked-0.6.70-150400.3.3.1 updated - wicked-service-0.6.70-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Dec 9 11:21:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 12:21:59 +0100 (CET) Subject: SUSE-RU-2022:4389-1: moderate: Recommended update for avahi Message-ID: <20221209112159.98B48FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4389-1 Rating: moderate References: #1163683 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for avahi fixes the following issues: - Do not cache responses generated locally (bsc#1163683) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4389=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4389=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4389=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4389=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4389=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4389=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4389=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4389=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4389=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4389=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4389=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4389=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4389=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4389=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4389=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4389=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4389=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4389=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4389=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4389=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4389=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4389=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): avahi-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 python3-avahi-0.7-150100.3.21.4 python3-avahi-gtk-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - openSUSE Leap 15.3 (noarch): avahi-lang-0.7-150100.3.21.4 - openSUSE Leap 15.3 (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-glib1-32bit-0.7-150100.3.21.4 libavahi-glib1-32bit-debuginfo-0.7-150100.3.21.4 libdns_sd-32bit-0.7-150100.3.21.4 libdns_sd-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Manager Server 4.1 (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Manager Server 4.1 (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Manager Retail Branch Server 4.1 (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Manager Retail Branch Server 4.1 (x86_64): avahi-0.7-150100.3.21.4 avahi-32bit-debuginfo-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Manager Proxy 4.1 (x86_64): avahi-0.7-150100.3.21.4 avahi-32bit-debuginfo-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Manager Proxy 4.1 (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): avahi-0.7-150100.3.21.4 avahi-32bit-debuginfo-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): avahi-0.7-150100.3.21.4 avahi-32bit-debuginfo-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 python3-avahi-0.7-150100.3.21.4 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): avahi-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): avahi-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Enterprise Storage 7 (aarch64 x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Enterprise Storage 7 (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Enterprise Storage 7 (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE Enterprise Storage 6 (aarch64 x86_64): avahi-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 - SUSE Enterprise Storage 6 (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE Enterprise Storage 6 (x86_64): avahi-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 - SUSE CaaS Platform 4.0 (noarch): avahi-lang-0.7-150100.3.21.4 - SUSE CaaS Platform 4.0 (x86_64): avahi-0.7-150100.3.21.4 avahi-32bit-debuginfo-0.7-150100.3.21.4 avahi-autoipd-0.7-150100.3.21.4 avahi-autoipd-debuginfo-0.7-150100.3.21.4 avahi-compat-howl-devel-0.7-150100.3.21.4 avahi-compat-mDNSResponder-devel-0.7-150100.3.21.4 avahi-debuginfo-0.7-150100.3.21.4 avahi-debugsource-0.7-150100.3.21.4 avahi-glib2-debugsource-0.7-150100.3.21.4 avahi-utils-0.7-150100.3.21.4 avahi-utils-debuginfo-0.7-150100.3.21.4 avahi-utils-gtk-0.7-150100.3.21.4 avahi-utils-gtk-debuginfo-0.7-150100.3.21.4 libavahi-client3-0.7-150100.3.21.4 libavahi-client3-32bit-0.7-150100.3.21.4 libavahi-client3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-client3-debuginfo-0.7-150100.3.21.4 libavahi-common3-0.7-150100.3.21.4 libavahi-common3-32bit-0.7-150100.3.21.4 libavahi-common3-32bit-debuginfo-0.7-150100.3.21.4 libavahi-common3-debuginfo-0.7-150100.3.21.4 libavahi-core7-0.7-150100.3.21.4 libavahi-core7-debuginfo-0.7-150100.3.21.4 libavahi-devel-0.7-150100.3.21.4 libavahi-glib-devel-0.7-150100.3.21.4 libavahi-glib1-0.7-150100.3.21.4 libavahi-glib1-debuginfo-0.7-150100.3.21.4 libavahi-gobject-devel-0.7-150100.3.21.4 libavahi-gobject0-0.7-150100.3.21.4 libavahi-gobject0-debuginfo-0.7-150100.3.21.4 libavahi-ui-gtk3-0-0.7-150100.3.21.4 libavahi-ui-gtk3-0-debuginfo-0.7-150100.3.21.4 libavahi-ui0-0.7-150100.3.21.4 libavahi-ui0-debuginfo-0.7-150100.3.21.4 libdns_sd-0.7-150100.3.21.4 libdns_sd-debuginfo-0.7-150100.3.21.4 libhowl0-0.7-150100.3.21.4 libhowl0-debuginfo-0.7-150100.3.21.4 typelib-1_0-Avahi-0_6-0.7-150100.3.21.4 References: https://bugzilla.suse.com/1163683 From sle-updates at lists.suse.com Fri Dec 9 11:23:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 12:23:18 +0100 (CET) Subject: SUSE-RU-2022:4392-1: Recommended update for libxslt Message-ID: <20221209112318.3591FFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4392-1 Rating: low References: #1203669 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libxslt fixes the following issues: - Fix broken license symlink for libxslt-tools (bsc#1203669) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4392=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4392=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.12.2 libxslt-devel-1.1.28-17.12.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.28-17.12.2 libxslt-tools-1.1.28-17.12.2 libxslt-tools-debuginfo-1.1.28-17.12.2 libxslt1-1.1.28-17.12.2 libxslt1-debuginfo-1.1.28-17.12.2 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxslt1-32bit-1.1.28-17.12.2 libxslt1-debuginfo-32bit-1.1.28-17.12.2 References: https://bugzilla.suse.com/1203669 From sle-updates at lists.suse.com Fri Dec 9 11:24:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 12:24:05 +0100 (CET) Subject: SUSE-RU-2022:4391-1: Recommended update for libxslt Message-ID: <20221209112405.98D3AFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libxslt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4391-1 Rating: low References: #1203669 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libxslt fixes the following issues: - Fix broken license symlink for libxslt-tools (bsc#1203669) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4391=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4391=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4391=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4391=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4391=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4391=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4391=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libxslt-debugsource-1.1.32-150000.3.11.1 libxslt1-1.1.32-150000.3.11.1 libxslt1-debuginfo-1.1.32-150000.3.11.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libxslt-python-1.1.32-150000.3.11.1 libxslt-python-debuginfo-1.1.32-150000.3.11.1 libxslt-python-debugsource-1.1.32-150000.3.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.32-150000.3.11.1 libxslt-devel-1.1.32-150000.3.11.1 libxslt-python-1.1.32-150000.3.11.1 libxslt-python-debuginfo-1.1.32-150000.3.11.1 libxslt-python-debugsource-1.1.32-150000.3.11.1 libxslt-tools-1.1.32-150000.3.11.1 libxslt-tools-debuginfo-1.1.32-150000.3.11.1 libxslt1-1.1.32-150000.3.11.1 libxslt1-debuginfo-1.1.32-150000.3.11.1 - openSUSE Leap 15.3 (x86_64): libxslt-devel-32bit-1.1.32-150000.3.11.1 libxslt1-32bit-1.1.32-150000.3.11.1 libxslt1-32bit-debuginfo-1.1.32-150000.3.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libxslt-debugsource-1.1.32-150000.3.11.1 libxslt1-32bit-1.1.32-150000.3.11.1 libxslt1-32bit-debuginfo-1.1.32-150000.3.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libxslt-debugsource-1.1.32-150000.3.11.1 libxslt-devel-1.1.32-150000.3.11.1 libxslt-tools-1.1.32-150000.3.11.1 libxslt-tools-debuginfo-1.1.32-150000.3.11.1 libxslt1-1.1.32-150000.3.11.1 libxslt1-debuginfo-1.1.32-150000.3.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libxslt-debugsource-1.1.32-150000.3.11.1 libxslt1-1.1.32-150000.3.11.1 libxslt1-debuginfo-1.1.32-150000.3.11.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libxslt-debugsource-1.1.32-150000.3.11.1 libxslt1-1.1.32-150000.3.11.1 libxslt1-debuginfo-1.1.32-150000.3.11.1 References: https://bugzilla.suse.com/1203669 From sle-updates at lists.suse.com Fri Dec 9 11:24:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 12:24:54 +0100 (CET) Subject: SUSE-RU-2022:4390-1: moderate: Recommended update for avahi Message-ID: <20221209112454.5222DFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4390-1 Rating: moderate References: #1163683 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for avahi fixes the following issues: - Do not cache responses generated locally (bsc#1163683) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4390=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4390=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4390=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4390=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): avahi-0.6.32-150000.5.16.2 avahi-autoipd-0.6.32-150000.5.16.2 avahi-autoipd-debuginfo-0.6.32-150000.5.16.2 avahi-compat-howl-devel-0.6.32-150000.5.16.2 avahi-compat-mDNSResponder-devel-0.6.32-150000.5.16.2 avahi-debuginfo-0.6.32-150000.5.16.2 avahi-debugsource-0.6.32-150000.5.16.2 avahi-glib2-debugsource-0.6.32-150000.5.16.2 avahi-utils-0.6.32-150000.5.16.2 avahi-utils-debuginfo-0.6.32-150000.5.16.2 avahi-utils-gtk-0.6.32-150000.5.16.2 avahi-utils-gtk-debuginfo-0.6.32-150000.5.16.2 libavahi-client3-0.6.32-150000.5.16.2 libavahi-client3-debuginfo-0.6.32-150000.5.16.2 libavahi-common3-0.6.32-150000.5.16.2 libavahi-common3-debuginfo-0.6.32-150000.5.16.2 libavahi-core7-0.6.32-150000.5.16.2 libavahi-core7-debuginfo-0.6.32-150000.5.16.2 libavahi-devel-0.6.32-150000.5.16.2 libavahi-glib-devel-0.6.32-150000.5.16.2 libavahi-glib1-0.6.32-150000.5.16.2 libavahi-glib1-debuginfo-0.6.32-150000.5.16.2 libavahi-gobject-devel-0.6.32-150000.5.16.2 libavahi-gobject0-0.6.32-150000.5.16.2 libavahi-gobject0-debuginfo-0.6.32-150000.5.16.2 libavahi-ui-gtk3-0-0.6.32-150000.5.16.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-150000.5.16.2 libavahi-ui0-0.6.32-150000.5.16.2 libavahi-ui0-debuginfo-0.6.32-150000.5.16.2 libdns_sd-0.6.32-150000.5.16.2 libdns_sd-debuginfo-0.6.32-150000.5.16.2 libhowl0-0.6.32-150000.5.16.2 libhowl0-debuginfo-0.6.32-150000.5.16.2 typelib-1_0-Avahi-0_6-0.6.32-150000.5.16.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): avahi-lang-0.6.32-150000.5.16.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): avahi-32bit-debuginfo-0.6.32-150000.5.16.2 libavahi-client3-32bit-0.6.32-150000.5.16.2 libavahi-client3-32bit-debuginfo-0.6.32-150000.5.16.2 libavahi-common3-32bit-0.6.32-150000.5.16.2 libavahi-common3-32bit-debuginfo-0.6.32-150000.5.16.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): avahi-0.6.32-150000.5.16.2 avahi-autoipd-0.6.32-150000.5.16.2 avahi-autoipd-debuginfo-0.6.32-150000.5.16.2 avahi-compat-howl-devel-0.6.32-150000.5.16.2 avahi-compat-mDNSResponder-devel-0.6.32-150000.5.16.2 avahi-debuginfo-0.6.32-150000.5.16.2 avahi-debugsource-0.6.32-150000.5.16.2 avahi-glib2-debugsource-0.6.32-150000.5.16.2 avahi-utils-0.6.32-150000.5.16.2 avahi-utils-debuginfo-0.6.32-150000.5.16.2 avahi-utils-gtk-0.6.32-150000.5.16.2 avahi-utils-gtk-debuginfo-0.6.32-150000.5.16.2 libavahi-client3-0.6.32-150000.5.16.2 libavahi-client3-debuginfo-0.6.32-150000.5.16.2 libavahi-common3-0.6.32-150000.5.16.2 libavahi-common3-debuginfo-0.6.32-150000.5.16.2 libavahi-core7-0.6.32-150000.5.16.2 libavahi-core7-debuginfo-0.6.32-150000.5.16.2 libavahi-devel-0.6.32-150000.5.16.2 libavahi-glib-devel-0.6.32-150000.5.16.2 libavahi-glib1-0.6.32-150000.5.16.2 libavahi-glib1-debuginfo-0.6.32-150000.5.16.2 libavahi-gobject-devel-0.6.32-150000.5.16.2 libavahi-gobject0-0.6.32-150000.5.16.2 libavahi-gobject0-debuginfo-0.6.32-150000.5.16.2 libavahi-ui-gtk3-0-0.6.32-150000.5.16.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-150000.5.16.2 libavahi-ui0-0.6.32-150000.5.16.2 libavahi-ui0-debuginfo-0.6.32-150000.5.16.2 libdns_sd-0.6.32-150000.5.16.2 libdns_sd-debuginfo-0.6.32-150000.5.16.2 libhowl0-0.6.32-150000.5.16.2 libhowl0-debuginfo-0.6.32-150000.5.16.2 typelib-1_0-Avahi-0_6-0.6.32-150000.5.16.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): avahi-lang-0.6.32-150000.5.16.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): avahi-0.6.32-150000.5.16.2 avahi-autoipd-0.6.32-150000.5.16.2 avahi-autoipd-debuginfo-0.6.32-150000.5.16.2 avahi-compat-howl-devel-0.6.32-150000.5.16.2 avahi-compat-mDNSResponder-devel-0.6.32-150000.5.16.2 avahi-debuginfo-0.6.32-150000.5.16.2 avahi-debugsource-0.6.32-150000.5.16.2 avahi-glib2-debugsource-0.6.32-150000.5.16.2 avahi-utils-0.6.32-150000.5.16.2 avahi-utils-debuginfo-0.6.32-150000.5.16.2 avahi-utils-gtk-0.6.32-150000.5.16.2 avahi-utils-gtk-debuginfo-0.6.32-150000.5.16.2 libavahi-client3-0.6.32-150000.5.16.2 libavahi-client3-debuginfo-0.6.32-150000.5.16.2 libavahi-common3-0.6.32-150000.5.16.2 libavahi-common3-debuginfo-0.6.32-150000.5.16.2 libavahi-core7-0.6.32-150000.5.16.2 libavahi-core7-debuginfo-0.6.32-150000.5.16.2 libavahi-devel-0.6.32-150000.5.16.2 libavahi-glib-devel-0.6.32-150000.5.16.2 libavahi-glib1-0.6.32-150000.5.16.2 libavahi-glib1-debuginfo-0.6.32-150000.5.16.2 libavahi-gobject-devel-0.6.32-150000.5.16.2 libavahi-gobject0-0.6.32-150000.5.16.2 libavahi-gobject0-debuginfo-0.6.32-150000.5.16.2 libavahi-ui-gtk3-0-0.6.32-150000.5.16.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-150000.5.16.2 libavahi-ui0-0.6.32-150000.5.16.2 libavahi-ui0-debuginfo-0.6.32-150000.5.16.2 libdns_sd-0.6.32-150000.5.16.2 libdns_sd-debuginfo-0.6.32-150000.5.16.2 libhowl0-0.6.32-150000.5.16.2 libhowl0-debuginfo-0.6.32-150000.5.16.2 typelib-1_0-Avahi-0_6-0.6.32-150000.5.16.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): avahi-32bit-debuginfo-0.6.32-150000.5.16.2 libavahi-client3-32bit-0.6.32-150000.5.16.2 libavahi-client3-32bit-debuginfo-0.6.32-150000.5.16.2 libavahi-common3-32bit-0.6.32-150000.5.16.2 libavahi-common3-32bit-debuginfo-0.6.32-150000.5.16.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): avahi-lang-0.6.32-150000.5.16.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): avahi-0.6.32-150000.5.16.2 avahi-autoipd-0.6.32-150000.5.16.2 avahi-autoipd-debuginfo-0.6.32-150000.5.16.2 avahi-compat-howl-devel-0.6.32-150000.5.16.2 avahi-compat-mDNSResponder-devel-0.6.32-150000.5.16.2 avahi-debuginfo-0.6.32-150000.5.16.2 avahi-debugsource-0.6.32-150000.5.16.2 avahi-glib2-debugsource-0.6.32-150000.5.16.2 avahi-utils-0.6.32-150000.5.16.2 avahi-utils-debuginfo-0.6.32-150000.5.16.2 avahi-utils-gtk-0.6.32-150000.5.16.2 avahi-utils-gtk-debuginfo-0.6.32-150000.5.16.2 libavahi-client3-0.6.32-150000.5.16.2 libavahi-client3-debuginfo-0.6.32-150000.5.16.2 libavahi-common3-0.6.32-150000.5.16.2 libavahi-common3-debuginfo-0.6.32-150000.5.16.2 libavahi-core7-0.6.32-150000.5.16.2 libavahi-core7-debuginfo-0.6.32-150000.5.16.2 libavahi-devel-0.6.32-150000.5.16.2 libavahi-glib-devel-0.6.32-150000.5.16.2 libavahi-glib1-0.6.32-150000.5.16.2 libavahi-glib1-debuginfo-0.6.32-150000.5.16.2 libavahi-gobject-devel-0.6.32-150000.5.16.2 libavahi-gobject0-0.6.32-150000.5.16.2 libavahi-gobject0-debuginfo-0.6.32-150000.5.16.2 libavahi-ui-gtk3-0-0.6.32-150000.5.16.2 libavahi-ui-gtk3-0-debuginfo-0.6.32-150000.5.16.2 libavahi-ui0-0.6.32-150000.5.16.2 libavahi-ui0-debuginfo-0.6.32-150000.5.16.2 libdns_sd-0.6.32-150000.5.16.2 libdns_sd-debuginfo-0.6.32-150000.5.16.2 libhowl0-0.6.32-150000.5.16.2 libhowl0-debuginfo-0.6.32-150000.5.16.2 typelib-1_0-Avahi-0_6-0.6.32-150000.5.16.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): avahi-32bit-debuginfo-0.6.32-150000.5.16.2 libavahi-client3-32bit-0.6.32-150000.5.16.2 libavahi-client3-32bit-debuginfo-0.6.32-150000.5.16.2 libavahi-common3-32bit-0.6.32-150000.5.16.2 libavahi-common3-32bit-debuginfo-0.6.32-150000.5.16.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): avahi-lang-0.6.32-150000.5.16.2 References: https://bugzilla.suse.com/1163683 From sle-updates at lists.suse.com Fri Dec 9 14:01:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 15:01:39 +0100 (CET) Subject: SUSE-CU-2022:3325-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20221209140139.5FA1BFD84@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3325-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.52 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.52 Severity : important Type : recommended References : 1203957 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) The following package changes have been done: - iputils-20211215-150400.3.3.2 updated From sle-updates at lists.suse.com Fri Dec 9 14:20:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 15:20:21 +0100 (CET) Subject: SUSE-SU-2022:4393-1: moderate: Security update for nautilus Message-ID: <20221209142021.973A4FD2D@maintenance.suse.de> SUSE Security Update: Security update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4393-1 Rating: moderate References: #1205418 Cross-References: CVE-2022-37290 CVSS scores: CVE-2022-37290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-37290 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4393=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4393=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4393=1 Package List: - openSUSE Leap 15.4 (x86_64): libnautilus-extension1-32bit-3.34.3-150200.4.6.1 libnautilus-extension1-32bit-debuginfo-3.34.3-150200.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.34.3-150200.4.6.1 libnautilus-extension1-3.34.3-150200.4.6.1 libnautilus-extension1-debuginfo-3.34.3-150200.4.6.1 nautilus-3.34.3-150200.4.6.1 nautilus-debuginfo-3.34.3-150200.4.6.1 nautilus-debugsource-3.34.3-150200.4.6.1 nautilus-devel-3.34.3-150200.4.6.1 typelib-1_0-Nautilus-3_0-3.34.3-150200.4.6.1 - openSUSE Leap 15.3 (x86_64): libnautilus-extension1-32bit-3.34.3-150200.4.6.1 libnautilus-extension1-32bit-debuginfo-3.34.3-150200.4.6.1 - openSUSE Leap 15.3 (noarch): nautilus-lang-3.34.3-150200.4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.34.3-150200.4.6.1 libnautilus-extension1-3.34.3-150200.4.6.1 libnautilus-extension1-debuginfo-3.34.3-150200.4.6.1 nautilus-3.34.3-150200.4.6.1 nautilus-debuginfo-3.34.3-150200.4.6.1 nautilus-debugsource-3.34.3-150200.4.6.1 nautilus-devel-3.34.3-150200.4.6.1 typelib-1_0-Nautilus-3_0-3.34.3-150200.4.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): nautilus-lang-3.34.3-150200.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-37290.html https://bugzilla.suse.com/1205418 From sle-updates at lists.suse.com Fri Dec 9 14:21:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 15:21:06 +0100 (CET) Subject: SUSE-SU-2022:4394-1: moderate: Security update for nautilus Message-ID: <20221209142106.0184DFD2D@maintenance.suse.de> SUSE Security Update: Security update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4394-1 Rating: moderate References: #1205418 Cross-References: CVE-2022-37290 CVSS scores: CVE-2022-37290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-37290 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-4394=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4394=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4394=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libnautilus-extension1-32bit-3.20.3-23.15.1 libnautilus-extension1-debuginfo-32bit-3.20.3-23.15.1 nautilus-debugsource-3.20.3-23.15.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): nautilus-debuginfo-3.20.3-23.15.1 nautilus-debugsource-3.20.3-23.15.1 nautilus-devel-3.20.3-23.15.1 typelib-1_0-Nautilus-3_0-3.20.3-23.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-3.20.3-23.15.1 libnautilus-extension1-3.20.3-23.15.1 libnautilus-extension1-debuginfo-3.20.3-23.15.1 nautilus-3.20.3-23.15.1 nautilus-debuginfo-3.20.3-23.15.1 nautilus-debugsource-3.20.3-23.15.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): nautilus-lang-3.20.3-23.15.1 References: https://www.suse.com/security/cve/CVE-2022-37290.html https://bugzilla.suse.com/1205418 From sle-updates at lists.suse.com Fri Dec 9 14:22:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 15:22:11 +0100 (CET) Subject: SUSE-SU-2022:4395-1: important: Security update for samba Message-ID: <20221209142211.09A00FD2D@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4395-1 Rating: important References: #1200102 #1201490 #1201492 #1201493 #1201495 #1201496 #1201689 #1204254 #1205126 Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3437 CVE-2022-42898 CVSS scores: CVE-2022-2031 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2031 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32742 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32742 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32744 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32746 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-3437 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 7 vulnerabilities and has two fixes is now available. Description: This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496). - CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493). - CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492). - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - CVE-2022-42898: Fixed Samba buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). Bug fixes: - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory (bsc#1201689). - Possible use after free of connection_struct when iterating smbd_server_connection->connections (bsc#1200102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4395=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4395=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-4395=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4395=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4395=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-4395=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4395=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): samba-client-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debugsource-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.12+git.535.7750e5c95ef-150300.3.43.1 ctdb-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 ctdb-pcp-pmda-4.15.12+git.535.7750e5c95ef-150300.3.43.1 ctdb-pcp-pmda-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 libsamba-policy-devel-4.15.12+git.535.7750e5c95ef-150300.3.43.1 libsamba-policy-python3-devel-4.15.12+git.535.7750e5c95ef-150300.3.43.1 libsamba-policy0-python3-4.15.12+git.535.7750e5c95ef-150300.3.43.1 libsamba-policy0-python3-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debugsource-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-devel-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-dsdb-modules-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-dsdb-modules-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-gpupdate-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ldb-ldap-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ldb-ldap-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-python3-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-python3-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-test-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-test-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-tool-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - openSUSE Leap 15.3 (aarch64 x86_64): samba-ceph-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ceph-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - openSUSE Leap 15.3 (aarch64_ilp32): libsamba-policy0-python3-64bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 libsamba-policy0-python3-64bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-64bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-64bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-64bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-64bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-64bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-64bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - openSUSE Leap 15.3 (noarch): samba-doc-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - openSUSE Leap 15.3 (x86_64): libsamba-policy0-python3-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 libsamba-policy0-python3-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-libs-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-libs-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-devel-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-libs-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-libs-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debugsource-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.12+git.535.7750e5c95ef-150300.3.43.1 libsamba-policy-python3-devel-4.15.12+git.535.7750e5c95ef-150300.3.43.1 libsamba-policy0-python3-4.15.12+git.535.7750e5c95ef-150300.3.43.1 libsamba-policy0-python3-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debugsource-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-devel-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-dsdb-modules-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-dsdb-modules-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-gpupdate-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ldb-ldap-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ldb-ldap-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-python3-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-python3-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-tool-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ceph-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): samba-ad-dc-libs-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ad-dc-libs-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-devel-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-libs-32bit-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-libs-32bit-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): samba-client-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debugsource-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.12+git.535.7750e5c95ef-150300.3.43.1 ctdb-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debugsource-4.15.12+git.535.7750e5c95ef-150300.3.43.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ctdb-4.15.12+git.535.7750e5c95ef-150300.3.43.1 ctdb-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ceph-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-ceph-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-client-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-debugsource-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-libs-python3-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-4.15.12+git.535.7750e5c95ef-150300.3.43.1 samba-winbind-debuginfo-4.15.12+git.535.7750e5c95ef-150300.3.43.1 References: https://www.suse.com/security/cve/CVE-2022-2031.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-32744.html https://www.suse.com/security/cve/CVE-2022-32745.html https://www.suse.com/security/cve/CVE-2022-32746.html https://www.suse.com/security/cve/CVE-2022-3437.html https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1200102 https://bugzilla.suse.com/1201490 https://bugzilla.suse.com/1201492 https://bugzilla.suse.com/1201493 https://bugzilla.suse.com/1201495 https://bugzilla.suse.com/1201496 https://bugzilla.suse.com/1201689 https://bugzilla.suse.com/1204254 https://bugzilla.suse.com/1205126 From sle-updates at lists.suse.com Fri Dec 9 17:20:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 18:20:03 +0100 (CET) Subject: SUSE-RU-2022:4396-1: moderate: Recommended update for frr Message-ID: <20221209172003.3D21FFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for frr ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4396-1 Rating: moderate References: SLE-11203 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update of frr fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4396=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4396=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4396=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4396=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.12.1 frr-debuginfo-7.4-150300.4.12.1 frr-debugsource-7.4-150300.4.12.1 frr-devel-7.4-150300.4.12.1 libfrr0-7.4-150300.4.12.1 libfrr0-debuginfo-7.4-150300.4.12.1 libfrr_pb0-7.4-150300.4.12.1 libfrr_pb0-debuginfo-7.4-150300.4.12.1 libfrrcares0-7.4-150300.4.12.1 libfrrcares0-debuginfo-7.4-150300.4.12.1 libfrrfpm_pb0-7.4-150300.4.12.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.12.1 libfrrgrpc_pb0-7.4-150300.4.12.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.12.1 libfrrospfapiclient0-7.4-150300.4.12.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.12.1 libfrrsnmp0-7.4-150300.4.12.1 libfrrsnmp0-debuginfo-7.4-150300.4.12.1 libfrrzmq0-7.4-150300.4.12.1 libfrrzmq0-debuginfo-7.4-150300.4.12.1 libmlag_pb0-7.4-150300.4.12.1 libmlag_pb0-debuginfo-7.4-150300.4.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.12.1 frr-debuginfo-7.4-150300.4.12.1 frr-debugsource-7.4-150300.4.12.1 frr-devel-7.4-150300.4.12.1 libfrr0-7.4-150300.4.12.1 libfrr0-debuginfo-7.4-150300.4.12.1 libfrr_pb0-7.4-150300.4.12.1 libfrr_pb0-debuginfo-7.4-150300.4.12.1 libfrrcares0-7.4-150300.4.12.1 libfrrcares0-debuginfo-7.4-150300.4.12.1 libfrrfpm_pb0-7.4-150300.4.12.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.12.1 libfrrgrpc_pb0-7.4-150300.4.12.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.12.1 libfrrospfapiclient0-7.4-150300.4.12.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.12.1 libfrrsnmp0-7.4-150300.4.12.1 libfrrsnmp0-debuginfo-7.4-150300.4.12.1 libfrrzmq0-7.4-150300.4.12.1 libfrrzmq0-debuginfo-7.4-150300.4.12.1 libmlag_pb0-7.4-150300.4.12.1 libmlag_pb0-debuginfo-7.4-150300.4.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.12.1 frr-debuginfo-7.4-150300.4.12.1 frr-debugsource-7.4-150300.4.12.1 frr-devel-7.4-150300.4.12.1 libfrr0-7.4-150300.4.12.1 libfrr0-debuginfo-7.4-150300.4.12.1 libfrr_pb0-7.4-150300.4.12.1 libfrr_pb0-debuginfo-7.4-150300.4.12.1 libfrrcares0-7.4-150300.4.12.1 libfrrcares0-debuginfo-7.4-150300.4.12.1 libfrrfpm_pb0-7.4-150300.4.12.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.12.1 libfrrgrpc_pb0-7.4-150300.4.12.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.12.1 libfrrospfapiclient0-7.4-150300.4.12.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.12.1 libfrrsnmp0-7.4-150300.4.12.1 libfrrsnmp0-debuginfo-7.4-150300.4.12.1 libfrrzmq0-7.4-150300.4.12.1 libfrrzmq0-debuginfo-7.4-150300.4.12.1 libmlag_pb0-7.4-150300.4.12.1 libmlag_pb0-debuginfo-7.4-150300.4.12.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): frr-7.4-150300.4.12.1 frr-debuginfo-7.4-150300.4.12.1 frr-debugsource-7.4-150300.4.12.1 frr-devel-7.4-150300.4.12.1 libfrr0-7.4-150300.4.12.1 libfrr0-debuginfo-7.4-150300.4.12.1 libfrr_pb0-7.4-150300.4.12.1 libfrr_pb0-debuginfo-7.4-150300.4.12.1 libfrrcares0-7.4-150300.4.12.1 libfrrcares0-debuginfo-7.4-150300.4.12.1 libfrrfpm_pb0-7.4-150300.4.12.1 libfrrfpm_pb0-debuginfo-7.4-150300.4.12.1 libfrrgrpc_pb0-7.4-150300.4.12.1 libfrrgrpc_pb0-debuginfo-7.4-150300.4.12.1 libfrrospfapiclient0-7.4-150300.4.12.1 libfrrospfapiclient0-debuginfo-7.4-150300.4.12.1 libfrrsnmp0-7.4-150300.4.12.1 libfrrsnmp0-debuginfo-7.4-150300.4.12.1 libfrrzmq0-7.4-150300.4.12.1 libfrrzmq0-debuginfo-7.4-150300.4.12.1 libmlag_pb0-7.4-150300.4.12.1 libmlag_pb0-debuginfo-7.4-150300.4.12.1 References: From sle-updates at lists.suse.com Fri Dec 9 20:20:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 21:20:58 +0100 (CET) Subject: SUSE-SU-2022:4397-1: moderate: Security update for go1.19 Message-ID: <20221209202058.5C125FD2D@maintenance.suse.de> SUSE Security Update: Security update for go1.19 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4397-1 Rating: moderate References: #1200441 #1206134 #1206135 Cross-References: CVE-2022-41717 CVE-2022-41720 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.19 fixes the following issues: Update to version 1.19.4, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4397=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4397=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4397=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4397=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.4-150000.1.18.1 go1.19-doc-1.19.4-150000.1.18.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.19-race-1.19.4-150000.1.18.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.4-150000.1.18.1 go1.19-doc-1.19.4-150000.1.18.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.19-race-1.19.4-150000.1.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.19-1.19.4-150000.1.18.1 go1.19-doc-1.19.4-150000.1.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.19-race-1.19.4-150000.1.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.19-1.19.4-150000.1.18.1 go1.19-doc-1.19.4-150000.1.18.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.19-race-1.19.4-150000.1.18.1 References: https://www.suse.com/security/cve/CVE-2022-41717.html https://www.suse.com/security/cve/CVE-2022-41720.html https://bugzilla.suse.com/1200441 https://bugzilla.suse.com/1206134 https://bugzilla.suse.com/1206135 From sle-updates at lists.suse.com Fri Dec 9 20:21:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Dec 2022 21:21:54 +0100 (CET) Subject: SUSE-SU-2022:4398-1: moderate: Security update for go1.18 Message-ID: <20221209202154.D4EEBFD2D@maintenance.suse.de> SUSE Security Update: Security update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4398-1 Rating: moderate References: #1193742 #1206134 #1206135 Cross-References: CVE-2022-41717 CVE-2022-41720 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135) - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4398=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4398=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4398=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4398=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.9-150000.1.40.1 go1.18-doc-1.18.9-150000.1.40.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.18-race-1.18.9-150000.1.40.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.9-150000.1.40.1 go1.18-doc-1.18.9-150000.1.40.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.18-race-1.18.9-150000.1.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.9-150000.1.40.1 go1.18-doc-1.18.9-150000.1.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.18-race-1.18.9-150000.1.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.9-150000.1.40.1 go1.18-doc-1.18.9-150000.1.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18.9-150000.1.40.1 References: https://www.suse.com/security/cve/CVE-2022-41717.html https://www.suse.com/security/cve/CVE-2022-41720.html https://bugzilla.suse.com/1193742 https://bugzilla.suse.com/1206134 https://bugzilla.suse.com/1206135 From sle-updates at lists.suse.com Fri Dec 9 23:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2022 00:20:08 +0100 (CET) Subject: SUSE-RU-2022:4400-1: moderate: Recommended update for SUSEConnect Message-ID: <20221209232008.A36C5FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4400-1 Rating: moderate References: #1196076 #1200641 #1200994 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994) - Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641) - Periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4400=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4400=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4400=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4400=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4400=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4400=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): SUSEConnect-0.3.36-150100.7.28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.36-150100.7.28.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): SUSEConnect-0.3.36-150100.7.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): SUSEConnect-0.3.36-150100.7.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): SUSEConnect-0.3.36-150100.7.28.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): SUSEConnect-0.3.36-150100.7.28.1 - SUSE CaaS Platform 4.0 (x86_64): SUSEConnect-0.3.36-150100.7.28.1 References: https://bugzilla.suse.com/1196076 https://bugzilla.suse.com/1200641 https://bugzilla.suse.com/1200994 From sle-updates at lists.suse.com Fri Dec 9 23:21:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2022 00:21:14 +0100 (CET) Subject: SUSE-RU-2022:4399-1: moderate: Recommended update for SUSEConnect Message-ID: <20221209232114.AB6C1FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4399-1 Rating: moderate References: #1196076 #1200641 #1200994 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994) - Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641) - Periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4399=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4399=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4399=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4399=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4399=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4399=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4399=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4399=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4399=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): SUSEConnect-0.3.36-150200.19.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): SUSEConnect-0.3.36-150200.19.1 - SUSE Manager Proxy 4.1 (x86_64): SUSEConnect-0.3.36-150200.19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): SUSEConnect-0.3.36-150200.19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.36-150200.19.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): SUSEConnect-0.3.36-150200.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): SUSEConnect-0.3.36-150200.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): SUSEConnect-0.3.36-150200.19.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): SUSEConnect-0.3.36-150200.19.1 References: https://bugzilla.suse.com/1196076 https://bugzilla.suse.com/1200641 https://bugzilla.suse.com/1200994 From sle-updates at lists.suse.com Fri Dec 9 23:22:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2022 00:22:11 +0100 (CET) Subject: SUSE-RU-2022:4403-1: moderate: Recommended update for SUSEConnect Message-ID: <20221209232211.29FBDFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4403-1 Rating: moderate References: #1196076 #1200641 #1200994 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994) - Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641) - Periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4403=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.36-3.18.4 References: https://bugzilla.suse.com/1196076 https://bugzilla.suse.com/1200641 https://bugzilla.suse.com/1200994 From sle-updates at lists.suse.com Fri Dec 9 23:23:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2022 00:23:00 +0100 (CET) Subject: SUSE-RU-2022:4401-1: moderate: Recommended update for SUSEConnect Message-ID: <20221209232300.7A17BFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4401-1 Rating: moderate References: #1196076 #1200641 #1200994 Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994) - Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641) - Periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4401=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4401=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4401=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4401=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4401=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): SUSEConnect-0.3.36-3.52.4 - SUSE OpenStack Cloud 9 (x86_64): SUSEConnect-0.3.36-3.52.4 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): SUSEConnect-0.3.36-3.52.4 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.36-3.52.4 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): SUSEConnect-0.3.36-3.52.4 References: https://bugzilla.suse.com/1196076 https://bugzilla.suse.com/1200641 https://bugzilla.suse.com/1200994 From sle-updates at lists.suse.com Fri Dec 9 23:24:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2022 00:24:00 +0100 (CET) Subject: SUSE-RU-2022:4402-1: moderate: Recommended update for SUSEConnect Message-ID: <20221209232400.272C3FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSEConnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4402-1 Rating: moderate References: #1196076 #1200641 #1200994 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for SUSEConnect fixes the following issues: - Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994) - Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641) - Periodically call --keepalive command to make system information in SCC and proxies more accurate. (bsc#1196076) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4402=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4402=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-4402=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4402=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4402=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): SUSEConnect-0.3.36-150000.3.45.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): SUSEConnect-0.3.36-150000.3.45.1 - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): SUSEConnect-0.3.36-150000.3.45.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): SUSEConnect-0.3.36-150000.3.45.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): SUSEConnect-0.3.36-150000.3.45.1 References: https://bugzilla.suse.com/1196076 https://bugzilla.suse.com/1200641 https://bugzilla.suse.com/1200994 From sle-updates at lists.suse.com Sat Dec 10 08:22:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2022 09:22:06 +0100 (CET) Subject: SUSE-CU-2022:3327-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20221210082206.CB294FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3327-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.16 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.16 Severity : important Type : recommended References : 1203957 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) The following package changes have been done: - iputils-20211215-150400.3.3.2 updated - libsemanage1-3.1-150400.1.65 removed - libsepol1-3.1-150400.1.70 removed From sle-updates at lists.suse.com Sat Dec 10 08:38:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 10 Dec 2022 09:38:31 +0100 (CET) Subject: SUSE-CU-2022:3328-1: Recommended update of suse/sle15 Message-ID: <20221210083831.25973FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3328-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.240 Container Release : 9.5.240 Severity : moderate Type : recommended References : 1204511 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4388-1 Released: Fri Dec 9 04:07:21 2022 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1204511 This update for gnutls fixes the following issues: - Fix potential to free an invalid pointer (bsc#1204511) The following package changes have been done: - libgnutls30-hmac-3.6.7-150200.14.22.1 updated - libgnutls30-3.6.7-150200.14.22.1 updated From sle-updates at lists.suse.com Mon Dec 12 11:19:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2022 12:19:50 +0100 (CET) Subject: SUSE-RU-2022:4407-1: moderate: Recommended update for gfxboot Message-ID: <20221212111950.6EDB5FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for gfxboot ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4407-1 Rating: moderate References: #1149754 #1199896 Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gfxboot fixes the following issues: - Fix Legacy Video BIOS "graphic initialization" failing (bsc#1199896) - Updated README.md adding how to to build and view the bincode reference - Translated using Weblate (Slovenian) (bsc#1149754) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4407=1 Package List: - openSUSE Leap 15.4 (x86_64): gfxboot-4.5.85-150400.3.3.1 gfxboot-branding-KDE-4.5.85-150400.3.3.1 gfxboot-branding-SLED-4.5.85-150400.3.3.1 gfxboot-branding-SLES-4.5.85-150400.3.3.1 gfxboot-branding-upstream-4.5.85-150400.3.3.1 gfxboot-debugsource-4.5.85-150400.3.3.1 gfxboot-devel-4.5.85-150400.3.3.1 gfxboot-devel-debuginfo-4.5.85-150400.3.3.1 References: https://bugzilla.suse.com/1149754 https://bugzilla.suse.com/1199896 From sle-updates at lists.suse.com Mon Dec 12 11:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2022 12:20:26 +0100 (CET) Subject: SUSE-RU-2022:4406-1: moderate: Recommended update for selinux-policy Message-ID: <20221212112026.3A7E7FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for selinux-policy ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4406-1 Rating: moderate References: #1201015 Affected Products: SUSE Linux Enterprise Micro 5.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for selinux-policy fixes the following issues: - Fix cloud-init runcmd issue with snapper (bsc#1201015) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4406=1 Package List: - SUSE Linux Enterprise Micro 5.1 (noarch): selinux-policy-20210716-150300.5.14.1 selinux-policy-devel-20210716-150300.5.14.1 selinux-policy-targeted-20210716-150300.5.14.1 References: https://bugzilla.suse.com/1201015 From sle-updates at lists.suse.com Mon Dec 12 11:20:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2022 12:20:58 +0100 (CET) Subject: SUSE-RU-2022:4404-1: moderate: Recommended update for libpulp Message-ID: <20221212112058.4C40CFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpulp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4404-1 Rating: moderate References: #1200129 #1200316 Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libpulp fixes the following issues: - Fix ulp tool not patching on highly stressed environments. The reason behind it is that a 10s timeout was not enough depending of how stressed the machine is (bsc#1200316) - Fix HANA testcase failures (bsc#1200129) - Add support for searching for patches recursively so that to include subdirectories - Improve the process patching performance. This is achieved by reducing ptrace calls and switching to 'process_vm_readv/writev' when possible, and moving process discovery to a different thread. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4404=1 Package List: - openSUSE Leap 15.4 (x86_64): libpulp-debuginfo-0.2.5-150400.3.6.1 libpulp-debugsource-0.2.5-150400.3.6.1 libpulp-tools-0.2.5-150400.3.6.1 libpulp-tools-debuginfo-0.2.5-150400.3.6.1 libpulp0-0.2.5-150400.3.6.1 libpulp0-debuginfo-0.2.5-150400.3.6.1 References: https://bugzilla.suse.com/1200129 https://bugzilla.suse.com/1200316 From sle-updates at lists.suse.com Mon Dec 12 11:21:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2022 12:21:37 +0100 (CET) Subject: SUSE-RU-2022:4404-1: moderate: Recommended update for libpulp Message-ID: <20221212112137.5BD9FFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for libpulp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4404-1 Rating: moderate References: #1200129 #1200316 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libpulp fixes the following issues: - Fix ulp tool not patching on highly stressed environments. The reason behind it is that a 10s timeout was not enough depending of how stressed the machine is (bsc#1200316) - Fix HANA testcase failures (bsc#1200129) - Add support for searching for patches recursively so that to include subdirectories - Improve the process patching performance. This is achieved by reducing ptrace calls and switching to 'process_vm_readv/writev' when possible, and moving process discovery to a different thread. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4404=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4404=1 Package List: - openSUSE Leap 15.4 (x86_64): libpulp-debuginfo-0.2.5-150400.3.6.1 libpulp-debugsource-0.2.5-150400.3.6.1 libpulp-tools-0.2.5-150400.3.6.1 libpulp-tools-debuginfo-0.2.5-150400.3.6.1 libpulp0-0.2.5-150400.3.6.1 libpulp0-debuginfo-0.2.5-150400.3.6.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (x86_64): libpulp-debuginfo-0.2.5-150400.3.6.1 libpulp-debugsource-0.2.5-150400.3.6.1 libpulp-tools-0.2.5-150400.3.6.1 libpulp-tools-debuginfo-0.2.5-150400.3.6.1 libpulp0-0.2.5-150400.3.6.1 libpulp0-debuginfo-0.2.5-150400.3.6.1 References: https://bugzilla.suse.com/1200129 https://bugzilla.suse.com/1200316 From sle-updates at lists.suse.com Mon Dec 12 11:22:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2022 12:22:19 +0100 (CET) Subject: SUSE-RU-2022:4405-1: moderate: Recommended update for selinux-policy Message-ID: <20221212112219.2AA19FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for selinux-policy ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4405-1 Rating: moderate References: #1201015 Affected Products: SUSE Linux Enterprise Micro 5.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for selinux-policy fixes the following issues: - Fix cloud-init runcmd issue with snapper (bsc#1201015) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4405=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4405=1 Package List: - openSUSE Leap Micro 5.2 (noarch): selinux-policy-20210716-150300.13.8.1 selinux-policy-devel-20210716-150300.13.8.1 selinux-policy-targeted-20210716-150300.13.8.1 - SUSE Linux Enterprise Micro 5.2 (noarch): selinux-policy-20210716-150300.13.8.1 selinux-policy-devel-20210716-150300.13.8.1 selinux-policy-targeted-20210716-150300.13.8.1 References: https://bugzilla.suse.com/1201015 From sle-updates at lists.suse.com Mon Dec 12 14:19:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2022 15:19:18 +0100 (CET) Subject: SUSE-SU-2022:4409-1: important: Security update for containerd Message-ID: <20221212141918.14FE3FD2D@maintenance.suse.de> SUSE Security Update: Security update for containerd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4409-1 Rating: important References: #1197284 #1206065 #1206235 Cross-References: CVE-2022-23471 CVE-2022-27191 CVSS scores: CVE-2022-23471 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2022-4409=1 Package List: - SUSE Linux Enterprise Module for Containers 12 (ppc64le s390x x86_64): containerd-1.6.12-16.68.1 References: https://www.suse.com/security/cve/CVE-2022-23471.html https://www.suse.com/security/cve/CVE-2022-27191.html https://bugzilla.suse.com/1197284 https://bugzilla.suse.com/1206065 https://bugzilla.suse.com/1206235 From sle-updates at lists.suse.com Mon Dec 12 14:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Dec 2022 15:20:08 +0100 (CET) Subject: SUSE-SU-2022:4410-1: moderate: Security update for colord Message-ID: <20221212142008.E9676FD2D@maintenance.suse.de> SUSE Security Update: Security update for colord ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4410-1 Rating: moderate References: #1202802 Cross-References: CVE-2021-42523 CVSS scores: CVE-2021-42523 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-42523 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for colord fixes the following issues: - CVE-2021-42523: Fixed a small memory leak in sqlite3_exec (bsc#1202802). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-4410=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4410=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4410=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): colord-1.3.3-13.3.1 colord-debuginfo-1.3.3-13.3.1 colord-debugsource-1.3.3-13.3.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): colord-lang-1.3.3-13.3.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): colord-debuginfo-1.3.3-13.3.1 colord-debugsource-1.3.3-13.3.1 libcolord-devel-1.3.3-13.3.1 typelib-1_0-ColorHug-1_0-1.3.3-13.3.1 typelib-1_0-Colord-1_0-1.3.3-13.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): colord-debuginfo-1.3.3-13.3.1 colord-debugsource-1.3.3-13.3.1 libcolord2-1.3.3-13.3.1 libcolord2-debuginfo-1.3.3-13.3.1 libcolorhug2-1.3.3-13.3.1 libcolorhug2-debuginfo-1.3.3-13.3.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcolord2-32bit-1.3.3-13.3.1 libcolord2-debuginfo-32bit-1.3.3-13.3.1 References: https://www.suse.com/security/cve/CVE-2021-42523.html https://bugzilla.suse.com/1202802 From sle-updates at lists.suse.com Tue Dec 13 08:24:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 09:24:32 +0100 (CET) Subject: SUSE-RU-2022:4412-1: moderate: Recommended update for suse-build-key Message-ID: <20221213082432.9B011FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4412-1 Rating: moderate References: #1204706 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4412=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4412=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4412=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4412=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4412=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4412=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4412=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4412=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4412=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4412=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4412=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4412=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4412=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4412=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4412=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4412=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4412=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4412=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4412=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4412=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4412=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4412=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4412=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4412=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4412=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4412=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4412=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (noarch): suse-build-key-12.0-150000.8.28.1 - openSUSE Leap 15.4 (noarch): suse-build-key-12.0-150000.8.28.1 - openSUSE Leap 15.3 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Manager Server 4.1 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Manager Retail Branch Server 4.1 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Manager Proxy 4.1 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Micro 5.3 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Micro 5.2 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise Micro 5.1 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Enterprise Storage 7 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE Enterprise Storage 6 (noarch): suse-build-key-12.0-150000.8.28.1 - SUSE CaaS Platform 4.0 (noarch): suse-build-key-12.0-150000.8.28.1 References: https://bugzilla.suse.com/1204706 From sle-updates at lists.suse.com Tue Dec 13 08:26:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 09:26:53 +0100 (CET) Subject: SUSE-SU-2022:4411-1: important: Security update for tiff Message-ID: <20221213082653.72B54FD2D@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4411-1 Rating: important References: #1204642 #1205422 Cross-References: CVE-2022-3570 CVE-2022-3598 CVSS scores: CVE-2022-3570 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3570 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3598 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3598 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422). - CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4411=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4411=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4411=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4411=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4411=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4411=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4411=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4411=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4411=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4411=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4411=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4411=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4411=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4411=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4411=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4411=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4411=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4411=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4411=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4411=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4411=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4411=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4411=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4411=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4411=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - openSUSE Leap 15.4 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - openSUSE Leap 15.3 (x86_64): libtiff-devel-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Manager Server 4.1 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Manager Proxy 4.1 (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): tiff-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Enterprise Storage 7 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 - SUSE Enterprise Storage 6 (x86_64): libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 - SUSE CaaS Platform 4.0 (x86_64): libtiff-devel-4.0.9-150000.45.22.1 libtiff5-32bit-4.0.9-150000.45.22.1 libtiff5-32bit-debuginfo-4.0.9-150000.45.22.1 libtiff5-4.0.9-150000.45.22.1 libtiff5-debuginfo-4.0.9-150000.45.22.1 tiff-debuginfo-4.0.9-150000.45.22.1 tiff-debugsource-4.0.9-150000.45.22.1 References: https://www.suse.com/security/cve/CVE-2022-3570.html https://www.suse.com/security/cve/CVE-2022-3598.html https://bugzilla.suse.com/1204642 https://bugzilla.suse.com/1205422 From sle-updates at lists.suse.com Tue Dec 13 11:25:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:25:59 +0100 (CET) Subject: SUSE-RU-2022:4432-1: moderate: Recommended update for Salt Message-ID: <20221213112559.A78F6FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4432-1 Rating: moderate References: #1201059 #1203886 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Manager Tools 12 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Ignore extend declarations from excluded SLS files (bsc#1203886) - Enhance capture of error messages for Zypper calls in zypperpkg module supportutils-plugin-salt: - Update to version 1.2.2 * Remove possible passwords from Salt configuration files (bsc#1201059) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-4432=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2022-4432=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-74.1 python3-salt-3000-74.1 salt-3000-74.1 salt-doc-3000-74.1 salt-minion-3000-74.1 - SUSE Manager Tools 12 (noarch): supportutils-plugin-salt-1.2.2-6.22.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-74.1 salt-3000-74.1 salt-api-3000-74.1 salt-cloud-3000-74.1 salt-doc-3000-74.1 salt-master-3000-74.1 salt-minion-3000-74.1 salt-proxy-3000-74.1 salt-ssh-3000-74.1 salt-standalone-formulas-configuration-3000-74.1 salt-syndic-3000-74.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-74.1 salt-zsh-completion-3000-74.1 References: https://bugzilla.suse.com/1201059 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 11:26:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:26:56 +0100 (CET) Subject: SUSE-SU-2022:4428-1: important: Security update for grafana Message-ID: <20221213112656.EC6ABFD84@maintenance.suse.de> SUSE Security Update: Security update for grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4428-1 Rating: important References: #1188571 #1189520 #1192383 #1192763 #1193492 #1193686 #1199810 #1201535 #1201539 #1203596 #1203597 PED-2145 Cross-References: CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 CVSS scores: CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41244 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-29170 (NVD) : 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CVE-2022-29170 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L CVE-2022-31097 (NVD) : 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2022-35957 (NVD) : 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-35957 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-36062 (NVD) : 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVE-2022-36062 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities, contains one feature is now available. Description: This update for grafana fixes the following issues: Version update from 8.3.10 to 8.5.13 (jsc#PED-2145): - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom "All" variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for "Metric Search" * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4428=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4428=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4428=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): grafana-8.5.13-150200.3.29.5 grafana-debuginfo-8.5.13-150200.3.29.5 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grafana-8.5.13-150200.3.29.5 grafana-debuginfo-8.5.13-150200.3.29.5 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): grafana-8.5.13-150200.3.29.5 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43813.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-29170.html https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://www.suse.com/security/cve/CVE-2022-35957.html https://www.suse.com/security/cve/CVE-2022-36062.html https://bugzilla.suse.com/1188571 https://bugzilla.suse.com/1189520 https://bugzilla.suse.com/1192383 https://bugzilla.suse.com/1192763 https://bugzilla.suse.com/1193492 https://bugzilla.suse.com/1193686 https://bugzilla.suse.com/1199810 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539 https://bugzilla.suse.com/1203596 https://bugzilla.suse.com/1203597 From sle-updates at lists.suse.com Tue Dec 13 11:28:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:28:32 +0100 (CET) Subject: SUSE-RU-2022:15117-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221213112832.5982BFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15117-1 Rating: moderate References: #1203283 Affected Products: SUSE Manager Ubuntu 22.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: libopenscap8: - Provide libopenscap8 version 1.2.17 prometheus-apache-exporter: - Provide prometheus-apache-exporter version 0.11.0 prometheus-exporter-exporter: - Provide prometheus-exporter-exporter version 0.4.0 prometheus-node-exporter: - Provide prometheus-node-exporter version 0.3.1 prometheus-postgres-exporter: - Provide prometheus-postgres-exporter version 0.10.1 spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS: zypper in -t patch suse-ubu224ct-client-tools-202211-15117=1 Package List: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS (amd64): libopenscap-dev-1.2.17-0.1ubuntu7~uyuni1 libopenscap-perl-1.2.17-0.1ubuntu7~uyuni1 libopenscap8-1.2.17-0.1ubuntu7~uyuni1 libopenscap8-dbg-1.2.17-0.1ubuntu7~uyuni1 prometheus-apache-exporter-0.11.0-1 prometheus-exporter-exporter-0.4.0-1 prometheus-node-exporter-1.3.1-1 prometheus-postgres-exporter-0.10.1-1 python3-openscap-1.2.17-0.1ubuntu7~uyuni1 - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS (all): spacecmd-4.3.16-2.9.4 References: https://bugzilla.suse.com/1203283 From sle-updates at lists.suse.com Tue Dec 13 11:29:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:29:10 +0100 (CET) Subject: SUSE-SU-2022:4443-1: moderate: Security update for SUSE Manager Proxy and Retail Branch Server 4.2 Message-ID: <20221213112910.77748FD84@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Proxy and Retail Branch Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4443-1 Rating: moderate References: #1205339 Affected Products: SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes the following issues: release-notes-susemanager-proxy: - Mention bsc#1205339 at the release notes Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-4443=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-4443=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-4443=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.10-150300.3.60.2 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.10-150300.3.49.2 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.10-150300.3.49.2 References: https://bugzilla.suse.com/1205339 From sle-updates at lists.suse.com Tue Dec 13 11:30:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:30:12 +0100 (CET) Subject: SUSE-SU-2022:4437-1: important: Security update for SUSE Manager Client Tools Message-ID: <20221213113012.D1202FD84@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4437-1 Rating: important References: #1188571 #1189520 #1192383 #1192763 #1193492 #1193686 #1199810 #1201535 #1201539 #1202945 #1203283 #1203596 #1203597 #1203599 PED-2145 Cross-References: CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 CVSS scores: CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41244 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-29170 (NVD) : 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CVE-2022-29170 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L CVE-2022-31097 (NVD) : 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2022-35957 (NVD) : 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-35957 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-36062 (NVD) : 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVE-2022-36062 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Tools 15 SUSE Manager Tools for SLE Micro 5 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 12 vulnerabilities, contains one feature and has two fixes is now available. Description: This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1665997480.587fa10 * Add dependencies on xz and gzip to support compressed images golang-github-boynux-squid_exporter: - Exclude s390 architecture - Enhanced to build on Enterprise Linux 8. grafana: - Version update from 8.3.10 to 8.5.13 (jsc#PED-2145) - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom "All" variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for "Metric Search" * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings prometheus-blackbox_exporter: - Add requirement for go1.18 (bsc#1203599) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) spacewalk-client-tools: - Version 4.3.13-1 * Update translation strings uyuni-proxy-systemd-services: - Version 4.3.7-1 * Expose /etc/sysconfig/proxy variables to container services (bsc#1202945) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4437=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4437=1 - SUSE Manager Tools for SLE Micro 5: zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2022-4437=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-4437=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4437=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4437=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 golang-github-prometheus-promu-0.13.0-150000.3.9.1 prometheus-blackbox_exporter-0.19.0-150000.1.14.3 wire-0.5.0-150000.1.9.3 wire-debuginfo-0.5.0-150000.1.9.3 - openSUSE Leap 15.4 (noarch): dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1 spacecmd-4.3.16-150000.3.89.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 golang-github-prometheus-promu-0.13.0-150000.3.9.1 - openSUSE Leap 15.3 (noarch): dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1 spacecmd-4.3.16-150000.3.89.1 - SUSE Manager Tools for SLE Micro 5 (aarch64 s390x x86_64): prometheus-blackbox_exporter-0.19.0-150000.1.14.3 - SUSE Manager Tools for SLE Micro 5 (noarch): dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1 uyuni-proxy-systemd-services-4.3.7-150000.1.9.3 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 grafana-8.5.13-150000.1.36.3 grafana-debuginfo-8.5.13-150000.1.36.3 prometheus-blackbox_exporter-0.19.0-150000.1.14.3 - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1665997480.587fa10-150000.1.41.1 python3-spacewalk-check-4.3.13-150000.3.71.3 python3-spacewalk-client-setup-4.3.13-150000.3.71.3 python3-spacewalk-client-tools-4.3.13-150000.3.71.3 spacecmd-4.3.16-150000.3.89.1 spacewalk-check-4.3.13-150000.3.71.3 spacewalk-client-setup-4.3.13-150000.3.71.3 spacewalk-client-tools-4.3.13-150000.3.71.3 uyuni-proxy-systemd-services-4.3.7-150000.1.9.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 prometheus-blackbox_exporter-0.19.0-150000.1.14.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-150000.1.9.1 golang-github-boynux-squid_exporter-debuginfo-1.6-150000.1.9.1 prometheus-blackbox_exporter-0.19.0-150000.1.14.3 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43813.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-29170.html https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://www.suse.com/security/cve/CVE-2022-35957.html https://www.suse.com/security/cve/CVE-2022-36062.html https://bugzilla.suse.com/1188571 https://bugzilla.suse.com/1189520 https://bugzilla.suse.com/1192383 https://bugzilla.suse.com/1192763 https://bugzilla.suse.com/1193492 https://bugzilla.suse.com/1193686 https://bugzilla.suse.com/1199810 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539 https://bugzilla.suse.com/1202945 https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203596 https://bugzilla.suse.com/1203597 https://bugzilla.suse.com/1203599 From sle-updates at lists.suse.com Tue Dec 13 11:32:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:32:24 +0100 (CET) Subject: SUSE-RU-2022:4422-1: moderate: Recommended update for SUSE Manager 4.3.3 Release Notes Message-ID: <20221213113224.C9A8BFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.3.3 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4422-1 Rating: moderate References: #1200169 #1200296 #1201476 #1201606 #1201607 #1201788 #1201893 #1202093 #1202217 #1202785 #1203283 #1203451 #1203532 #1203580 #1203588 #1203599 #1203611 #1203633 #1203685 #1203698 #1203884 #1204029 #1204061 #1204195 #1204437 #1204444 #1204517 #1204519 #1204541 #1204651 #1204699 #1205212 #1205339 #1205470 Affected Products: SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has 34 recommended fixes can now be installed. Description: This update for SUSE Manager 4.3.3 Release Notes provides the following additions: Release Notes for SUSE Manager: - Revision 4.3.3 - Bugs mentioned: bsc#1200169, bsc#1200296, bsc#1201476, bsc#1201606, bsc#1201607 bsc#1201788, bsc#1201893, bsc#1202093, bsc#1202217, bsc#1202785 bsc#1203283, bsc#1203451, bsc#1203532, bsc#1203580, bsc#1203588 bsc#1203599, bsc#1203611, bsc#1203633, bsc#1203685, bsc#1203698 bsc#1203884, bsc#1204029, bsc#1204061, bsc#1204195, bsc#1204437 bsc#1204444, bsc#1204517, bsc#1204519, bsc#1204541, bsc#1204651 bsc#1204699, bsc#1205212, bsc#1205339, bsc#1205470 Release Notes for SUSE Manager Proxy: - Revision 4.3.3 - Bugs mentioned: bsc#1201893, bsc#1203283, bsc#1204517, bsc#1205212, bsc#1205339 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-4422=1 - SUSE Manager Retail Branch Server 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-4422=1 - SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-4422=1 Package List: - SUSE Manager Server 4.3 (ppc64le s390x x86_64): release-notes-susemanager-4.3.3-150400.3.23.1 - SUSE Manager Retail Branch Server 4.3 (x86_64): release-notes-susemanager-proxy-4.3.3-150400.3.12.3 - SUSE Manager Proxy 4.3 (x86_64): release-notes-susemanager-proxy-4.3.3-150400.3.12.3 References: https://bugzilla.suse.com/1200169 https://bugzilla.suse.com/1200296 https://bugzilla.suse.com/1201476 https://bugzilla.suse.com/1201606 https://bugzilla.suse.com/1201607 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1201893 https://bugzilla.suse.com/1202093 https://bugzilla.suse.com/1202217 https://bugzilla.suse.com/1202785 https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203451 https://bugzilla.suse.com/1203532 https://bugzilla.suse.com/1203580 https://bugzilla.suse.com/1203588 https://bugzilla.suse.com/1203599 https://bugzilla.suse.com/1203611 https://bugzilla.suse.com/1203633 https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203698 https://bugzilla.suse.com/1203884 https://bugzilla.suse.com/1204029 https://bugzilla.suse.com/1204061 https://bugzilla.suse.com/1204195 https://bugzilla.suse.com/1204437 https://bugzilla.suse.com/1204444 https://bugzilla.suse.com/1204517 https://bugzilla.suse.com/1204519 https://bugzilla.suse.com/1204541 https://bugzilla.suse.com/1204651 https://bugzilla.suse.com/1204699 https://bugzilla.suse.com/1205212 https://bugzilla.suse.com/1205339 https://bugzilla.suse.com/1205470 From sle-updates at lists.suse.com Tue Dec 13 11:35:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:35:55 +0100 (CET) Subject: SUSE-RU-2022:4413-1: moderate: Recommended update for resource-agents Message-ID: <20221213113555.0EF42FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4413-1 Rating: moderate References: PED-121 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issue: - Pacemaker should provide a dynamic option to specify a logfile. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4413=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4413=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ldirectord-4.10.0+git40.0f4de473-150400.3.13.1 resource-agents-4.10.0+git40.0f4de473-150400.3.13.1 resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.13.1 resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.13.1 - openSUSE Leap 15.4 (noarch): monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.13.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ldirectord-4.10.0+git40.0f4de473-150400.3.13.1 resource-agents-4.10.0+git40.0f4de473-150400.3.13.1 resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.13.1 resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.13.1 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.13.1 References: From sle-updates at lists.suse.com Tue Dec 13 11:36:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:36:37 +0100 (CET) Subject: SUSE-RU-2022:4421-1: moderate: Recommended update for Salt Message-ID: <20221213113637.95012FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4421-1 Rating: moderate References: #1203685 #1203834 #1203886 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4421=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4421=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4421=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4421=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-salt-3004-150000.8.41.49.1 salt-3004-150000.8.41.49.1 salt-api-3004-150000.8.41.49.1 salt-cloud-3004-150000.8.41.49.1 salt-doc-3004-150000.8.41.49.1 salt-master-3004-150000.8.41.49.1 salt-minion-3004-150000.8.41.49.1 salt-proxy-3004-150000.8.41.49.1 salt-ssh-3004-150000.8.41.49.1 salt-standalone-formulas-configuration-3004-150000.8.41.49.1 salt-syndic-3004-150000.8.41.49.1 salt-transactional-update-3004-150000.8.41.49.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3004-150000.8.41.49.1 salt-fish-completion-3004-150000.8.41.49.1 salt-zsh-completion-3004-150000.8.41.49.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-salt-3004-150000.8.41.49.1 salt-3004-150000.8.41.49.1 salt-api-3004-150000.8.41.49.1 salt-cloud-3004-150000.8.41.49.1 salt-doc-3004-150000.8.41.49.1 salt-master-3004-150000.8.41.49.1 salt-minion-3004-150000.8.41.49.1 salt-proxy-3004-150000.8.41.49.1 salt-ssh-3004-150000.8.41.49.1 salt-standalone-formulas-configuration-3004-150000.8.41.49.1 salt-syndic-3004-150000.8.41.49.1 salt-transactional-update-3004-150000.8.41.49.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3004-150000.8.41.49.1 salt-fish-completion-3004-150000.8.41.49.1 salt-zsh-completion-3004-150000.8.41.49.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-salt-3004-150000.8.41.49.1 salt-3004-150000.8.41.49.1 salt-api-3004-150000.8.41.49.1 salt-cloud-3004-150000.8.41.49.1 salt-doc-3004-150000.8.41.49.1 salt-master-3004-150000.8.41.49.1 salt-minion-3004-150000.8.41.49.1 salt-proxy-3004-150000.8.41.49.1 salt-ssh-3004-150000.8.41.49.1 salt-standalone-formulas-configuration-3004-150000.8.41.49.1 salt-syndic-3004-150000.8.41.49.1 salt-transactional-update-3004-150000.8.41.49.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3004-150000.8.41.49.1 salt-fish-completion-3004-150000.8.41.49.1 salt-zsh-completion-3004-150000.8.41.49.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-salt-3004-150000.8.41.49.1 salt-3004-150000.8.41.49.1 salt-api-3004-150000.8.41.49.1 salt-cloud-3004-150000.8.41.49.1 salt-doc-3004-150000.8.41.49.1 salt-master-3004-150000.8.41.49.1 salt-minion-3004-150000.8.41.49.1 salt-proxy-3004-150000.8.41.49.1 salt-ssh-3004-150000.8.41.49.1 salt-standalone-formulas-configuration-3004-150000.8.41.49.1 salt-syndic-3004-150000.8.41.49.1 salt-transactional-update-3004-150000.8.41.49.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3004-150000.8.41.49.1 salt-fish-completion-3004-150000.8.41.49.1 salt-zsh-completion-3004-150000.8.41.49.1 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 11:37:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:37:28 +0100 (CET) Subject: SUSE-RU-2022:15120-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221213113728.D0227FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15120-1 Rating: moderate References: #1203685 #1203834 #1203886 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202211-15120=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.19.4 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 11:38:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:38:14 +0100 (CET) Subject: SUSE-RU-2022:15122-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221213113814.3E7FFFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15122-1 Rating: moderate References: #1203685 #1203834 #1203886 #1204206 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Removed dependency to policycoreutils for Ubuntu 20.04 and higher (bsc#1204206) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202211-15122=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.17.4 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 https://bugzilla.suse.com/1204206 From sle-updates at lists.suse.com Tue Dec 13 11:39:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:39:04 +0100 (CET) Subject: SUSE-RU-2022:4429-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221213113904.9C46BFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4429-1 Rating: moderate References: #1203685 #1203834 #1203886 #1204206 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Removed dependency to policycoreutils for Ubuntu 20.04 and higher (bsc#1204206) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2022-4429=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.17.4 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 https://bugzilla.suse.com/1204206 From sle-updates at lists.suse.com Tue Dec 13 11:39:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:39:53 +0100 (CET) Subject: SUSE-RU-2022:4435-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221213113953.226ACFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4435-1 Rating: moderate References: #1203283 #1203685 #1203834 #1203886 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-4435=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3004+ds-1+2.67.3 salt-minion-3004+ds-1+2.67.3 scap-security-guide-debian-0.1.63-2.26.2 spacecmd-4.3.16-2.39.3 References: https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 11:40:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:40:46 +0100 (CET) Subject: SUSE-RU-2022:4417-1: moderate: Recommended update for SUSE Manager Server 4.3 Message-ID: <20221213114046.7364AFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4417-1 Rating: moderate References: #1200169 #1200296 #1201476 #1201606 #1201607 #1201788 #1201893 #1202093 #1202217 #1202785 #1203283 #1203451 #1203532 #1203580 #1203588 #1203599 #1203611 #1203633 #1203685 #1203698 #1203884 #1204029 #1204061 #1204195 #1204437 #1204444 #1204517 #1204519 #1204541 #1204651 #1204699 #1205212 #1205339 #1205470 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has 34 recommended fixes can now be installed. Description: This update fixes the following issues: grafana-formula: - Version 0.7.1 * Fix default password field description (bsc#1203698) * Do not require default admin and password fields hub-xmlrpc-api: - Use golang(API) = 1.18 for building on SUSE (bsc#1203599) This source fails to build with the current go1.19 on SUSE and we need to use go1.18 instead. inter-server-sync: - Version 0.2.5 * Correct error when importing without debug log level (bsc#1204699) - Version 0.2.4 * Improve memory usage and log information #17193 * Conditional insert check for FK reference exists (bsc#1202785) * Correct navigation path for table rhnerratafilechannel (bsc#1202785) prometheus-formula: - Version 0.7.0 * Switch from basic authentication to TLS certificate client authentication for Blackbox exporter * Fix scheme label in clients targets configration * Add README.md python-urlgrabber: - Incorporate latest changes for the fix of wrong logic on find_proxy method causing proxy not being used (bsc#1201788) smdba: - Version 1.7.11 * fix config update from wal_keep_segments to wal_keep_size for newer postgresql versions (bsc#1204519) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) spacewalk-backend: - Version 4.3.17-1 * require python3-debian version which support new compression methods to sync ubuntu22-04 repositories (bsc#1205212) * Used the legacy reporting system in spacewalk-debug to obtain up-to-date information * Keep older module metadata files in database (bsc#1201893) * Added an optional component_type property to the LOG object and included it to a log message * Add an optional component property to the log messages spacewalk-certs-tools: - Version 4.3.16-1 * Generated bootstrap scripts installs all needed Salt 3004 dependencies for Ubuntu 18.04 (bsc#1204517) * add transactional system support to the bootstrap generator * change bootstrap script generator to detect SLE Micro spacewalk-client-tools: - Version 4.3.13-1 * Update translation strings spacewalk-java: - Version 4.3.43-1 * Changed proxy settings retrieval to not include password (bsc#1205339) - Version 4.3.42-1 * Update jackson-databind version - Version 4.3.41-1 * Manage reboot in transactional update action chain (bsc#1201476) * Enable monitoring for RHEL 9 Salt clients * Optimize performance of config channels operations for UI and API (bsc#1204029) * Don't add the same channel twice in the System config addChannel API (bsc#1204029) * Optimize action chain processing on job return event (bsc#1203532) * Re-calculate salt event queue numbers on restart * Improved reboot needed handling for SLE Micro * Check if system has all formulas correctly assigned (bsc#1201607) * Remove group formula assignements and data on group delete (bsc#1201606) * Process salt events in FIFO order (bsc#1203532) * Remove 'SSM' column text where not applicable (bsc#1203588) * Fix rendering of ssm/MigrateSystems page (bsc#1204651) * Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093) * Upgrade Bootstrap to 3.4.1 * Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169) * Improve Amazon EC2/Nitro detection (bsc#1203685) * Add channel availability check for product migration (bsc#1200296) * Deny packages from older module metadata when building CLM projects (bsc#1201893) * fix xmlrpc call randomly failing with translation error (bsc#1203633) * Do not explicitely remove old pillars on minion rename (bsc#1203451) * Fix out of memory error when building a CLM project (bsc#1202217) * Added a warning message for traditional stack deprecation * Fix hardware update where there is no DNS FQDN changes (bsc#1203611) spacewalk-utils: - Version 4.3.15-1 * Add EL9 Client Tools for SUSE Liberty Linux spacewalk-web: - Version 4.3.26-1 * Prevent proxy data from being logged (bsc#1205339) - Version 4.3.25-1 * Fix checkbox and radio input misalignment * Upgrade Bootstrap to 3.4.1 * Update translation strings supportutils-plugin-susemanager: - Version 4.3.5-1 * Added dependency for XML Simple susemanager: - Version 4.3.21-1 * Make python3-extras optional, as SUSE Linux Enterprise Server 15 does not have it and it is only required on SP4 or greater (bsc#1204437) - Version 4.3.20-1 * Add bootstrap repository definitions for SLE-Micro 5.2 and 5.3 * Add bootstrap repo definitions for oracle, alma and rocky linux 9 * Add bootstrap repo data for SUSE Liberty Linux 9 * Add python3-extras to bootstrap repo as dependency of python3-libxml2 (bsc#1204437) susemanager-build-keys: - Version 15.4.6: * rename and update old SUSE PTF key + Removed: gpg-pubkey-b37b98a9-5aaa951b.asc + Added: suse_ptf_key_old-B37B98A9.asc * add new SUSE PTF Key + Added: suse_ptf_key-6F5DA62B.asc - Version 15.4.5: * Add rpmlintrc configuration, so "W: backup-file-in-package" for the keyring is ignored. We do not ship backup files, but we own them because they are created each time gpg is called, and we want them removed if the package is removed - uyuni-build-keys.rpmlintrc - Version 15.4.4: * Add key for SUSE product addons (required for SUSE Manager EL9 client tools) susemanager-docs_en: - Fixed Rocky Linux documentation in Client Configuration Guide. Rocky Linux 8 was partially removed by accident (bsc#1205470) - Added explanation of automatic custom channels synchronization to the Administration Guide - Added Almalinux 9, Oracle Linux 9, and Rocky Linux 9 as supported Client systems - Added Rocky Linux 9 in Client Configuration Guide - Added note about shell quotation in Mass Migration section of Client Configuration Guide. - Added information about OES repository enablement to Troubleshooting section in the Administration Guide (bsc#1204195) - Documented the mgr-bootstrap command in Client Configuration Guide susemanager-schema: - Version 4.3.15-1 * added kickstart distribution data for RHEL 9 * Fix previous 'Amazon EC2' schema upgrade script to prevent possible issues on schema upgrade. * Change 'Amazon EC2/KVM' to 'Amazon EC2/Nitro' (bsc#1203685) * Keep older module metadata files in database (bsc#1201893) * Fix setting of last modified date in channel clone procedure susemanager-sls: - Version 4.3.26-1 * Manager reboot in transactional update action chain (bsc#1201476) * Detect bootstrap repository path for SLE Micro * Fix kiwi inspect regexp to allow image names with "-" (bsc#1204541) * Add beacon to check if a reboot is required in transactional systems * Use the actual sudo user home directory for salt ssh clients on bootstrap and clean up (bsc#1202093) * dnf repo definition does not support multiline gpgkeys (bsc#1204444) * remove forced refresh in channel state as gpg key trust is now handled in a different way (bsc#1204061) * import gpg keys directly to prevent using gpg-auto-import-keys on package operations (bsc#1203580) * Perform refresh with packages.pkgupdate state (bsc#1203884) * Prevent possible tracebacks on reading postgres opts with suma_minion salt pillar extension module susemanager-sync-data: - version 4.3.11-1 * change "EL 9 Base" to "RHEL and Liberty 9 Base" - Version 4.3.10-1 * add SLES15 SP3 LTSS * add sll 9, oraclelinux 9, almalinux 9 and rockylinux 9 * release oes2023 products How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-4417=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64): hub-xmlrpc-api-0.7-150400.5.3.6 inter-server-sync-0.2.5-150400.3.9.6 inter-server-sync-debuginfo-0.2.5-150400.3.9.6 smdba-1.7.11-0.150400.4.6.6 susemanager-4.3.21-150400.3.11.2 susemanager-tools-4.3.21-150400.3.11.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): grafana-formula-0.7.1-150400.3.3.6 prometheus-formula-0.7.0-150400.3.3.6 python3-spacewalk-certs-tools-4.3.16-150400.3.9.6 python3-spacewalk-client-tools-4.3.13-150400.3.9.9 python3-urlgrabber-4.1.0-150400.3.9.6 spacecmd-4.3.16-150400.3.9.7 spacewalk-backend-4.3.17-150400.3.9.9 spacewalk-backend-app-4.3.17-150400.3.9.9 spacewalk-backend-applet-4.3.17-150400.3.9.9 spacewalk-backend-config-files-4.3.17-150400.3.9.9 spacewalk-backend-config-files-common-4.3.17-150400.3.9.9 spacewalk-backend-config-files-tool-4.3.17-150400.3.9.9 spacewalk-backend-iss-4.3.17-150400.3.9.9 spacewalk-backend-iss-export-4.3.17-150400.3.9.9 spacewalk-backend-package-push-server-4.3.17-150400.3.9.9 spacewalk-backend-server-4.3.17-150400.3.9.9 spacewalk-backend-sql-4.3.17-150400.3.9.9 spacewalk-backend-sql-postgresql-4.3.17-150400.3.9.9 spacewalk-backend-tools-4.3.17-150400.3.9.9 spacewalk-backend-xml-export-libs-4.3.17-150400.3.9.9 spacewalk-backend-xmlrpc-4.3.17-150400.3.9.9 spacewalk-base-4.3.26-150400.3.9.9 spacewalk-base-minimal-4.3.26-150400.3.9.9 spacewalk-base-minimal-config-4.3.26-150400.3.9.9 spacewalk-certs-tools-4.3.16-150400.3.9.6 spacewalk-client-tools-4.3.13-150400.3.9.9 spacewalk-html-4.3.26-150400.3.9.9 spacewalk-java-4.3.43-150400.3.21.9 spacewalk-java-config-4.3.43-150400.3.21.9 spacewalk-java-lib-4.3.43-150400.3.21.9 spacewalk-java-postgresql-4.3.43-150400.3.21.9 spacewalk-taskomatic-4.3.43-150400.3.21.9 spacewalk-utils-4.3.15-150400.3.9.7 spacewalk-utils-extras-4.3.15-150400.3.9.7 supportutils-plugin-susemanager-4.3.5-150400.3.3.7 susemanager-build-keys-15.4.6-150400.3.9.6 susemanager-build-keys-web-15.4.6-150400.3.9.6 susemanager-docs_en-4.3-150400.9.9.6 susemanager-docs_en-pdf-4.3-150400.9.9.6 susemanager-schema-4.3.15-150400.3.9.9 susemanager-schema-utility-4.3.15-150400.3.9.9 susemanager-sls-4.3.26-150400.3.9.6 susemanager-sync-data-4.3.11-150400.3.8.3 uyuni-config-modules-4.3.26-150400.3.9.6 References: https://bugzilla.suse.com/1200169 https://bugzilla.suse.com/1200296 https://bugzilla.suse.com/1201476 https://bugzilla.suse.com/1201606 https://bugzilla.suse.com/1201607 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1201893 https://bugzilla.suse.com/1202093 https://bugzilla.suse.com/1202217 https://bugzilla.suse.com/1202785 https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203451 https://bugzilla.suse.com/1203532 https://bugzilla.suse.com/1203580 https://bugzilla.suse.com/1203588 https://bugzilla.suse.com/1203599 https://bugzilla.suse.com/1203611 https://bugzilla.suse.com/1203633 https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203698 https://bugzilla.suse.com/1203884 https://bugzilla.suse.com/1204029 https://bugzilla.suse.com/1204061 https://bugzilla.suse.com/1204195 https://bugzilla.suse.com/1204437 https://bugzilla.suse.com/1204444 https://bugzilla.suse.com/1204517 https://bugzilla.suse.com/1204519 https://bugzilla.suse.com/1204541 https://bugzilla.suse.com/1204651 https://bugzilla.suse.com/1204699 https://bugzilla.suse.com/1205212 https://bugzilla.suse.com/1205339 https://bugzilla.suse.com/1205470 From sle-updates at lists.suse.com Tue Dec 13 11:46:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:46:40 +0100 (CET) Subject: SUSE-SU-2022:4439-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20221213114640.A64DAFD89@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4439-1 Rating: moderate References: #1188571 #1189520 #1192383 #1192763 #1193492 #1193686 #1199810 #1201535 #1201539 #1202945 #1203283 #1203596 #1203597 #1203599 PED-2145 Cross-References: CVE-2021-36222 CVE-2021-3711 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-29170 CVE-2022-31097 CVE-2022-31107 CVE-2022-35957 CVE-2022-36062 CVSS scores: CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41244 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-29170 (NVD) : 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N CVE-2022-29170 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L CVE-2022-31097 (NVD) : 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2022-35957 (NVD) : 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-35957 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-36062 (NVD) : 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVE-2022-36062 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that solves 12 vulnerabilities, contains one feature and has two fixes is now available. Description: This update fixes the following issues: golang-github-boynux-squid_exporter: - Exclude s390 architecture - Enhanced to build on Enterprise Linux 8 grafana: - Version update from 8.3.10 to 8.5.13 (jsc#PED-2145) - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom "All" variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for "Metric Search" * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings prometheus-blackbox_exporter: - Add requirement for go1.18 (bsc#1203599) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) spacewalk-client-tools: - Version 4.3.13-1 * Update translation strings Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-4439=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-boynux-squid_exporter-1.6-1.9.1 grafana-8.5.13-1.36.2 prometheus-blackbox_exporter-0.19.0-1.14.1 prometheus-blackbox_exporter-debuginfo-0.19.0-1.14.1 - SUSE Manager Tools 12 (noarch): python2-spacewalk-check-4.3.13-52.80.1 python2-spacewalk-client-setup-4.3.13-52.80.1 python2-spacewalk-client-tools-4.3.13-52.80.1 spacecmd-4.3.16-38.112.1 spacewalk-check-4.3.13-52.80.1 spacewalk-client-setup-4.3.13-52.80.1 spacewalk-client-tools-4.3.13-52.80.1 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43813.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-29170.html https://www.suse.com/security/cve/CVE-2022-31097.html https://www.suse.com/security/cve/CVE-2022-31107.html https://www.suse.com/security/cve/CVE-2022-35957.html https://www.suse.com/security/cve/CVE-2022-36062.html https://bugzilla.suse.com/1188571 https://bugzilla.suse.com/1189520 https://bugzilla.suse.com/1192383 https://bugzilla.suse.com/1192763 https://bugzilla.suse.com/1193492 https://bugzilla.suse.com/1193686 https://bugzilla.suse.com/1199810 https://bugzilla.suse.com/1201535 https://bugzilla.suse.com/1201539 https://bugzilla.suse.com/1202945 https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203596 https://bugzilla.suse.com/1203597 https://bugzilla.suse.com/1203599 From sle-updates at lists.suse.com Tue Dec 13 11:48:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:48:29 +0100 (CET) Subject: SUSE-RU-2022:4430-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221213114829.AD8C7FD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4430-1 Rating: moderate References: #1203685 #1203834 #1203886 #1204206 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Removed dependency to policycoreutils for Ubuntu 20.04 and higher (bsc#1204206) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-4430=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-3.17.1 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 https://bugzilla.suse.com/1204206 From sle-updates at lists.suse.com Tue Dec 13 11:49:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:49:23 +0100 (CET) Subject: SUSE-RU-2022:4438-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221213114923.8D219FD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4438-1 Rating: moderate References: #1203283 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2022-4438=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS (all): spacecmd-4.3.16-2.12.3 References: https://bugzilla.suse.com/1203283 From sle-updates at lists.suse.com Tue Dec 13 11:50:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:50:07 +0100 (CET) Subject: SUSE-SU-2022:4442-1: moderate: Security update for SUSE Manager Server 4.2 Message-ID: <20221213115007.5A46DFD89@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4442-1 Rating: moderate References: #1205339 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update fixes the following issues: spacewalk-java: - Version 4.2.44-1 * Do not disclose Proxy password in browser console log. (bsc#1205339) spacewalk-web: - Version 4.2.31-1 * Do not log Proxy password in browser console log. (bsc#1205339) susemanager-sync-data: - Version 4.2.14-1 * Add SUSE Linux Enterprise Server 15 SP3 LTSS How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-4442=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4442=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): spacewalk-base-4.2.31-150300.3.33.2 spacewalk-base-minimal-4.2.31-150300.3.33.2 spacewalk-base-minimal-config-4.2.31-150300.3.33.2 spacewalk-html-4.2.31-150300.3.33.2 spacewalk-java-4.2.44-150300.3.51.3 spacewalk-java-config-4.2.44-150300.3.51.3 spacewalk-java-lib-4.2.44-150300.3.51.3 spacewalk-java-postgresql-4.2.44-150300.3.51.3 spacewalk-taskomatic-4.2.44-150300.3.51.3 susemanager-sync-data-4.2.14-150300.3.24.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): spacewalk-base-minimal-4.2.31-150300.3.33.2 spacewalk-base-minimal-config-4.2.31-150300.3.33.2 References: https://bugzilla.suse.com/1205339 From sle-updates at lists.suse.com Tue Dec 13 11:50:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:50:49 +0100 (CET) Subject: SUSE-RU-2022:4417-1: moderate: Recommended update for SUSE Manager Server 4.3 Message-ID: <20221213115049.BAECCFD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4417-1 Rating: moderate References: #1200169 #1200296 #1201476 #1201606 #1201607 #1201788 #1201893 #1202093 #1202217 #1202785 #1203283 #1203451 #1203532 #1203580 #1203588 #1203599 #1203611 #1203633 #1203685 #1203698 #1203884 #1204029 #1204061 #1204195 #1204437 #1204444 #1204517 #1204519 #1204541 #1204651 #1204699 #1205212 #1205339 #1205470 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has 34 recommended fixes can now be installed. Description: This update fixes the following issues: grafana-formula: - Version 0.7.1 * Fix default password field description (bsc#1203698) * Do not require default admin and password fields hub-xmlrpc-api: - Use golang(API) = 1.18 for building on SUSE (bsc#1203599) This source fails to build with the current go1.19 on SUSE and we need to use go1.18 instead. inter-server-sync: - Version 0.2.5 * Correct error when importing without debug log level (bsc#1204699) - Version 0.2.4 * Improve memory usage and log information #17193 * Conditional insert check for FK reference exists (bsc#1202785) * Correct navigation path for table rhnerratafilechannel (bsc#1202785) prometheus-formula: - Version 0.7.0 * Switch from basic authentication to TLS certificate client authentication for Blackbox exporter * Fix scheme label in clients targets configration * Add README.md python-urlgrabber: - Incorporate latest changes for the fix of wrong logic on find_proxy method causing proxy not being used (bsc#1201788) smdba: - Version 1.7.11 * fix config update from wal_keep_segments to wal_keep_size for newer postgresql versions (bsc#1204519) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) spacewalk-backend: - Version 4.3.17-1 * require python3-debian version which support new compression methods to sync ubuntu22-04 repositories (bsc#1205212) * Used the legacy reporting system in spacewalk-debug to obtain up-to-date information * Keep older module metadata files in database (bsc#1201893) * Added an optional component_type property to the LOG object and included it to a log message * Add an optional component property to the log messages spacewalk-certs-tools: - Version 4.3.16-1 * Generated bootstrap scripts installs all needed Salt 3004 dependencies for Ubuntu 18.04 (bsc#1204517) * add transactional system support to the bootstrap generator * change bootstrap script generator to detect SLE Micro spacewalk-client-tools: - Version 4.3.13-1 * Update translation strings spacewalk-java: - Version 4.3.43-1 * Changed proxy settings retrieval to not include password (bsc#1205339) - Version 4.3.42-1 * Update jackson-databind version - Version 4.3.41-1 * Manage reboot in transactional update action chain (bsc#1201476) * Enable monitoring for RHEL 9 Salt clients * Optimize performance of config channels operations for UI and API (bsc#1204029) * Don't add the same channel twice in the System config addChannel API (bsc#1204029) * Optimize action chain processing on job return event (bsc#1203532) * Re-calculate salt event queue numbers on restart * Improved reboot needed handling for SLE Micro * Check if system has all formulas correctly assigned (bsc#1201607) * Remove group formula assignements and data on group delete (bsc#1201606) * Process salt events in FIFO order (bsc#1203532) * Remove 'SSM' column text where not applicable (bsc#1203588) * Fix rendering of ssm/MigrateSystems page (bsc#1204651) * Pass mgr_sudo_user pillar on salt ssh client cleanup (bsc#1202093) * Upgrade Bootstrap to 3.4.1 * Refresh pillar data for the assigned systems when a CLM channel is built (bsc#1200169) * Improve Amazon EC2/Nitro detection (bsc#1203685) * Add channel availability check for product migration (bsc#1200296) * Deny packages from older module metadata when building CLM projects (bsc#1201893) * fix xmlrpc call randomly failing with translation error (bsc#1203633) * Do not explicitely remove old pillars on minion rename (bsc#1203451) * Fix out of memory error when building a CLM project (bsc#1202217) * Added a warning message for traditional stack deprecation * Fix hardware update where there is no DNS FQDN changes (bsc#1203611) spacewalk-utils: - Version 4.3.15-1 * Add EL9 Client Tools for SUSE Liberty Linux spacewalk-web: - Version 4.3.26-1 * Prevent proxy data from being logged (bsc#1205339) - Version 4.3.25-1 * Fix checkbox and radio input misalignment * Upgrade Bootstrap to 3.4.1 * Update translation strings supportutils-plugin-susemanager: - Version 4.3.5-1 * Added dependency for XML Simple susemanager: - Version 4.3.21-1 * Make python3-extras optional, as SUSE Linux Enterprise Server 15 does not have it and it is only required on SP4 or greater (bsc#1204437) - Version 4.3.20-1 * Add bootstrap repository definitions for SLE-Micro 5.2 and 5.3 * Add bootstrap repo definitions for oracle, alma and rocky linux 9 * Add bootstrap repo data for SUSE Liberty Linux 9 * Add python3-extras to bootstrap repo as dependency of python3-libxml2 (bsc#1204437) susemanager-build-keys: - Version 15.4.6: * rename and update old SUSE PTF key + Removed: gpg-pubkey-b37b98a9-5aaa951b.asc + Added: suse_ptf_key_old-B37B98A9.asc * add new SUSE PTF Key + Added: suse_ptf_key-6F5DA62B.asc - Version 15.4.5: * Add rpmlintrc configuration, so "W: backup-file-in-package" for the keyring is ignored. We do not ship backup files, but we own them because they are created each time gpg is called, and we want them removed if the package is removed - uyuni-build-keys.rpmlintrc - Version 15.4.4: * Add key for SUSE product addons (required for SUSE Manager EL9 client tools) susemanager-docs_en: - Fixed Rocky Linux documentation in Client Configuration Guide. Rocky Linux 8 was partially removed by accident (bsc#1205470) - Added explanation of automatic custom channels synchronization to the Administration Guide - Added Almalinux 9, Oracle Linux 9, and Rocky Linux 9 as supported Client systems - Added Rocky Linux 9 in Client Configuration Guide - Added note about shell quotation in Mass Migration section of Client Configuration Guide. - Added information about OES repository enablement to Troubleshooting section in the Administration Guide (bsc#1204195) - Documented the mgr-bootstrap command in Client Configuration Guide susemanager-schema: - Version 4.3.15-1 * added kickstart distribution data for RHEL 9 * Fix previous 'Amazon EC2' schema upgrade script to prevent possible issues on schema upgrade. * Change 'Amazon EC2/KVM' to 'Amazon EC2/Nitro' (bsc#1203685) * Keep older module metadata files in database (bsc#1201893) * Fix setting of last modified date in channel clone procedure susemanager-sls: - Version 4.3.26-1 * Manager reboot in transactional update action chain (bsc#1201476) * Detect bootstrap repository path for SLE Micro * Fix kiwi inspect regexp to allow image names with "-" (bsc#1204541) * Add beacon to check if a reboot is required in transactional systems * Use the actual sudo user home directory for salt ssh clients on bootstrap and clean up (bsc#1202093) * dnf repo definition does not support multiline gpgkeys (bsc#1204444) * remove forced refresh in channel state as gpg key trust is now handled in a different way (bsc#1204061) * import gpg keys directly to prevent using gpg-auto-import-keys on package operations (bsc#1203580) * Perform refresh with packages.pkgupdate state (bsc#1203884) * Prevent possible tracebacks on reading postgres opts with suma_minion salt pillar extension module susemanager-sync-data: - version 4.3.11-1 * change "EL 9 Base" to "RHEL and Liberty 9 Base" - Version 4.3.10-1 * add SLES15 SP3 LTSS * add sll 9, oraclelinux 9, almalinux 9 and rockylinux 9 * release oes2023 products How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-4417=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4417=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64): hub-xmlrpc-api-0.7-150400.5.3.6 inter-server-sync-0.2.5-150400.3.9.6 inter-server-sync-debuginfo-0.2.5-150400.3.9.6 smdba-1.7.11-0.150400.4.6.6 susemanager-4.3.21-150400.3.11.2 susemanager-tools-4.3.21-150400.3.11.2 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): grafana-formula-0.7.1-150400.3.3.6 prometheus-formula-0.7.0-150400.3.3.6 python3-spacewalk-certs-tools-4.3.16-150400.3.9.6 python3-spacewalk-client-tools-4.3.13-150400.3.9.9 python3-urlgrabber-4.1.0-150400.3.9.6 spacecmd-4.3.16-150400.3.9.7 spacewalk-backend-4.3.17-150400.3.9.9 spacewalk-backend-app-4.3.17-150400.3.9.9 spacewalk-backend-applet-4.3.17-150400.3.9.9 spacewalk-backend-config-files-4.3.17-150400.3.9.9 spacewalk-backend-config-files-common-4.3.17-150400.3.9.9 spacewalk-backend-config-files-tool-4.3.17-150400.3.9.9 spacewalk-backend-iss-4.3.17-150400.3.9.9 spacewalk-backend-iss-export-4.3.17-150400.3.9.9 spacewalk-backend-package-push-server-4.3.17-150400.3.9.9 spacewalk-backend-server-4.3.17-150400.3.9.9 spacewalk-backend-sql-4.3.17-150400.3.9.9 spacewalk-backend-sql-postgresql-4.3.17-150400.3.9.9 spacewalk-backend-tools-4.3.17-150400.3.9.9 spacewalk-backend-xml-export-libs-4.3.17-150400.3.9.9 spacewalk-backend-xmlrpc-4.3.17-150400.3.9.9 spacewalk-base-4.3.26-150400.3.9.9 spacewalk-base-minimal-4.3.26-150400.3.9.9 spacewalk-base-minimal-config-4.3.26-150400.3.9.9 spacewalk-certs-tools-4.3.16-150400.3.9.6 spacewalk-client-tools-4.3.13-150400.3.9.9 spacewalk-html-4.3.26-150400.3.9.9 spacewalk-java-4.3.43-150400.3.21.9 spacewalk-java-config-4.3.43-150400.3.21.9 spacewalk-java-lib-4.3.43-150400.3.21.9 spacewalk-java-postgresql-4.3.43-150400.3.21.9 spacewalk-taskomatic-4.3.43-150400.3.21.9 spacewalk-utils-4.3.15-150400.3.9.7 spacewalk-utils-extras-4.3.15-150400.3.9.7 supportutils-plugin-susemanager-4.3.5-150400.3.3.7 susemanager-build-keys-15.4.6-150400.3.9.6 susemanager-build-keys-web-15.4.6-150400.3.9.6 susemanager-docs_en-4.3-150400.9.9.6 susemanager-docs_en-pdf-4.3-150400.9.9.6 susemanager-schema-4.3.15-150400.3.9.9 susemanager-schema-utility-4.3.15-150400.3.9.9 susemanager-sls-4.3.26-150400.3.9.6 susemanager-sync-data-4.3.11-150400.3.8.3 uyuni-config-modules-4.3.26-150400.3.9.6 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch): python3-spacewalk-certs-tools-4.3.16-150400.3.9.6 python3-spacewalk-check-4.3.13-150400.3.9.9 python3-spacewalk-client-setup-4.3.13-150400.3.9.9 python3-spacewalk-client-tools-4.3.13-150400.3.9.9 spacecmd-4.3.16-150400.3.9.7 spacewalk-backend-4.3.17-150400.3.9.9 spacewalk-base-minimal-4.3.26-150400.3.9.9 spacewalk-base-minimal-config-4.3.26-150400.3.9.9 spacewalk-certs-tools-4.3.16-150400.3.9.6 spacewalk-check-4.3.13-150400.3.9.9 spacewalk-client-setup-4.3.13-150400.3.9.9 spacewalk-client-tools-4.3.13-150400.3.9.9 spacewalk-proxy-broker-4.3.13-150400.3.8.7 spacewalk-proxy-common-4.3.13-150400.3.8.7 spacewalk-proxy-management-4.3.13-150400.3.8.7 spacewalk-proxy-package-manager-4.3.13-150400.3.8.7 spacewalk-proxy-redirect-4.3.13-150400.3.8.7 spacewalk-proxy-salt-4.3.13-150400.3.8.7 susemanager-build-keys-15.4.6-150400.3.9.6 susemanager-build-keys-web-15.4.6-150400.3.9.6 References: https://bugzilla.suse.com/1200169 https://bugzilla.suse.com/1200296 https://bugzilla.suse.com/1201476 https://bugzilla.suse.com/1201606 https://bugzilla.suse.com/1201607 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1201893 https://bugzilla.suse.com/1202093 https://bugzilla.suse.com/1202217 https://bugzilla.suse.com/1202785 https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203451 https://bugzilla.suse.com/1203532 https://bugzilla.suse.com/1203580 https://bugzilla.suse.com/1203588 https://bugzilla.suse.com/1203599 https://bugzilla.suse.com/1203611 https://bugzilla.suse.com/1203633 https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203698 https://bugzilla.suse.com/1203884 https://bugzilla.suse.com/1204029 https://bugzilla.suse.com/1204061 https://bugzilla.suse.com/1204195 https://bugzilla.suse.com/1204437 https://bugzilla.suse.com/1204444 https://bugzilla.suse.com/1204517 https://bugzilla.suse.com/1204519 https://bugzilla.suse.com/1204541 https://bugzilla.suse.com/1204651 https://bugzilla.suse.com/1204699 https://bugzilla.suse.com/1205212 https://bugzilla.suse.com/1205339 https://bugzilla.suse.com/1205470 From sle-updates at lists.suse.com Tue Dec 13 11:54:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:54:15 +0100 (CET) Subject: SUSE-RU-2022:4431-1: moderate: Recommended update for salt Message-ID: <20221213115415.A3E70FD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4431-1 Rating: moderate References: #1203685 #1203834 #1203886 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4431=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4431=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-4431=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4431=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4431=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4431=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4431=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): python3-salt-3004-150300.53.33.6 salt-3004-150300.53.33.6 salt-minion-3004-150300.53.33.6 salt-transactional-update-3004-150300.53.33.6 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150300.53.33.6 salt-3004-150300.53.33.6 salt-api-3004-150300.53.33.6 salt-cloud-3004-150300.53.33.6 salt-doc-3004-150300.53.33.6 salt-master-3004-150300.53.33.6 salt-minion-3004-150300.53.33.6 salt-proxy-3004-150300.53.33.6 salt-ssh-3004-150300.53.33.6 salt-standalone-formulas-configuration-3004-150300.53.33.6 salt-syndic-3004-150300.53.33.6 salt-transactional-update-3004-150300.53.33.6 - openSUSE Leap 15.3 (noarch): salt-bash-completion-3004-150300.53.33.6 salt-fish-completion-3004-150300.53.33.6 salt-zsh-completion-3004-150300.53.33.6 - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3004-150300.53.33.6 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): salt-api-3004-150300.53.33.6 salt-cloud-3004-150300.53.33.6 salt-master-3004-150300.53.33.6 salt-proxy-3004-150300.53.33.6 salt-ssh-3004-150300.53.33.6 salt-standalone-formulas-configuration-3004-150300.53.33.6 salt-syndic-3004-150300.53.33.6 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): salt-fish-completion-3004-150300.53.33.6 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150300.53.33.6 salt-3004-150300.53.33.6 salt-doc-3004-150300.53.33.6 salt-minion-3004-150300.53.33.6 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): salt-bash-completion-3004-150300.53.33.6 salt-zsh-completion-3004-150300.53.33.6 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python3-salt-3004-150300.53.33.6 salt-3004-150300.53.33.6 salt-minion-3004-150300.53.33.6 salt-transactional-update-3004-150300.53.33.6 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python3-salt-3004-150300.53.33.6 salt-3004-150300.53.33.6 salt-minion-3004-150300.53.33.6 salt-transactional-update-3004-150300.53.33.6 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 11:55:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:55:21 +0100 (CET) Subject: SUSE-RU-2022:4444-1: moderate: Recommended update for resource-agents Message-ID: <20221213115521.A4753FD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4444-1 Rating: moderate References: PED-121 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issue: - Pacemaker should provide a dynamic option to specify a logfile. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4444=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-4444=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ldirectord-4.8.0+git30.d0077df0-150300.8.34.1 resource-agents-4.8.0+git30.d0077df0-150300.8.34.1 resource-agents-debuginfo-4.8.0+git30.d0077df0-150300.8.34.1 resource-agents-debugsource-4.8.0+git30.d0077df0-150300.8.34.1 - openSUSE Leap 15.3 (noarch): monitoring-plugins-metadata-4.8.0+git30.d0077df0-150300.8.34.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ldirectord-4.8.0+git30.d0077df0-150300.8.34.1 resource-agents-4.8.0+git30.d0077df0-150300.8.34.1 resource-agents-debuginfo-4.8.0+git30.d0077df0-150300.8.34.1 resource-agents-debugsource-4.8.0+git30.d0077df0-150300.8.34.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): monitoring-plugins-metadata-4.8.0+git30.d0077df0-150300.8.34.1 References: From sle-updates at lists.suse.com Tue Dec 13 11:55:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:55:59 +0100 (CET) Subject: SUSE-RU-2022:15119-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221213115559.5AE4EFD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15119-1 Rating: moderate References: #1203283 #1203685 #1203834 #1203886 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202211-15119=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3004+ds-1+2.88.4 salt-minion-3004+ds-1+2.88.4 spacecmd-4.3.16-2.54.4 References: https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 11:57:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:57:03 +0100 (CET) Subject: SUSE-RU-2022:4419-1: moderate: Recommended update for salt Message-ID: <20221213115703.92532FD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4419-1 Rating: moderate References: #1203685 #1203834 #1203886 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4419=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4419=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4419=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4419=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4419=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4419=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4419=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4419=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4419=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-salt-3004-150200.81.6 salt-3004-150200.81.6 salt-api-3004-150200.81.6 salt-cloud-3004-150200.81.6 salt-doc-3004-150200.81.6 salt-master-3004-150200.81.6 salt-minion-3004-150200.81.6 salt-proxy-3004-150200.81.6 salt-ssh-3004-150200.81.6 salt-standalone-formulas-configuration-3004-150200.81.6 salt-syndic-3004-150200.81.6 salt-transactional-update-3004-150200.81.6 - SUSE Manager Server 4.1 (noarch): salt-bash-completion-3004-150200.81.6 salt-fish-completion-3004-150200.81.6 salt-zsh-completion-3004-150200.81.6 - SUSE Manager Retail Branch Server 4.1 (noarch): salt-bash-completion-3004-150200.81.6 salt-fish-completion-3004-150200.81.6 salt-zsh-completion-3004-150200.81.6 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-salt-3004-150200.81.6 salt-3004-150200.81.6 salt-api-3004-150200.81.6 salt-cloud-3004-150200.81.6 salt-doc-3004-150200.81.6 salt-master-3004-150200.81.6 salt-minion-3004-150200.81.6 salt-proxy-3004-150200.81.6 salt-ssh-3004-150200.81.6 salt-standalone-formulas-configuration-3004-150200.81.6 salt-syndic-3004-150200.81.6 salt-transactional-update-3004-150200.81.6 - SUSE Manager Proxy 4.1 (noarch): salt-bash-completion-3004-150200.81.6 salt-fish-completion-3004-150200.81.6 salt-zsh-completion-3004-150200.81.6 - SUSE Manager Proxy 4.1 (x86_64): python3-salt-3004-150200.81.6 salt-3004-150200.81.6 salt-api-3004-150200.81.6 salt-cloud-3004-150200.81.6 salt-doc-3004-150200.81.6 salt-master-3004-150200.81.6 salt-minion-3004-150200.81.6 salt-proxy-3004-150200.81.6 salt-ssh-3004-150200.81.6 salt-standalone-formulas-configuration-3004-150200.81.6 salt-syndic-3004-150200.81.6 salt-transactional-update-3004-150200.81.6 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-salt-3004-150200.81.6 salt-3004-150200.81.6 salt-api-3004-150200.81.6 salt-cloud-3004-150200.81.6 salt-doc-3004-150200.81.6 salt-master-3004-150200.81.6 salt-minion-3004-150200.81.6 salt-proxy-3004-150200.81.6 salt-ssh-3004-150200.81.6 salt-standalone-formulas-configuration-3004-150200.81.6 salt-syndic-3004-150200.81.6 salt-transactional-update-3004-150200.81.6 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): salt-bash-completion-3004-150200.81.6 salt-fish-completion-3004-150200.81.6 salt-zsh-completion-3004-150200.81.6 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150200.81.6 salt-3004-150200.81.6 salt-api-3004-150200.81.6 salt-cloud-3004-150200.81.6 salt-doc-3004-150200.81.6 salt-master-3004-150200.81.6 salt-minion-3004-150200.81.6 salt-proxy-3004-150200.81.6 salt-ssh-3004-150200.81.6 salt-standalone-formulas-configuration-3004-150200.81.6 salt-syndic-3004-150200.81.6 salt-transactional-update-3004-150200.81.6 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.81.6 salt-fish-completion-3004-150200.81.6 salt-zsh-completion-3004-150200.81.6 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-salt-3004-150200.81.6 salt-3004-150200.81.6 salt-api-3004-150200.81.6 salt-cloud-3004-150200.81.6 salt-doc-3004-150200.81.6 salt-master-3004-150200.81.6 salt-minion-3004-150200.81.6 salt-proxy-3004-150200.81.6 salt-ssh-3004-150200.81.6 salt-standalone-formulas-configuration-3004-150200.81.6 salt-syndic-3004-150200.81.6 salt-transactional-update-3004-150200.81.6 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): salt-bash-completion-3004-150200.81.6 salt-fish-completion-3004-150200.81.6 salt-zsh-completion-3004-150200.81.6 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-salt-3004-150200.81.6 salt-3004-150200.81.6 salt-api-3004-150200.81.6 salt-cloud-3004-150200.81.6 salt-doc-3004-150200.81.6 salt-master-3004-150200.81.6 salt-minion-3004-150200.81.6 salt-proxy-3004-150200.81.6 salt-ssh-3004-150200.81.6 salt-standalone-formulas-configuration-3004-150200.81.6 salt-syndic-3004-150200.81.6 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): salt-bash-completion-3004-150200.81.6 salt-fish-completion-3004-150200.81.6 salt-zsh-completion-3004-150200.81.6 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-salt-3004-150200.81.6 salt-3004-150200.81.6 salt-api-3004-150200.81.6 salt-cloud-3004-150200.81.6 salt-doc-3004-150200.81.6 salt-master-3004-150200.81.6 salt-minion-3004-150200.81.6 salt-proxy-3004-150200.81.6 salt-ssh-3004-150200.81.6 salt-standalone-formulas-configuration-3004-150200.81.6 salt-syndic-3004-150200.81.6 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): salt-bash-completion-3004-150200.81.6 salt-fish-completion-3004-150200.81.6 salt-zsh-completion-3004-150200.81.6 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-salt-3004-150200.81.6 salt-3004-150200.81.6 salt-api-3004-150200.81.6 salt-cloud-3004-150200.81.6 salt-doc-3004-150200.81.6 salt-master-3004-150200.81.6 salt-minion-3004-150200.81.6 salt-proxy-3004-150200.81.6 salt-ssh-3004-150200.81.6 salt-standalone-formulas-configuration-3004-150200.81.6 salt-syndic-3004-150200.81.6 salt-transactional-update-3004-150200.81.6 - SUSE Enterprise Storage 7 (noarch): salt-bash-completion-3004-150200.81.6 salt-fish-completion-3004-150200.81.6 salt-zsh-completion-3004-150200.81.6 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 11:58:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:58:02 +0100 (CET) Subject: SUSE-RU-2022:15123-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221213115802.B2B97FD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15123-1 Rating: moderate References: #1203283 #1203685 #1203834 #1203886 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: salt: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove "Undefined return code" from debug messages (bsc#1203283) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202211-15123=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3004+ds-1+128.5 salt-minion-3004+ds-1+128.5 spacecmd-4.3.16-56.5 References: https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 11:59:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 12:59:03 +0100 (CET) Subject: SUSE-RU-2022:4440-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221213115903.48CCDFD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4440-1 Rating: moderate References: #1203685 #1203834 #1203886 #1204206 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 SUSE Manager Tools 15 SUSE Manager Tools for SLE Micro 5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Removed dependency to policycoreutils for Ubuntu 20.04 and higher (bsc#1204206) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools for SLE Micro 5: zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2022-4440=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-4440=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-4440=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4440=1 Package List: - SUSE Manager Tools for SLE Micro 5 (aarch64 s390x x86_64): venv-salt-minion-3004-150000.3.17.3 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.17.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.17.3 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-150000.3.17.3 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 https://bugzilla.suse.com/1204206 From sle-updates at lists.suse.com Tue Dec 13 12:00:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 13:00:03 +0100 (CET) Subject: SUSE-RU-2022:4427-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221213120003.ED294FD96@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4427-1 Rating: moderate References: Affected Products: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Provide the venv-salt-minion. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS: zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2022-4427=1 Package List: - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS (aarch64 ppc64le s390x x86_64): venv-salt-minion-3004-1.3.3 References: From sle-updates at lists.suse.com Tue Dec 13 12:00:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 13:00:59 +0100 (CET) Subject: SUSE-RU-2022:4420-1: moderate: Recommended update for salt Message-ID: <20221213120059.78E48FD96@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4420-1 Rating: moderate References: #1203685 #1203834 #1203886 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Module for Transactional Server 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4420=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4420=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP4: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2022-4420=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4420=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4420=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4420=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): python3-salt-3004-150400.8.17.7 salt-3004-150400.8.17.7 salt-minion-3004-150400.8.17.7 salt-transactional-update-3004-150400.8.17.7 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.17.7 salt-3004-150400.8.17.7 salt-api-3004-150400.8.17.7 salt-cloud-3004-150400.8.17.7 salt-doc-3004-150400.8.17.7 salt-master-3004-150400.8.17.7 salt-minion-3004-150400.8.17.7 salt-proxy-3004-150400.8.17.7 salt-ssh-3004-150400.8.17.7 salt-standalone-formulas-configuration-3004-150400.8.17.7 salt-syndic-3004-150400.8.17.7 salt-transactional-update-3004-150400.8.17.7 - openSUSE Leap 15.4 (noarch): salt-bash-completion-3004-150400.8.17.7 salt-fish-completion-3004-150400.8.17.7 salt-zsh-completion-3004-150400.8.17.7 - SUSE Linux Enterprise Module for Transactional Server 15-SP4 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3004-150400.8.17.7 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): salt-api-3004-150400.8.17.7 salt-cloud-3004-150400.8.17.7 salt-master-3004-150400.8.17.7 salt-proxy-3004-150400.8.17.7 salt-ssh-3004-150400.8.17.7 salt-standalone-formulas-configuration-3004-150400.8.17.7 salt-syndic-3004-150400.8.17.7 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): salt-fish-completion-3004-150400.8.17.7 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): python3-salt-3004-150400.8.17.7 salt-3004-150400.8.17.7 salt-doc-3004-150400.8.17.7 salt-minion-3004-150400.8.17.7 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): salt-bash-completion-3004-150400.8.17.7 salt-zsh-completion-3004-150400.8.17.7 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): python3-salt-3004-150400.8.17.7 salt-3004-150400.8.17.7 salt-minion-3004-150400.8.17.7 salt-transactional-update-3004-150400.8.17.7 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 12:02:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 13:02:02 +0100 (CET) Subject: SUSE-RU-2022:4424-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20221213120202.D7197FD96@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4424-1 Rating: moderate References: Affected Products: SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-QubitProducts-exporter_exporter: - Provide golang-github-QubitProducts-exporter_exporter version 0.4.0 golang-github-lusitaniae-apache_exporter: - Provide golang-github-QubitProducts-exporter_exporter version 0.7.0 golang-github-prometheus-node_exporter: - Provide golang-github-prometheus-node_exporter version 1.3.1 golang-github-prometheus-promu: - Provide golang-github-prometheus-promu version 0.5.0 prometheus-postgres_exporter: - Provide prometheus-postgres_exporter version 0.10.0 scap-security-guide: - Provide scap-security-guide version 0.1.64 spacecmd: - Provide spacecmd version 4.3.16 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS: zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2022-4424=1 Package List: - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS (aarch64 ppc64le s390x x86_64): golang-github-QubitProducts-exporter_exporter-0.4.0-1.3.1 golang-github-QubitProducts-exporter_exporter-debuginfo-0.4.0-1.3.1 golang-github-QubitProducts-exporter_exporter-debugsource-0.4.0-1.3.1 golang-github-lusitaniae-apache_exporter-0.7.0-1.3.1 golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-1.3.1 golang-github-lusitaniae-apache_exporter-debugsource-0.7.0-1.3.1 prometheus-postgres_exporter-0.10.0-1.3.1 - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS (aarch64 ppc64le x86_64): golang-github-prometheus-node_exporter-1.3.1-1.3.1 golang-github-prometheus-node_exporter-debuginfo-1.3.1-1.3.1 golang-github-prometheus-node_exporter-debugsource-1.3.1-1.3.1 - SUSE Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS (noarch): scap-security-guide-redhat-0.1.64-1.3.1 spacecmd-4.3.16-1.3.1 References: From sle-updates at lists.suse.com Tue Dec 13 12:02:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 13:02:46 +0100 (CET) Subject: SUSE-RU-2022:4445-1: moderate: Recommended update for salt Message-ID: <20221213120246.5470CFD96@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4445-1 Rating: moderate References: #1203685 #1203834 #1203886 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for salt fixes the following issues: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4445=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4445=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4445=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4445=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4445=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4445=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3004-150100.80.6 salt-3004-150100.80.6 salt-api-3004-150100.80.6 salt-cloud-3004-150100.80.6 salt-doc-3004-150100.80.6 salt-master-3004-150100.80.6 salt-minion-3004-150100.80.6 salt-proxy-3004-150100.80.6 salt-ssh-3004-150100.80.6 salt-standalone-formulas-configuration-3004-150100.80.6 salt-syndic-3004-150100.80.6 salt-transactional-update-3004-150100.80.6 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3004-150100.80.6 salt-fish-completion-3004-150100.80.6 salt-zsh-completion-3004-150100.80.6 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3004-150100.80.6 salt-3004-150100.80.6 salt-api-3004-150100.80.6 salt-cloud-3004-150100.80.6 salt-doc-3004-150100.80.6 salt-master-3004-150100.80.6 salt-minion-3004-150100.80.6 salt-proxy-3004-150100.80.6 salt-ssh-3004-150100.80.6 salt-standalone-formulas-configuration-3004-150100.80.6 salt-syndic-3004-150100.80.6 salt-transactional-update-3004-150100.80.6 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.80.6 salt-fish-completion-3004-150100.80.6 salt-zsh-completion-3004-150100.80.6 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3004-150100.80.6 salt-fish-completion-3004-150100.80.6 salt-zsh-completion-3004-150100.80.6 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-salt-3004-150100.80.6 salt-3004-150100.80.6 salt-api-3004-150100.80.6 salt-cloud-3004-150100.80.6 salt-doc-3004-150100.80.6 salt-master-3004-150100.80.6 salt-minion-3004-150100.80.6 salt-proxy-3004-150100.80.6 salt-ssh-3004-150100.80.6 salt-standalone-formulas-configuration-3004-150100.80.6 salt-syndic-3004-150100.80.6 salt-transactional-update-3004-150100.80.6 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3004-150100.80.6 salt-3004-150100.80.6 salt-api-3004-150100.80.6 salt-cloud-3004-150100.80.6 salt-doc-3004-150100.80.6 salt-master-3004-150100.80.6 salt-minion-3004-150100.80.6 salt-proxy-3004-150100.80.6 salt-ssh-3004-150100.80.6 salt-standalone-formulas-configuration-3004-150100.80.6 salt-syndic-3004-150100.80.6 salt-transactional-update-3004-150100.80.6 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3004-150100.80.6 salt-fish-completion-3004-150100.80.6 salt-zsh-completion-3004-150100.80.6 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python3-salt-3004-150100.80.6 salt-3004-150100.80.6 salt-api-3004-150100.80.6 salt-cloud-3004-150100.80.6 salt-doc-3004-150100.80.6 salt-master-3004-150100.80.6 salt-minion-3004-150100.80.6 salt-proxy-3004-150100.80.6 salt-ssh-3004-150100.80.6 salt-standalone-formulas-configuration-3004-150100.80.6 salt-syndic-3004-150100.80.6 salt-transactional-update-3004-150100.80.6 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3004-150100.80.6 salt-fish-completion-3004-150100.80.6 salt-zsh-completion-3004-150100.80.6 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3004-150100.80.6 salt-3004-150100.80.6 salt-api-3004-150100.80.6 salt-cloud-3004-150100.80.6 salt-doc-3004-150100.80.6 salt-master-3004-150100.80.6 salt-minion-3004-150100.80.6 salt-proxy-3004-150100.80.6 salt-ssh-3004-150100.80.6 salt-standalone-formulas-configuration-3004-150100.80.6 salt-syndic-3004-150100.80.6 salt-transactional-update-3004-150100.80.6 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3004-150100.80.6 salt-fish-completion-3004-150100.80.6 salt-zsh-completion-3004-150100.80.6 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3004-150100.80.6 salt-3004-150100.80.6 salt-api-3004-150100.80.6 salt-cloud-3004-150100.80.6 salt-doc-3004-150100.80.6 salt-master-3004-150100.80.6 salt-minion-3004-150100.80.6 salt-proxy-3004-150100.80.6 salt-ssh-3004-150100.80.6 salt-standalone-formulas-configuration-3004-150100.80.6 salt-syndic-3004-150100.80.6 salt-transactional-update-3004-150100.80.6 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3004-150100.80.6 salt-fish-completion-3004-150100.80.6 salt-zsh-completion-3004-150100.80.6 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 12:03:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 13:03:42 +0100 (CET) Subject: SUSE-RU-2022:15124-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221213120342.E7B6AFD96@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:15124-1 Rating: moderate References: #1203685 #1203834 #1203886 Affected Products: SUSE Manager Ubuntu 22.04-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS: zypper in -t patch suse-ubu224ct-client-tools-202211-15124=1 Package List: - SUSE Manager Ubuntu 22.04-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.8.1 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 From sle-updates at lists.suse.com Tue Dec 13 12:04:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 13:04:28 +0100 (CET) Subject: SUSE-RU-2022:4436-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <20221213120428.5B724FD96@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4436-1 Rating: moderate References: #1203685 #1203834 #1203886 #1204206 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Pass the context to pillar ext modules - Align Amazon EC2 (Nitro) grains with upstream (bsc#1203685) - Detect module run syntax version - Implement automated patches alignment for the Salt Bundle - Ignore extend declarations from excluded SLS files (bsc#1203886) - Clarify pkg.installed pkg_verify documentation - Enhance capture of error messages for Zypper calls in zypperpkg module - Make pass renderer configurable and fix detected issues - Workaround fopen line buffering for binary mode (bsc#1203834) - Removed dependency to policycoreutils for Ubuntu 20.04 and higher (bsc#1204206) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-4436=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (amd64): venv-salt-minion-3004-2.17.2 References: https://bugzilla.suse.com/1203685 https://bugzilla.suse.com/1203834 https://bugzilla.suse.com/1203886 https://bugzilla.suse.com/1204206 From sle-updates at lists.suse.com Tue Dec 13 14:23:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:23:04 +0100 (CET) Subject: SUSE-RU-2022:4451-1: moderate: Recommended update for resource-agents Message-ID: <20221213142304.CE180FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4451-1 Rating: moderate References: PED-121 Affected Products: SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issue: - Pacemaker should provide a dynamic option to specify a logfile. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-4451=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ldirectord-4.3.0184.6ee15eb2-150100.4.75.1 resource-agents-4.3.0184.6ee15eb2-150100.4.75.1 resource-agents-debuginfo-4.3.0184.6ee15eb2-150100.4.75.1 resource-agents-debugsource-4.3.0184.6ee15eb2-150100.4.75.1 - SUSE Linux Enterprise High Availability 15-SP1 (noarch): monitoring-plugins-metadata-4.3.0184.6ee15eb2-150100.4.75.1 References: From sle-updates at lists.suse.com Tue Dec 13 14:24:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:24:22 +0100 (CET) Subject: SUSE-SU-2022:4453-1: important: Security update for wireshark Message-ID: <20221213142422.BC02CFD84@maintenance.suse.de> SUSE Security Update: Security update for wireshark ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4453-1 Rating: important References: #1204822 #1206189 #1206190 Cross-References: CVE-2022-3725 CVSS scores: CVE-2022-3725 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3725 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for wireshark fixes the following issues: Update to version 3.6.10: - CVE-2022-3725: OPUS dissector crash (bsc#1204822). - Multiple dissector infinite loops (bsc#1206189). - Kafka dissector memory exhaustion (bsc#1206190). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4453=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4453=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4453=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4453=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4453=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4453=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4453=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4453=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4453=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4453=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4453=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4453=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4453=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4453=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4453=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4453=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4453=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4453=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4453=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4453=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Manager Proxy 4.1 (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 - SUSE CaaS Platform 4.0 (x86_64): libwireshark15-3.6.10-150000.3.78.1 libwireshark15-debuginfo-3.6.10-150000.3.78.1 libwiretap12-3.6.10-150000.3.78.1 libwiretap12-debuginfo-3.6.10-150000.3.78.1 libwsutil13-3.6.10-150000.3.78.1 libwsutil13-debuginfo-3.6.10-150000.3.78.1 wireshark-3.6.10-150000.3.78.1 wireshark-debuginfo-3.6.10-150000.3.78.1 wireshark-debugsource-3.6.10-150000.3.78.1 wireshark-devel-3.6.10-150000.3.78.1 wireshark-ui-qt-3.6.10-150000.3.78.1 wireshark-ui-qt-debuginfo-3.6.10-150000.3.78.1 References: https://www.suse.com/security/cve/CVE-2022-3725.html https://bugzilla.suse.com/1204822 https://bugzilla.suse.com/1206189 https://bugzilla.suse.com/1206190 From sle-updates at lists.suse.com Tue Dec 13 14:26:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:26:27 +0100 (CET) Subject: SUSE-SU-2022:4452-1: moderate: Security update for java-1_8_0-openjdk Message-ID: <20221213142627.05BE1FD84@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4452-1 Rating: moderate References: #1204471 #1204472 #1204473 #1204475 Cross-References: CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVSS scores: CVE-2022-21619 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21619 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21624 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21626 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21626 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21628 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u352 (icedtea-3.25.0): - CVE-2022-21619,CVE-2022-21624: Fixed difficult to exploit vulnerability allows unauthenticated attacker with network access and can cause unauthorized update, insert or delete access via multiple protocols (bsc#1204473,bsc#1204475). - CVE-2022-21626: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to cause partial denial of service (bsc#1204471). - CVE-2022-21628: Fixed easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to cause partial denial of service (bsc#1204472). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4452=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4452=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4452=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4452=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4452=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4452=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4452=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4452=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4452=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4452=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4452=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4452=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4452=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-4452=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4452=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4452=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-accessibility-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-src-1.8.0.352-150000.3.73.1 - openSUSE Leap 15.4 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.352-150000.3.73.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-accessibility-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-src-1.8.0.352-150000.3.73.1 - openSUSE Leap 15.3 (noarch): java-1_8_0-openjdk-javadoc-1.8.0.352-150000.3.73.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-debugsource-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-demo-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-devel-debuginfo-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-1.8.0.352-150000.3.73.1 java-1_8_0-openjdk-headless-debuginfo-1.8.0.352-150000.3.73.1 References: https://www.suse.com/security/cve/CVE-2022-21619.html https://www.suse.com/security/cve/CVE-2022-21624.html https://www.suse.com/security/cve/CVE-2022-21626.html https://www.suse.com/security/cve/CVE-2022-21628.html https://bugzilla.suse.com/1204471 https://bugzilla.suse.com/1204472 https://bugzilla.suse.com/1204473 https://bugzilla.suse.com/1204475 From sle-updates at lists.suse.com Tue Dec 13 14:27:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:27:48 +0100 (CET) Subject: SUSE-RU-2022:4455-1: moderate: Recommended update for 389-ds Message-ID: <20221213142748.9579FFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4455-1 Rating: moderate References: #1205974 PED-2701 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for 389-ds fixes the following issues: - support pam_saslauthd for authentication pass through requirements. (jsc#PED-2701 bsc#1205974) Update to version 2.0.17~git7.959d36e: * RFE - split pass through auth cli * BUG - Pam PTA multiple issues * Increase default task TTL Update to version 2.0.17~git4.9447f5f: * Fix typo in `lib389.cli_conf.backend._get_backend` (#5542) * Make logger's parameter name unified (#5540) * Bump VERSION.sh to 2.0.17 * Fix a rebase typo (#5537) * Bump version ot 2.0.17 * Add copyright text to the repository files * Make db compaction TOD day more robust. * UI - Fix npm vulnerability in loader-utils * UI - fix audit issue with npm loader-utils (#5514) * Fix dsctl tls ca-certfiicate add-cert arg requirement * RFE - CLI allow adding CA certificate bundles * memberof is slow on update/fixup if there are several 'groupattr' (#5455) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4455=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4455=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.17~git7.959d36e-150400.3.20.1 389-ds-debuginfo-2.0.17~git7.959d36e-150400.3.20.1 389-ds-debugsource-2.0.17~git7.959d36e-150400.3.20.1 389-ds-devel-2.0.17~git7.959d36e-150400.3.20.1 389-ds-snmp-2.0.17~git7.959d36e-150400.3.20.1 389-ds-snmp-debuginfo-2.0.17~git7.959d36e-150400.3.20.1 lib389-2.0.17~git7.959d36e-150400.3.20.1 libsvrcore0-2.0.17~git7.959d36e-150400.3.20.1 libsvrcore0-debuginfo-2.0.17~git7.959d36e-150400.3.20.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): 389-ds-2.0.17~git7.959d36e-150400.3.20.1 389-ds-debuginfo-2.0.17~git7.959d36e-150400.3.20.1 389-ds-debugsource-2.0.17~git7.959d36e-150400.3.20.1 389-ds-devel-2.0.17~git7.959d36e-150400.3.20.1 lib389-2.0.17~git7.959d36e-150400.3.20.1 libsvrcore0-2.0.17~git7.959d36e-150400.3.20.1 libsvrcore0-debuginfo-2.0.17~git7.959d36e-150400.3.20.1 References: https://bugzilla.suse.com/1205974 From sle-updates at lists.suse.com Tue Dec 13 14:28:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:28:27 +0100 (CET) Subject: SUSE-RU-2022:4448-1: important: Initial shipment of package sles-ltss-release Message-ID: <20221213142827.CF6CDFD84@maintenance.suse.de> SUSE Recommended Update: Initial shipment of package sles-ltss-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4448-1 Rating: important References: MSC-530 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Server 15-SP3-LTSS ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP3 customers Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2022-4448=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4448=1 Package List: - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): sles-ltss-release-15.3-150300.10.3.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): sles-ltss-release-15.3-150300.10.3.1 References: From sle-updates at lists.suse.com Tue Dec 13 14:29:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:29:15 +0100 (CET) Subject: SUSE-RU-2022:4454-1: moderate: Recommended update for mozilla-nss Message-ID: <20221213142915.AA369FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4454-1 Rating: moderate References: #1191546 #1198980 #1201298 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: Ensure abort() is called when the repeat integrity check fails (bsc#1198980). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4454=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4454=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4454=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4454=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4454=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4454=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4454=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4454=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.79.2-58.86.1 libfreebl3-32bit-3.79.2-58.86.1 libfreebl3-debuginfo-3.79.2-58.86.1 libfreebl3-debuginfo-32bit-3.79.2-58.86.1 libfreebl3-hmac-3.79.2-58.86.1 libfreebl3-hmac-32bit-3.79.2-58.86.1 libsoftokn3-3.79.2-58.86.1 libsoftokn3-32bit-3.79.2-58.86.1 libsoftokn3-debuginfo-3.79.2-58.86.1 libsoftokn3-debuginfo-32bit-3.79.2-58.86.1 libsoftokn3-hmac-3.79.2-58.86.1 libsoftokn3-hmac-32bit-3.79.2-58.86.1 mozilla-nss-3.79.2-58.86.1 mozilla-nss-32bit-3.79.2-58.86.1 mozilla-nss-certs-3.79.2-58.86.1 mozilla-nss-certs-32bit-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debuginfo-3.79.2-58.86.1 mozilla-nss-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debugsource-3.79.2-58.86.1 mozilla-nss-devel-3.79.2-58.86.1 mozilla-nss-sysinit-3.79.2-58.86.1 mozilla-nss-sysinit-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-tools-3.79.2-58.86.1 mozilla-nss-tools-debuginfo-3.79.2-58.86.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.79.2-58.86.1 libfreebl3-32bit-3.79.2-58.86.1 libfreebl3-debuginfo-3.79.2-58.86.1 libfreebl3-debuginfo-32bit-3.79.2-58.86.1 libfreebl3-hmac-3.79.2-58.86.1 libfreebl3-hmac-32bit-3.79.2-58.86.1 libsoftokn3-3.79.2-58.86.1 libsoftokn3-32bit-3.79.2-58.86.1 libsoftokn3-debuginfo-3.79.2-58.86.1 libsoftokn3-debuginfo-32bit-3.79.2-58.86.1 libsoftokn3-hmac-3.79.2-58.86.1 libsoftokn3-hmac-32bit-3.79.2-58.86.1 mozilla-nss-3.79.2-58.86.1 mozilla-nss-32bit-3.79.2-58.86.1 mozilla-nss-certs-3.79.2-58.86.1 mozilla-nss-certs-32bit-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debuginfo-3.79.2-58.86.1 mozilla-nss-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debugsource-3.79.2-58.86.1 mozilla-nss-devel-3.79.2-58.86.1 mozilla-nss-sysinit-3.79.2-58.86.1 mozilla-nss-sysinit-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-tools-3.79.2-58.86.1 mozilla-nss-tools-debuginfo-3.79.2-58.86.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.79.2-58.86.1 mozilla-nss-debugsource-3.79.2-58.86.1 mozilla-nss-devel-3.79.2-58.86.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.79.2-58.86.1 libfreebl3-debuginfo-3.79.2-58.86.1 libfreebl3-hmac-3.79.2-58.86.1 libsoftokn3-3.79.2-58.86.1 libsoftokn3-debuginfo-3.79.2-58.86.1 libsoftokn3-hmac-3.79.2-58.86.1 mozilla-nss-3.79.2-58.86.1 mozilla-nss-certs-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-3.79.2-58.86.1 mozilla-nss-debuginfo-3.79.2-58.86.1 mozilla-nss-debugsource-3.79.2-58.86.1 mozilla-nss-devel-3.79.2-58.86.1 mozilla-nss-sysinit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-3.79.2-58.86.1 mozilla-nss-tools-3.79.2-58.86.1 mozilla-nss-tools-debuginfo-3.79.2-58.86.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.79.2-58.86.1 libfreebl3-debuginfo-32bit-3.79.2-58.86.1 libfreebl3-hmac-32bit-3.79.2-58.86.1 libsoftokn3-32bit-3.79.2-58.86.1 libsoftokn3-debuginfo-32bit-3.79.2-58.86.1 libsoftokn3-hmac-32bit-3.79.2-58.86.1 mozilla-nss-32bit-3.79.2-58.86.1 mozilla-nss-certs-32bit-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.86.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-58.86.1 libfreebl3-debuginfo-3.79.2-58.86.1 libfreebl3-hmac-3.79.2-58.86.1 libsoftokn3-3.79.2-58.86.1 libsoftokn3-debuginfo-3.79.2-58.86.1 libsoftokn3-hmac-3.79.2-58.86.1 mozilla-nss-3.79.2-58.86.1 mozilla-nss-certs-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-3.79.2-58.86.1 mozilla-nss-debuginfo-3.79.2-58.86.1 mozilla-nss-debugsource-3.79.2-58.86.1 mozilla-nss-devel-3.79.2-58.86.1 mozilla-nss-sysinit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-3.79.2-58.86.1 mozilla-nss-tools-3.79.2-58.86.1 mozilla-nss-tools-debuginfo-3.79.2-58.86.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.79.2-58.86.1 libfreebl3-debuginfo-32bit-3.79.2-58.86.1 libfreebl3-hmac-32bit-3.79.2-58.86.1 libsoftokn3-32bit-3.79.2-58.86.1 libsoftokn3-debuginfo-32bit-3.79.2-58.86.1 libsoftokn3-hmac-32bit-3.79.2-58.86.1 mozilla-nss-32bit-3.79.2-58.86.1 mozilla-nss-certs-32bit-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.86.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-58.86.1 libfreebl3-debuginfo-3.79.2-58.86.1 libfreebl3-hmac-3.79.2-58.86.1 libsoftokn3-3.79.2-58.86.1 libsoftokn3-debuginfo-3.79.2-58.86.1 libsoftokn3-hmac-3.79.2-58.86.1 mozilla-nss-3.79.2-58.86.1 mozilla-nss-certs-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-3.79.2-58.86.1 mozilla-nss-debuginfo-3.79.2-58.86.1 mozilla-nss-debugsource-3.79.2-58.86.1 mozilla-nss-devel-3.79.2-58.86.1 mozilla-nss-sysinit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-3.79.2-58.86.1 mozilla-nss-tools-3.79.2-58.86.1 mozilla-nss-tools-debuginfo-3.79.2-58.86.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.79.2-58.86.1 libfreebl3-debuginfo-32bit-3.79.2-58.86.1 libfreebl3-hmac-32bit-3.79.2-58.86.1 libsoftokn3-32bit-3.79.2-58.86.1 libsoftokn3-debuginfo-32bit-3.79.2-58.86.1 libsoftokn3-hmac-32bit-3.79.2-58.86.1 mozilla-nss-32bit-3.79.2-58.86.1 mozilla-nss-certs-32bit-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.86.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.79.2-58.86.1 libfreebl3-32bit-3.79.2-58.86.1 libfreebl3-debuginfo-3.79.2-58.86.1 libfreebl3-debuginfo-32bit-3.79.2-58.86.1 libfreebl3-hmac-3.79.2-58.86.1 libfreebl3-hmac-32bit-3.79.2-58.86.1 libsoftokn3-3.79.2-58.86.1 libsoftokn3-32bit-3.79.2-58.86.1 libsoftokn3-debuginfo-3.79.2-58.86.1 libsoftokn3-debuginfo-32bit-3.79.2-58.86.1 libsoftokn3-hmac-3.79.2-58.86.1 libsoftokn3-hmac-32bit-3.79.2-58.86.1 mozilla-nss-3.79.2-58.86.1 mozilla-nss-32bit-3.79.2-58.86.1 mozilla-nss-certs-3.79.2-58.86.1 mozilla-nss-certs-32bit-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debuginfo-3.79.2-58.86.1 mozilla-nss-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debugsource-3.79.2-58.86.1 mozilla-nss-sysinit-3.79.2-58.86.1 mozilla-nss-sysinit-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-tools-3.79.2-58.86.1 mozilla-nss-tools-debuginfo-3.79.2-58.86.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.79.2-58.86.1 libfreebl3-32bit-3.79.2-58.86.1 libfreebl3-debuginfo-3.79.2-58.86.1 libfreebl3-debuginfo-32bit-3.79.2-58.86.1 libfreebl3-hmac-3.79.2-58.86.1 libfreebl3-hmac-32bit-3.79.2-58.86.1 libsoftokn3-3.79.2-58.86.1 libsoftokn3-32bit-3.79.2-58.86.1 libsoftokn3-debuginfo-3.79.2-58.86.1 libsoftokn3-debuginfo-32bit-3.79.2-58.86.1 libsoftokn3-hmac-3.79.2-58.86.1 libsoftokn3-hmac-32bit-3.79.2-58.86.1 mozilla-nss-3.79.2-58.86.1 mozilla-nss-32bit-3.79.2-58.86.1 mozilla-nss-certs-3.79.2-58.86.1 mozilla-nss-certs-32bit-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-3.79.2-58.86.1 mozilla-nss-certs-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debuginfo-3.79.2-58.86.1 mozilla-nss-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-debugsource-3.79.2-58.86.1 mozilla-nss-sysinit-3.79.2-58.86.1 mozilla-nss-sysinit-32bit-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-3.79.2-58.86.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.2-58.86.1 mozilla-nss-tools-3.79.2-58.86.1 mozilla-nss-tools-debuginfo-3.79.2-58.86.1 References: https://bugzilla.suse.com/1191546 https://bugzilla.suse.com/1198980 https://bugzilla.suse.com/1201298 From sle-updates at lists.suse.com Tue Dec 13 14:30:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:30:29 +0100 (CET) Subject: SUSE-RU-2022:4449-1: moderate: Recommended update for libzypp Message-ID: <20221213143029.8484AFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4449-1 Rating: moderate References: #1204548 Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libzypp fixes the following issues: Update to version 16.22.5: - properly reset range requests (bsc#1204548) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4449=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4449=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4449=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4449=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4449=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4449=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4449=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libzypp-16.22.5-39.1 libzypp-debuginfo-16.22.5-39.1 libzypp-debugsource-16.22.5-39.1 libzypp-devel-16.22.5-39.1 - SUSE OpenStack Cloud 9 (x86_64): libzypp-16.22.5-39.1 libzypp-debuginfo-16.22.5-39.1 libzypp-debugsource-16.22.5-39.1 libzypp-devel-16.22.5-39.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libzypp-debuginfo-16.22.5-39.1 libzypp-debugsource-16.22.5-39.1 libzypp-devel-16.22.5-39.1 libzypp-devel-doc-16.22.5-39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libzypp-16.22.5-39.1 libzypp-debuginfo-16.22.5-39.1 libzypp-debugsource-16.22.5-39.1 libzypp-devel-16.22.5-39.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libzypp-16.22.5-39.1 libzypp-debuginfo-16.22.5-39.1 libzypp-debugsource-16.22.5-39.1 libzypp-devel-16.22.5-39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libzypp-16.22.5-39.1 libzypp-debuginfo-16.22.5-39.1 libzypp-debugsource-16.22.5-39.1 libzypp-devel-16.22.5-39.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libzypp-16.22.5-39.1 libzypp-debuginfo-16.22.5-39.1 libzypp-debugsource-16.22.5-39.1 libzypp-devel-16.22.5-39.1 References: https://bugzilla.suse.com/1204548 From sle-updates at lists.suse.com Tue Dec 13 14:31:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:31:25 +0100 (CET) Subject: SUSE-RU-2022:4446-1: moderate: Recommended update for postgresql12 Message-ID: <20221213143125.E3919FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4446-1 Rating: moderate References: #1205300 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql12 fixes the following issues: postgresql12 was updated to 12.13 (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/12/release-12-13.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4446=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4446=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4446=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-4446=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): postgresql12-12.13-150200.8.38.1 postgresql12-contrib-12.13-150200.8.38.1 postgresql12-contrib-debuginfo-12.13-150200.8.38.1 postgresql12-debuginfo-12.13-150200.8.38.1 postgresql12-debugsource-12.13-150200.8.38.1 postgresql12-devel-12.13-150200.8.38.1 postgresql12-devel-debuginfo-12.13-150200.8.38.1 postgresql12-llvmjit-12.13-150200.8.38.1 postgresql12-llvmjit-debuginfo-12.13-150200.8.38.1 postgresql12-llvmjit-devel-12.13-150200.8.38.1 postgresql12-plperl-12.13-150200.8.38.1 postgresql12-plperl-debuginfo-12.13-150200.8.38.1 postgresql12-plpython-12.13-150200.8.38.1 postgresql12-plpython-debuginfo-12.13-150200.8.38.1 postgresql12-pltcl-12.13-150200.8.38.1 postgresql12-pltcl-debuginfo-12.13-150200.8.38.1 postgresql12-server-12.13-150200.8.38.1 postgresql12-server-debuginfo-12.13-150200.8.38.1 postgresql12-server-devel-12.13-150200.8.38.1 postgresql12-server-devel-debuginfo-12.13-150200.8.38.1 postgresql12-test-12.13-150200.8.38.1 - openSUSE Leap 15.4 (noarch): postgresql12-docs-12.13-150200.8.38.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): postgresql12-12.13-150200.8.38.1 postgresql12-contrib-12.13-150200.8.38.1 postgresql12-contrib-debuginfo-12.13-150200.8.38.1 postgresql12-debuginfo-12.13-150200.8.38.1 postgresql12-debugsource-12.13-150200.8.38.1 postgresql12-devel-12.13-150200.8.38.1 postgresql12-devel-debuginfo-12.13-150200.8.38.1 postgresql12-llvmjit-12.13-150200.8.38.1 postgresql12-llvmjit-debuginfo-12.13-150200.8.38.1 postgresql12-plperl-12.13-150200.8.38.1 postgresql12-plperl-debuginfo-12.13-150200.8.38.1 postgresql12-plpython-12.13-150200.8.38.1 postgresql12-plpython-debuginfo-12.13-150200.8.38.1 postgresql12-pltcl-12.13-150200.8.38.1 postgresql12-pltcl-debuginfo-12.13-150200.8.38.1 postgresql12-server-12.13-150200.8.38.1 postgresql12-server-debuginfo-12.13-150200.8.38.1 postgresql12-server-devel-12.13-150200.8.38.1 postgresql12-server-devel-debuginfo-12.13-150200.8.38.1 postgresql12-test-12.13-150200.8.38.1 - openSUSE Leap 15.3 (noarch): postgresql12-docs-12.13-150200.8.38.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql12-llvmjit-12.13-150200.8.38.1 postgresql12-llvmjit-debuginfo-12.13-150200.8.38.1 postgresql12-test-12.13-150200.8.38.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql12-12.13-150200.8.38.1 postgresql12-contrib-12.13-150200.8.38.1 postgresql12-contrib-debuginfo-12.13-150200.8.38.1 postgresql12-debuginfo-12.13-150200.8.38.1 postgresql12-debugsource-12.13-150200.8.38.1 postgresql12-devel-12.13-150200.8.38.1 postgresql12-devel-debuginfo-12.13-150200.8.38.1 postgresql12-plperl-12.13-150200.8.38.1 postgresql12-plperl-debuginfo-12.13-150200.8.38.1 postgresql12-plpython-12.13-150200.8.38.1 postgresql12-plpython-debuginfo-12.13-150200.8.38.1 postgresql12-pltcl-12.13-150200.8.38.1 postgresql12-pltcl-debuginfo-12.13-150200.8.38.1 postgresql12-server-12.13-150200.8.38.1 postgresql12-server-debuginfo-12.13-150200.8.38.1 postgresql12-server-devel-12.13-150200.8.38.1 postgresql12-server-devel-debuginfo-12.13-150200.8.38.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch): postgresql12-docs-12.13-150200.8.38.1 References: https://bugzilla.suse.com/1205300 From sle-updates at lists.suse.com Tue Dec 13 14:32:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:32:10 +0100 (CET) Subject: SUSE-RU-2022:4450-1: moderate: Recommended update for resource-agents Message-ID: <20221213143210.9EB20FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for resource-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4450-1 Rating: moderate References: PED-121 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for resource-agents fixes the following issue: - Pacemaker should provide a dynamic option to specify a logfile. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-4450=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ldirectord-4.4.0+git57.70549516-150200.3.62.1 resource-agents-4.4.0+git57.70549516-150200.3.62.1 resource-agents-debuginfo-4.4.0+git57.70549516-150200.3.62.1 resource-agents-debugsource-4.4.0+git57.70549516-150200.3.62.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): monitoring-plugins-metadata-4.4.0+git57.70549516-150200.3.62.1 References: From sle-updates at lists.suse.com Tue Dec 13 14:32:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 15:32:58 +0100 (CET) Subject: SUSE-RU-2022:4447-1: moderate: Recommended update for postgresql13 Message-ID: <20221213143258.D0D29FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4447-1 Rating: moderate References: #1205300 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql13 fixes the following issues: postgresql13 was updated to 13.9: (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/13/release-13-9.html Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4447=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4447=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4447=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4447=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4447=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4447=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): postgresql13-13.9-150200.5.34.1 postgresql13-contrib-13.9-150200.5.34.1 postgresql13-contrib-debuginfo-13.9-150200.5.34.1 postgresql13-debuginfo-13.9-150200.5.34.1 postgresql13-debugsource-13.9-150200.5.34.1 postgresql13-devel-13.9-150200.5.34.1 postgresql13-devel-debuginfo-13.9-150200.5.34.1 postgresql13-llvmjit-13.9-150200.5.34.1 postgresql13-llvmjit-debuginfo-13.9-150200.5.34.1 postgresql13-llvmjit-devel-13.9-150200.5.34.1 postgresql13-plperl-13.9-150200.5.34.1 postgresql13-plperl-debuginfo-13.9-150200.5.34.1 postgresql13-plpython-13.9-150200.5.34.1 postgresql13-plpython-debuginfo-13.9-150200.5.34.1 postgresql13-pltcl-13.9-150200.5.34.1 postgresql13-pltcl-debuginfo-13.9-150200.5.34.1 postgresql13-server-13.9-150200.5.34.1 postgresql13-server-debuginfo-13.9-150200.5.34.1 postgresql13-server-devel-13.9-150200.5.34.1 postgresql13-server-devel-debuginfo-13.9-150200.5.34.1 postgresql13-test-13.9-150200.5.34.1 - openSUSE Leap 15.4 (noarch): postgresql13-docs-13.9-150200.5.34.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): postgresql13-13.9-150200.5.34.1 postgresql13-contrib-13.9-150200.5.34.1 postgresql13-contrib-debuginfo-13.9-150200.5.34.1 postgresql13-debuginfo-13.9-150200.5.34.1 postgresql13-debugsource-13.9-150200.5.34.1 postgresql13-devel-13.9-150200.5.34.1 postgresql13-devel-debuginfo-13.9-150200.5.34.1 postgresql13-llvmjit-13.9-150200.5.34.1 postgresql13-llvmjit-debuginfo-13.9-150200.5.34.1 postgresql13-plperl-13.9-150200.5.34.1 postgresql13-plperl-debuginfo-13.9-150200.5.34.1 postgresql13-plpython-13.9-150200.5.34.1 postgresql13-plpython-debuginfo-13.9-150200.5.34.1 postgresql13-pltcl-13.9-150200.5.34.1 postgresql13-pltcl-debuginfo-13.9-150200.5.34.1 postgresql13-server-13.9-150200.5.34.1 postgresql13-server-debuginfo-13.9-150200.5.34.1 postgresql13-server-devel-13.9-150200.5.34.1 postgresql13-server-devel-debuginfo-13.9-150200.5.34.1 postgresql13-test-13.9-150200.5.34.1 - openSUSE Leap 15.3 (noarch): postgresql13-docs-13.9-150200.5.34.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql13-contrib-13.9-150200.5.34.1 postgresql13-contrib-debuginfo-13.9-150200.5.34.1 postgresql13-debuginfo-13.9-150200.5.34.1 postgresql13-debugsource-13.9-150200.5.34.1 postgresql13-devel-13.9-150200.5.34.1 postgresql13-devel-debuginfo-13.9-150200.5.34.1 postgresql13-plperl-13.9-150200.5.34.1 postgresql13-plperl-debuginfo-13.9-150200.5.34.1 postgresql13-plpython-13.9-150200.5.34.1 postgresql13-plpython-debuginfo-13.9-150200.5.34.1 postgresql13-pltcl-13.9-150200.5.34.1 postgresql13-pltcl-debuginfo-13.9-150200.5.34.1 postgresql13-server-13.9-150200.5.34.1 postgresql13-server-debuginfo-13.9-150200.5.34.1 postgresql13-server-devel-13.9-150200.5.34.1 postgresql13-server-devel-debuginfo-13.9-150200.5.34.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql13-docs-13.9-150200.5.34.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql13-llvmjit-13.9-150200.5.34.1 postgresql13-llvmjit-debuginfo-13.9-150200.5.34.1 postgresql13-test-13.9-150200.5.34.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): postgresql13-13.9-150200.5.34.1 postgresql13-contrib-13.9-150200.5.34.1 postgresql13-contrib-debuginfo-13.9-150200.5.34.1 postgresql13-debuginfo-13.9-150200.5.34.1 postgresql13-debugsource-13.9-150200.5.34.1 postgresql13-devel-13.9-150200.5.34.1 postgresql13-devel-debuginfo-13.9-150200.5.34.1 postgresql13-llvmjit-13.9-150200.5.34.1 postgresql13-llvmjit-debuginfo-13.9-150200.5.34.1 postgresql13-llvmjit-devel-13.9-150200.5.34.1 postgresql13-plperl-13.9-150200.5.34.1 postgresql13-plperl-debuginfo-13.9-150200.5.34.1 postgresql13-plpython-13.9-150200.5.34.1 postgresql13-plpython-debuginfo-13.9-150200.5.34.1 postgresql13-pltcl-13.9-150200.5.34.1 postgresql13-pltcl-debuginfo-13.9-150200.5.34.1 postgresql13-server-13.9-150200.5.34.1 postgresql13-server-debuginfo-13.9-150200.5.34.1 postgresql13-server-devel-13.9-150200.5.34.1 postgresql13-server-devel-debuginfo-13.9-150200.5.34.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (noarch): postgresql13-docs-13.9-150200.5.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql13-13.9-150200.5.34.1 postgresql13-debuginfo-13.9-150200.5.34.1 postgresql13-debugsource-13.9-150200.5.34.1 References: https://bugzilla.suse.com/1205300 From sle-updates at lists.suse.com Tue Dec 13 17:21:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 18:21:58 +0100 (CET) Subject: SUSE-SU-2022:4457-1: moderate: Security update for libtpms Message-ID: <20221213172158.5826EFD2D@maintenance.suse.de> SUSE Security Update: Security update for libtpms ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4457-1 Rating: moderate References: #1187767 #1204556 Cross-References: CVE-2021-3623 CVSS scores: CVE-2021-3623 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2021-3623 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libtpms fixes the following issues: - CVE-2021-3623: Fixed out-of-bounds access when trying to resume the state of the vTPM (bsc#1187767) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4457=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4457=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4457=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4457=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4457=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4457=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4457=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4457=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4457=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms-devel-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms-devel-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms-devel-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms-devel-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libtpms-debugsource-0.8.2-150300.3.6.1 libtpms0-0.8.2-150300.3.6.1 libtpms0-debuginfo-0.8.2-150300.3.6.1 References: https://www.suse.com/security/cve/CVE-2021-3623.html https://bugzilla.suse.com/1187767 https://bugzilla.suse.com/1204556 From sle-updates at lists.suse.com Tue Dec 13 17:22:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 18:22:58 +0100 (CET) Subject: SUSE-RU-2022:4458-1: moderate: Recommended update for container-suseconnect Message-ID: <20221213172258.8C4A8FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for container-suseconnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4458-1 Rating: moderate References: #1186827 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4458=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4458=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4458=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.4.0-150000.4.22.1 container-suseconnect-debuginfo-2.4.0-150000.4.22.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.4.0-150000.4.22.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.4.0-150000.4.22.1 References: https://bugzilla.suse.com/1186827 From sle-updates at lists.suse.com Tue Dec 13 17:23:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 18:23:43 +0100 (CET) Subject: SUSE-SU-2022:4205-2: moderate: Security update for net-snmp Message-ID: <20221213172343.5A538FD2D@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4205-2 Rating: moderate References: #1201103 SLE-11203 Cross-References: CVE-2022-24805 CVE-2022-24806 CVE-2022-24807 CVE-2022-24808 CVE-2022-24809 CVE-2022-24810 Affected Products: SUSE Linux Enterprise Micro 5.3 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities, contains one feature is now available. Description: This update for net-snmp fixes the following issues: Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203): - CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access. - CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference. - CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously. - CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access. - CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference. - CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4205=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4205=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libsnmp40-5.9.3-150300.15.3.1 libsnmp40-debuginfo-5.9.3-150300.15.3.1 net-snmp-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 snmp-mibs-5.9.3-150300.15.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsnmp40-5.9.3-150300.15.3.1 libsnmp40-debuginfo-5.9.3-150300.15.3.1 net-snmp-debuginfo-5.9.3-150300.15.3.1 net-snmp-debugsource-5.9.3-150300.15.3.1 snmp-mibs-5.9.3-150300.15.3.1 References: https://www.suse.com/security/cve/CVE-2022-24805.html https://www.suse.com/security/cve/CVE-2022-24806.html https://www.suse.com/security/cve/CVE-2022-24807.html https://www.suse.com/security/cve/CVE-2022-24808.html https://www.suse.com/security/cve/CVE-2022-24809.html https://www.suse.com/security/cve/CVE-2022-24810.html https://bugzilla.suse.com/1201103 From sle-updates at lists.suse.com Tue Dec 13 20:21:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 21:21:26 +0100 (CET) Subject: SUSE-SU-2022:4461-1: important: Security update for MozillaFirefox Message-ID: <20221213202126.6751FFD2D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4461-1 Rating: important References: #1206242 Cross-References: CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4461=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4461=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4461=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4461=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4461=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4461=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4461=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4461=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4461=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4461=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-102.6.0-150000.150.68.1 MozillaFirefox-debuginfo-102.6.0-150000.150.68.1 MozillaFirefox-debugsource-102.6.0-150000.150.68.1 MozillaFirefox-devel-102.6.0-150000.150.68.1 MozillaFirefox-translations-common-102.6.0-150000.150.68.1 MozillaFirefox-translations-other-102.6.0-150000.150.68.1 References: https://www.suse.com/security/cve/CVE-2022-46872.html https://www.suse.com/security/cve/CVE-2022-46874.html https://www.suse.com/security/cve/CVE-2022-46875.html https://www.suse.com/security/cve/CVE-2022-46878.html https://www.suse.com/security/cve/CVE-2022-46880.html https://www.suse.com/security/cve/CVE-2022-46881.html https://www.suse.com/security/cve/CVE-2022-46882.html https://bugzilla.suse.com/1206242 From sle-updates at lists.suse.com Tue Dec 13 20:23:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 21:23:11 +0100 (CET) Subject: SUSE-SU-2022:4463-1: important: Security update for containerd Message-ID: <20221213202311.77B71FD2D@maintenance.suse.de> SUSE Security Update: Security update for containerd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4463-1 Rating: important References: #1197284 #1206065 #1206235 Cross-References: CVE-2022-23471 CVE-2022-27191 CVSS scores: CVE-2022-23471 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-23471 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27191 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4463=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4463=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4463=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4463=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4463=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4463=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4463=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4463=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4463=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4463=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4463=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4463=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4463=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4463=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4463=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4463=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4463=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4463=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4463=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4463=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4463=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4463=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4463=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4463=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): containerd-1.6.12-150000.79.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): containerd-1.6.12-150000.79.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Manager Proxy 4.1 (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): containerd-1.6.12-150000.79.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): containerd-1.6.12-150000.79.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): containerd-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 - SUSE CaaS Platform 4.0 (x86_64): containerd-1.6.12-150000.79.1 containerd-ctr-1.6.12-150000.79.1 References: https://www.suse.com/security/cve/CVE-2022-23471.html https://www.suse.com/security/cve/CVE-2022-27191.html https://bugzilla.suse.com/1197284 https://bugzilla.suse.com/1206065 https://bugzilla.suse.com/1206235 From sle-updates at lists.suse.com Tue Dec 13 20:25:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 21:25:11 +0100 (CET) Subject: SUSE-SU-2022:4462-1: important: Security update for MozillaFirefox Message-ID: <20221213202511.4E2BBFD2D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4462-1 Rating: important References: #1206242 Cross-References: CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4462=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4462=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4462=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4462=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4462=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4462=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4462=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4462=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4462=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4462=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4462=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4462=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4462=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-branding-upstream-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-branding-upstream-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.6.0-150200.152.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-102.6.0-150200.152.70.1 MozillaFirefox-debuginfo-102.6.0-150200.152.70.1 MozillaFirefox-debugsource-102.6.0-150200.152.70.1 MozillaFirefox-devel-102.6.0-150200.152.70.1 MozillaFirefox-translations-common-102.6.0-150200.152.70.1 MozillaFirefox-translations-other-102.6.0-150200.152.70.1 References: https://www.suse.com/security/cve/CVE-2022-46872.html https://www.suse.com/security/cve/CVE-2022-46874.html https://www.suse.com/security/cve/CVE-2022-46875.html https://www.suse.com/security/cve/CVE-2022-46878.html https://www.suse.com/security/cve/CVE-2022-46880.html https://www.suse.com/security/cve/CVE-2022-46881.html https://www.suse.com/security/cve/CVE-2022-46882.html https://bugzilla.suse.com/1206242 From sle-updates at lists.suse.com Tue Dec 13 20:26:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Dec 2022 21:26:27 +0100 (CET) Subject: SUSE-SU-2022:4460-1: important: Security update for MozillaFirefox Message-ID: <20221213202627.D8A55FD2D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4460-1 Rating: important References: #1206242 Cross-References: CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Firefox 108 and Firefox ESR 102.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4460=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4460=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4460=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4460=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4460=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4460=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4460=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4460=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-102.6.0-112.142.1 MozillaFirefox-debuginfo-102.6.0-112.142.1 MozillaFirefox-debugsource-102.6.0-112.142.1 MozillaFirefox-devel-102.6.0-112.142.1 MozillaFirefox-translations-common-102.6.0-112.142.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-102.6.0-112.142.1 MozillaFirefox-debuginfo-102.6.0-112.142.1 MozillaFirefox-debugsource-102.6.0-112.142.1 MozillaFirefox-devel-102.6.0-112.142.1 MozillaFirefox-translations-common-102.6.0-112.142.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-102.6.0-112.142.1 MozillaFirefox-debugsource-102.6.0-112.142.1 MozillaFirefox-devel-102.6.0-112.142.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-102.6.0-112.142.1 MozillaFirefox-debuginfo-102.6.0-112.142.1 MozillaFirefox-debugsource-102.6.0-112.142.1 MozillaFirefox-devel-102.6.0-112.142.1 MozillaFirefox-translations-common-102.6.0-112.142.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-112.142.1 MozillaFirefox-debuginfo-102.6.0-112.142.1 MozillaFirefox-debugsource-102.6.0-112.142.1 MozillaFirefox-devel-102.6.0-112.142.1 MozillaFirefox-translations-common-102.6.0-112.142.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.6.0-112.142.1 MozillaFirefox-debuginfo-102.6.0-112.142.1 MozillaFirefox-debugsource-102.6.0-112.142.1 MozillaFirefox-devel-102.6.0-112.142.1 MozillaFirefox-translations-common-102.6.0-112.142.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-102.6.0-112.142.1 MozillaFirefox-debuginfo-102.6.0-112.142.1 MozillaFirefox-debugsource-102.6.0-112.142.1 MozillaFirefox-devel-102.6.0-112.142.1 MozillaFirefox-translations-common-102.6.0-112.142.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-102.6.0-112.142.1 MozillaFirefox-debuginfo-102.6.0-112.142.1 MozillaFirefox-debugsource-102.6.0-112.142.1 MozillaFirefox-devel-102.6.0-112.142.1 MozillaFirefox-translations-common-102.6.0-112.142.1 References: https://www.suse.com/security/cve/CVE-2022-46872.html https://www.suse.com/security/cve/CVE-2022-46874.html https://www.suse.com/security/cve/CVE-2022-46875.html https://www.suse.com/security/cve/CVE-2022-46878.html https://www.suse.com/security/cve/CVE-2022-46880.html https://www.suse.com/security/cve/CVE-2022-46881.html https://www.suse.com/security/cve/CVE-2022-46882.html https://bugzilla.suse.com/1206242 From sle-updates at lists.suse.com Wed Dec 14 08:22:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:22:20 +0100 (CET) Subject: SUSE-RU-2022:4471-1: important: Recommended update for sudo Message-ID: <20221214082220.114BCFCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4471-1 Rating: important References: #1177578 #1197998 #1203201 #1205325 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) - Fix race condition by making sure SIGCHLD is not ignored when sudo is executed (bsc#1203201) - Fix 'secure_path' configuration and instructions in sudoers file (bsc#1177578, bsc#1205325) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4471=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4471=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4471=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4471=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4471=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4471=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4471=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4471=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4471=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4471=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4471=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4471=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4471=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4471=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4471=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4471=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4471=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4471=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4471=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Manager Proxy 4.1 (x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 - SUSE CaaS Platform 4.0 (x86_64): sudo-1.8.27-150000.4.35.1 sudo-debuginfo-1.8.27-150000.4.35.1 sudo-debugsource-1.8.27-150000.4.35.1 sudo-devel-1.8.27-150000.4.35.1 References: https://bugzilla.suse.com/1177578 https://bugzilla.suse.com/1197998 https://bugzilla.suse.com/1203201 https://bugzilla.suse.com/1205325 From sle-updates at lists.suse.com Wed Dec 14 08:23:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:23:57 +0100 (CET) Subject: SUSE-RU-2022:4467-1: important: Recommended update for python-parallax Message-ID: <20221214082357.93379FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-parallax ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4467-1 Rating: important References: #1205116 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-parallax fixes the following issues: - Fix parallax file descriptor leakage (bsc#1205116) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4467=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4467=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4467=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-4467=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-4467=1 Package List: - openSUSE Leap 15.4 (noarch): python3-parallax-1.0.8-150200.4.9.2 - openSUSE Leap 15.3 (noarch): python2-parallax-1.0.8-150200.4.9.2 python3-parallax-1.0.8-150200.4.9.2 - SUSE Linux Enterprise High Availability 15-SP4 (noarch): python3-parallax-1.0.8-150200.4.9.2 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): python3-parallax-1.0.8-150200.4.9.2 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): python3-parallax-1.0.8-150200.4.9.2 References: https://bugzilla.suse.com/1205116 From sle-updates at lists.suse.com Wed Dec 14 08:24:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:24:42 +0100 (CET) Subject: SUSE-RU-2022:4473-1: moderate: Recommended update for supportutils-plugin-ses Message-ID: <20221214082442.1F3E4FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils-plugin-ses ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4473-1 Rating: moderate References: #1203123 Affected Products: SUSE Enterprise Storage 7.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for supportutils-plugin-ses fixes the following issues: - Update to version 7.1+git.1665058893.4b2e2c8: * Provide hints if backend autodetection fails (bsc#1203123) * Update RPM list and README for SUSE Enterprise Storage 7.1 * rook: fix typo in kube-system-resources * rook: remove spurious `exit 1` (bsc#1203123) * rook: fix looking for dataDirHostPath * rook: use bash in collector helper pod Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4473=1 Package List: - SUSE Enterprise Storage 7.1 (noarch): supportutils-plugin-ses-7.1+git.1665058893.4b2e2c8-150300.3.3.1 References: https://bugzilla.suse.com/1203123 From sle-updates at lists.suse.com Wed Dec 14 08:25:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:25:26 +0100 (CET) Subject: SUSE-RU-2022:4465-1: important: Recommended update for motif Message-ID: <20221214082526.ACA40FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for motif ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4465-1 Rating: important References: #1205253 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for motif fixes the following issues: - Fix to prevent third party application crash (bsc#1205253) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4465=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4465=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4465=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4465=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4465=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libMrm4-2.3.4-150000.3.8.1 libMrm4-debuginfo-2.3.4-150000.3.8.1 libUil4-2.3.4-150000.3.8.1 libUil4-debuginfo-2.3.4-150000.3.8.1 libXm4-2.3.4-150000.3.8.1 libXm4-debuginfo-2.3.4-150000.3.8.1 motif-2.3.4-150000.3.8.1 motif-debuginfo-2.3.4-150000.3.8.1 motif-debugsource-2.3.4-150000.3.8.1 motif-devel-2.3.4-150000.3.8.1 motif-devel-debuginfo-2.3.4-150000.3.8.1 - openSUSE Leap 15.4 (x86_64): libMrm4-32bit-2.3.4-150000.3.8.1 libMrm4-32bit-debuginfo-2.3.4-150000.3.8.1 libUil4-32bit-2.3.4-150000.3.8.1 libUil4-32bit-debuginfo-2.3.4-150000.3.8.1 libXm4-32bit-2.3.4-150000.3.8.1 libXm4-32bit-debuginfo-2.3.4-150000.3.8.1 motif-devel-32bit-2.3.4-150000.3.8.1 motif-devel-32bit-debuginfo-2.3.4-150000.3.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libMrm4-2.3.4-150000.3.8.1 libMrm4-debuginfo-2.3.4-150000.3.8.1 libUil4-2.3.4-150000.3.8.1 libUil4-debuginfo-2.3.4-150000.3.8.1 libXm4-2.3.4-150000.3.8.1 libXm4-debuginfo-2.3.4-150000.3.8.1 motif-2.3.4-150000.3.8.1 motif-debuginfo-2.3.4-150000.3.8.1 motif-debugsource-2.3.4-150000.3.8.1 motif-devel-2.3.4-150000.3.8.1 motif-devel-debuginfo-2.3.4-150000.3.8.1 - openSUSE Leap 15.3 (x86_64): libMrm4-32bit-2.3.4-150000.3.8.1 libMrm4-32bit-debuginfo-2.3.4-150000.3.8.1 libUil4-32bit-2.3.4-150000.3.8.1 libUil4-32bit-debuginfo-2.3.4-150000.3.8.1 libXm4-32bit-2.3.4-150000.3.8.1 libXm4-32bit-debuginfo-2.3.4-150000.3.8.1 motif-devel-32bit-2.3.4-150000.3.8.1 motif-devel-32bit-debuginfo-2.3.4-150000.3.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libXm4-2.3.4-150000.3.8.1 libXm4-debuginfo-2.3.4-150000.3.8.1 motif-2.3.4-150000.3.8.1 motif-debuginfo-2.3.4-150000.3.8.1 motif-debugsource-2.3.4-150000.3.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libMrm4-2.3.4-150000.3.8.1 libMrm4-debuginfo-2.3.4-150000.3.8.1 libUil4-2.3.4-150000.3.8.1 libUil4-debuginfo-2.3.4-150000.3.8.1 libXm4-2.3.4-150000.3.8.1 libXm4-debuginfo-2.3.4-150000.3.8.1 motif-2.3.4-150000.3.8.1 motif-debuginfo-2.3.4-150000.3.8.1 motif-debugsource-2.3.4-150000.3.8.1 motif-devel-2.3.4-150000.3.8.1 motif-devel-debuginfo-2.3.4-150000.3.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (x86_64): libMrm4-32bit-2.3.4-150000.3.8.1 libMrm4-32bit-debuginfo-2.3.4-150000.3.8.1 libUil4-32bit-2.3.4-150000.3.8.1 libUil4-32bit-debuginfo-2.3.4-150000.3.8.1 libXm4-32bit-2.3.4-150000.3.8.1 libXm4-32bit-debuginfo-2.3.4-150000.3.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libMrm4-2.3.4-150000.3.8.1 libMrm4-debuginfo-2.3.4-150000.3.8.1 libUil4-2.3.4-150000.3.8.1 libUil4-debuginfo-2.3.4-150000.3.8.1 libXm4-2.3.4-150000.3.8.1 libXm4-debuginfo-2.3.4-150000.3.8.1 motif-2.3.4-150000.3.8.1 motif-debuginfo-2.3.4-150000.3.8.1 motif-debugsource-2.3.4-150000.3.8.1 motif-devel-2.3.4-150000.3.8.1 motif-devel-debuginfo-2.3.4-150000.3.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): libMrm4-32bit-2.3.4-150000.3.8.1 libMrm4-32bit-debuginfo-2.3.4-150000.3.8.1 libUil4-32bit-2.3.4-150000.3.8.1 libUil4-32bit-debuginfo-2.3.4-150000.3.8.1 libXm4-32bit-2.3.4-150000.3.8.1 libXm4-32bit-debuginfo-2.3.4-150000.3.8.1 References: https://bugzilla.suse.com/1205253 From sle-updates at lists.suse.com Wed Dec 14 08:26:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:26:17 +0100 (CET) Subject: SUSE-RU-2022:4472-1: moderate: Recommended update for pesign Message-ID: <20221214082617.1F719FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for pesign ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4472-1 Rating: moderate References: #1205323 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pesign fixes the following issues: - Fix OID array indices (bsc#1205323) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4472=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4472=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4472=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4472=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): pesign-0.112-150000.4.12.1 pesign-debuginfo-0.112-150000.4.12.1 pesign-debugsource-0.112-150000.4.12.1 - openSUSE Leap 15.3 (aarch64 x86_64): pesign-0.112-150000.4.12.1 pesign-debuginfo-0.112-150000.4.12.1 pesign-debugsource-0.112-150000.4.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): pesign-0.112-150000.4.12.1 pesign-debuginfo-0.112-150000.4.12.1 pesign-debugsource-0.112-150000.4.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): pesign-0.112-150000.4.12.1 pesign-debuginfo-0.112-150000.4.12.1 pesign-debugsource-0.112-150000.4.12.1 References: https://bugzilla.suse.com/1205323 From sle-updates at lists.suse.com Wed Dec 14 08:27:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:27:10 +0100 (CET) Subject: SUSE-RU-2022:4466-1: moderate: Recommended update for python-kiwi Message-ID: <20221214082710.BD431FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-kiwi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4466-1 Rating: moderate References: #1203896 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-kiwi fixes the following issues: Version update from 9.24.36 to 9.24.43: - Add example aarch64 integration test for Ubuntu - Add option '--target-arch' for image info to allow cross architecture dependency solving - Add support for group id in users setting - Fix error handling for setfiles policy lookup and ensure the path to run scandir is properly created - Fix handling of signing_keys in cmdline options - Fix helper method to detect dracut outfile format - Fix 'kexec' options setup in kiwi-dump-reboot - Fix issues with the setfiles SELinux relabel command - Prefer file based syscall in kexec when possible, needed to support boot on a secure boot enabled system (bsc#1203896) - Setup SELinux on every system prepare / build Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4466=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4466=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4466=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4466=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4466=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4466=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4466=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4466=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4466=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): dracut-kiwi-lib-9.24.43-150100.3.56.3 dracut-kiwi-oem-dump-9.24.43-150100.3.56.3 dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 python-kiwi-debugsource-9.24.43-150100.3.56.3 - openSUSE Leap Micro 5.2 (aarch64 x86_64): dracut-kiwi-lib-9.24.43-150100.3.56.3 dracut-kiwi-oem-dump-9.24.43-150100.3.56.3 dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 python-kiwi-debugsource-9.24.43-150100.3.56.3 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.43-150100.3.56.3 dracut-kiwi-live-9.24.43-150100.3.56.3 dracut-kiwi-oem-dump-9.24.43-150100.3.56.3 dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 dracut-kiwi-overlay-9.24.43-150100.3.56.3 kiwi-man-pages-9.24.43-150100.3.56.3 kiwi-systemdeps-9.24.43-150100.3.56.3 kiwi-systemdeps-bootloaders-9.24.43-150100.3.56.3 kiwi-systemdeps-containers-9.24.43-150100.3.56.3 kiwi-systemdeps-core-9.24.43-150100.3.56.3 kiwi-systemdeps-disk-images-9.24.43-150100.3.56.3 kiwi-systemdeps-filesystems-9.24.43-150100.3.56.3 kiwi-systemdeps-image-validation-9.24.43-150100.3.56.3 kiwi-systemdeps-iso-media-9.24.43-150100.3.56.3 kiwi-tools-9.24.43-150100.3.56.3 kiwi-tools-debuginfo-9.24.43-150100.3.56.3 python-kiwi-debugsource-9.24.43-150100.3.56.3 python3-kiwi-9.24.43-150100.3.56.3 - openSUSE Leap 15.4 (x86_64): kiwi-pxeboot-9.24.43-150100.3.56.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.43-150100.3.56.3 dracut-kiwi-live-9.24.43-150100.3.56.3 dracut-kiwi-oem-dump-9.24.43-150100.3.56.3 dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 dracut-kiwi-overlay-9.24.43-150100.3.56.3 kiwi-man-pages-9.24.43-150100.3.56.3 kiwi-systemdeps-9.24.43-150100.3.56.3 kiwi-systemdeps-bootloaders-9.24.43-150100.3.56.3 kiwi-systemdeps-containers-9.24.43-150100.3.56.3 kiwi-systemdeps-core-9.24.43-150100.3.56.3 kiwi-systemdeps-disk-images-9.24.43-150100.3.56.3 kiwi-systemdeps-filesystems-9.24.43-150100.3.56.3 kiwi-systemdeps-image-validation-9.24.43-150100.3.56.3 kiwi-systemdeps-iso-media-9.24.43-150100.3.56.3 kiwi-tools-9.24.43-150100.3.56.3 kiwi-tools-debuginfo-9.24.43-150100.3.56.3 python-kiwi-debugsource-9.24.43-150100.3.56.3 python3-kiwi-9.24.43-150100.3.56.3 - openSUSE Leap 15.3 (x86_64): kiwi-pxeboot-9.24.43-150100.3.56.3 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.43-150100.3.56.3 dracut-kiwi-live-9.24.43-150100.3.56.3 dracut-kiwi-oem-dump-9.24.43-150100.3.56.3 dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 dracut-kiwi-overlay-9.24.43-150100.3.56.3 kiwi-man-pages-9.24.43-150100.3.56.3 kiwi-systemdeps-9.24.43-150100.3.56.3 kiwi-systemdeps-bootloaders-9.24.43-150100.3.56.3 kiwi-systemdeps-containers-9.24.43-150100.3.56.3 kiwi-systemdeps-core-9.24.43-150100.3.56.3 kiwi-systemdeps-disk-images-9.24.43-150100.3.56.3 kiwi-systemdeps-filesystems-9.24.43-150100.3.56.3 kiwi-systemdeps-image-validation-9.24.43-150100.3.56.3 kiwi-systemdeps-iso-media-9.24.43-150100.3.56.3 kiwi-tools-9.24.43-150100.3.56.3 kiwi-tools-debuginfo-9.24.43-150100.3.56.3 python-kiwi-debugsource-9.24.43-150100.3.56.3 python3-kiwi-9.24.43-150100.3.56.3 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): kiwi-pxeboot-9.24.43-150100.3.56.3 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-kiwi-lib-9.24.43-150100.3.56.3 dracut-kiwi-live-9.24.43-150100.3.56.3 dracut-kiwi-oem-dump-9.24.43-150100.3.56.3 dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 dracut-kiwi-overlay-9.24.43-150100.3.56.3 kiwi-man-pages-9.24.43-150100.3.56.3 kiwi-systemdeps-9.24.43-150100.3.56.3 kiwi-systemdeps-bootloaders-9.24.43-150100.3.56.3 kiwi-systemdeps-containers-9.24.43-150100.3.56.3 kiwi-systemdeps-core-9.24.43-150100.3.56.3 kiwi-systemdeps-disk-images-9.24.43-150100.3.56.3 kiwi-systemdeps-filesystems-9.24.43-150100.3.56.3 kiwi-systemdeps-image-validation-9.24.43-150100.3.56.3 kiwi-systemdeps-iso-media-9.24.43-150100.3.56.3 kiwi-tools-9.24.43-150100.3.56.3 kiwi-tools-debuginfo-9.24.43-150100.3.56.3 python-kiwi-debugsource-9.24.43-150100.3.56.3 python3-kiwi-9.24.43-150100.3.56.3 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): kiwi-pxeboot-9.24.43-150100.3.56.3 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): dracut-kiwi-lib-9.24.43-150100.3.56.3 dracut-kiwi-oem-dump-9.24.43-150100.3.56.3 dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 python-kiwi-debugsource-9.24.43-150100.3.56.3 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dracut-kiwi-lib-9.24.43-150100.3.56.3 dracut-kiwi-oem-dump-9.24.43-150100.3.56.3 dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 python-kiwi-debugsource-9.24.43-150100.3.56.3 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dracut-kiwi-lib-9.24.43-150100.3.56.3 dracut-kiwi-oem-repart-9.24.43-150100.3.56.3 python-kiwi-debugsource-9.24.43-150100.3.56.3 References: https://bugzilla.suse.com/1203896 From sle-updates at lists.suse.com Wed Dec 14 08:28:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:28:03 +0100 (CET) Subject: SUSE-RU-2022:4468-1: important: Recommended update for sudo Message-ID: <20221214082803.A84E3FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4468-1 Rating: important References: #1197998 #1203201 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) - Fix race condition by making sure SIGCHLD is not ignored when sudo is executed (bsc#1203201) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4468=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sudo-1.8.10p3-10.41.1 sudo-debuginfo-1.8.10p3-10.41.1 sudo-debugsource-1.8.10p3-10.41.1 References: https://bugzilla.suse.com/1197998 https://bugzilla.suse.com/1203201 From sle-updates at lists.suse.com Wed Dec 14 08:28:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:28:52 +0100 (CET) Subject: SUSE-RU-2022:4470-1: important: Recommended update for sudo Message-ID: <20221214082852.EF7D2FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4470-1 Rating: important References: #1197998 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4470=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4470=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4470=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4470=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4470=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): sudo-1.9.5p2-150300.3.16.1 sudo-debuginfo-1.9.5p2-150300.3.16.1 sudo-debugsource-1.9.5p2-150300.3.16.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): sudo-1.9.5p2-150300.3.16.1 sudo-debuginfo-1.9.5p2-150300.3.16.1 sudo-debugsource-1.9.5p2-150300.3.16.1 sudo-devel-1.9.5p2-150300.3.16.1 sudo-plugin-python-1.9.5p2-150300.3.16.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.16.1 sudo-test-1.9.5p2-150300.3.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): sudo-1.9.5p2-150300.3.16.1 sudo-debuginfo-1.9.5p2-150300.3.16.1 sudo-debugsource-1.9.5p2-150300.3.16.1 sudo-devel-1.9.5p2-150300.3.16.1 sudo-plugin-python-1.9.5p2-150300.3.16.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.16.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): sudo-1.9.5p2-150300.3.16.1 sudo-debuginfo-1.9.5p2-150300.3.16.1 sudo-debugsource-1.9.5p2-150300.3.16.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): sudo-1.9.5p2-150300.3.16.1 sudo-debuginfo-1.9.5p2-150300.3.16.1 sudo-debugsource-1.9.5p2-150300.3.16.1 References: https://bugzilla.suse.com/1197998 From sle-updates at lists.suse.com Wed Dec 14 08:29:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:29:50 +0100 (CET) Subject: SUSE-FU-2022:4464-1: important: YaST Message-ID: <20221214082950.053E0FCC9@maintenance.suse.de> SUSE Feature Update: YaST ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4464-1 Rating: important References: #1204180 #1205918 SLE-24764 SLE-25087 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Installer 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two feature fixes and contains two features can now be installed. Description: This update for YaST fixes the following issues: autoyast2: - Add needed packages for kdump if the product enables kdump by default (bsc#1204180) - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) skelcd-control-leanos: - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) yast2-installation: - Fixed the help in the installation summary (jsc#SLE-25087, jsc#SLE-24764) - Write configuration for ssg-apply script according to the enabled security policy (jsc#SLE-25087, jsc#SLE-24764) yast2-schema-default: - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) yast2-security: - Fixed wrong steps count causing a crash during saving (bsc#1205918) - Disable the ssg-apply service if the selected SCAP action is "do nothing" (jsc#SLE-25087, jsc#SLE-24764) - Add support for DISA STIG security policy validation (jsc#SLE-25087, jsc#SLE-24764) yast2-storage-ng: - Validate security policies in both guided proposal and partitioner (jsc#SLE-25087, jsc#SLE-24764) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4464=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4464=1 - SUSE Linux Enterprise Installer 15-SP4: zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2022-4464=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): yast2-schema-default-4.4.15-150400.3.9.1 yast2-schema-micro-4.4.15-150400.3.9.1 yast2-storage-ng-4.4.41-150400.3.6.1 - openSUSE Leap 15.4 (noarch): autoyast2-4.4.43-150400.3.16.1 autoyast2-installation-4.4.43-150400.3.16.1 yast2-installation-4.4.58-150400.3.15.1 yast2-security-4.4.17-150400.3.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): yast2-schema-default-4.4.15-150400.3.9.1 yast2-storage-ng-4.4.41-150400.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): autoyast2-4.4.43-150400.3.16.1 autoyast2-installation-4.4.43-150400.3.16.1 yast2-installation-4.4.58-150400.3.15.1 yast2-security-4.4.17-150400.3.10.1 - SUSE Linux Enterprise Installer 15-SP4 (aarch64 ppc64le s390x x86_64): yast2-schema-default-4.4.15-150400.3.9.1 yast2-schema-micro-4.4.15-150400.3.9.1 yast2-storage-ng-4.4.41-150400.3.6.1 - SUSE Linux Enterprise Installer 15-SP4 (noarch): autoyast2-4.4.43-150400.3.16.1 autoyast2-installation-4.4.43-150400.3.16.1 yast2-installation-4.4.58-150400.3.15.1 yast2-security-4.4.17-150400.3.10.1 References: https://bugzilla.suse.com/1204180 https://bugzilla.suse.com/1205918 From sle-updates at lists.suse.com Wed Dec 14 08:30:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:30:44 +0100 (CET) Subject: SUSE-RU-2022:4469-1: important: Recommended update for sudo Message-ID: <20221214083044.AC407FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4469-1 Rating: important References: #1197998 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4469=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4469=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4469=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4469=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): sudo-1.9.9-150400.4.9.1 sudo-debuginfo-1.9.9-150400.4.9.1 sudo-debugsource-1.9.9-150400.4.9.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): sudo-1.9.9-150400.4.9.1 sudo-debuginfo-1.9.9-150400.4.9.1 sudo-debugsource-1.9.9-150400.4.9.1 sudo-devel-1.9.9-150400.4.9.1 sudo-plugin-python-1.9.9-150400.4.9.1 sudo-plugin-python-debuginfo-1.9.9-150400.4.9.1 sudo-test-1.9.9-150400.4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): sudo-1.9.9-150400.4.9.1 sudo-debuginfo-1.9.9-150400.4.9.1 sudo-debugsource-1.9.9-150400.4.9.1 sudo-devel-1.9.9-150400.4.9.1 sudo-plugin-python-1.9.9-150400.4.9.1 sudo-plugin-python-debuginfo-1.9.9-150400.4.9.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): sudo-1.9.9-150400.4.9.1 sudo-debuginfo-1.9.9-150400.4.9.1 sudo-debugsource-1.9.9-150400.4.9.1 References: https://bugzilla.suse.com/1197998 From sle-updates at lists.suse.com Wed Dec 14 08:36:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:36:49 +0100 (CET) Subject: SUSE-CU-2022:3341-1: Recommended update of suse/sles12sp4 Message-ID: <20221214083649.D273AFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3341-1 Container Tags : suse/sles12sp4:26.544 , suse/sles12sp4:latest Container Release : 26.544 Severity : moderate Type : recommended References : 1204548 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4449-1 Released: Tue Dec 13 10:35:19 2022 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1204548 This update for libzypp fixes the following issues: Update to version 16.22.5: - properly reset range requests (bsc#1204548) The following package changes have been done: - base-container-licenses-3.0-1.333 updated - container-suseconnect-2.0.0-1.217 updated - libzypp-16.22.5-39.1 updated From sle-updates at lists.suse.com Wed Dec 14 08:45:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 09:45:36 +0100 (CET) Subject: SUSE-CU-2022:3342-1: Recommended update of suse/sles12sp5 Message-ID: <20221214084536.281FDFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3342-1 Container Tags : suse/sles12sp5:6.5.413 , suse/sles12sp5:latest Container Release : 6.5.413 Severity : moderate Type : recommended References : 1204548 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4449-1 Released: Tue Dec 13 10:35:19 2022 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1204548 This update for libzypp fixes the following issues: Update to version 16.22.5: - properly reset range requests (bsc#1204548) The following package changes have been done: - libzypp-16.22.5-39.1 updated From sle-updates at lists.suse.com Wed Dec 14 09:08:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 10:08:14 +0100 (CET) Subject: SUSE-CU-2022:3343-1: Recommended update of suse/sle15 Message-ID: <20221214090814.1483AFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3343-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.655 Container Release : 4.22.655 Severity : moderate Type : recommended References : 1186827 1204706 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) The following package changes have been done: - container-suseconnect-2.4.0-150000.4.22.1 updated - suse-build-key-12.0-150000.8.28.1 updated From sle-updates at lists.suse.com Wed Dec 14 09:22:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 10:22:18 +0100 (CET) Subject: SUSE-CU-2022:3344-1: Recommended update of suse/sle15 Message-ID: <20221214092218.09E0AFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3344-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.243 Container Release : 9.5.243 Severity : moderate Type : recommended References : 1186827 1204706 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) The following package changes have been done: - container-suseconnect-2.4.0-150000.4.22.1 updated - suse-build-key-12.0-150000.8.28.1 updated From sle-updates at lists.suse.com Wed Dec 14 09:51:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 10:51:59 +0100 (CET) Subject: SUSE-CU-2022:3348-1: Recommended update of suse/sle15 Message-ID: <20221214095159.EE697FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3348-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.83 , suse/sle15:15.3 , suse/sle15:15.3.17.20.83 Container Release : 17.20.83 Severity : moderate Type : recommended References : 1186827 1204706 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) The following package changes have been done: - container-suseconnect-2.4.0-150000.4.22.1 updated - suse-build-key-12.0-150000.8.28.1 updated From sle-updates at lists.suse.com Wed Dec 14 10:34:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 11:34:59 +0100 (CET) Subject: SUSE-CU-2022:3371-1: Recommended update of suse/sle15 Message-ID: <20221214103459.9052AFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3371-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.23 , suse/sle15:15.4 , suse/sle15:15.4.27.14.23 Container Release : 27.14.23 Severity : moderate Type : recommended References : 1186827 1204706 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) The following package changes have been done: - container-suseconnect-2.4.0-150000.4.22.1 updated - suse-build-key-12.0-150000.8.28.1 updated From sle-updates at lists.suse.com Wed Dec 14 10:35:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 11:35:42 +0100 (CET) Subject: SUSE-CU-2022:3372-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20221214103542.05D50FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3372-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.3 , suse/manager/4.3/proxy-httpd:4.3.3.9.22.1 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.22.1 Severity : important Type : security References : 1177460 1188607 1190651 1198165 1199074 1199944 1200169 1200296 1201476 1201590 1201606 1201607 1201634 1201788 1201893 1201959 1202093 1202217 1202324 1202344 1202750 1202785 1203125 1203216 1203283 1203451 1203482 1203532 1203580 1203588 1203599 1203611 1203633 1203652 1203685 1203698 1203884 1204029 1204061 1204179 1204195 1204211 1204437 1204444 1204517 1204519 1204541 1204577 1204649 1204651 1204699 1204968 1205126 1205156 1205212 1205339 1205470 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-1664 CVE-2022-2255 CVE-2022-37454 CVE-2022-3821 CVE-2022-42898 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4010-1 Released: Wed Nov 16 11:07:36 2022 Summary: Security update for apache2-mod_wsgi Type: security Severity: moderate References: 1201634,CVE-2022-2255 This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4063-1 Released: Fri Nov 18 09:07:50 2022 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4417-1 Released: Tue Dec 13 08:24:11 2022 Summary: Maintenance update for SUSE Manager 4.3: Server and Proxy Type: recommended Severity: moderate References: 1200169,1200296,1201476,1201606,1201607,1201788,1201893,1202093,1202217,1202785,1203283,1203451,1203532,1203580,1203588,1203599,1203611,1203633,1203685,1203698,1203884,1204029,1204061,1204195,1204437,1204444,1204517,1204519,1204541,1204651,1204699,1205212,1205339,1205470 Maintenance update for SUSE Manager 4.3: Server and Proxy: This is a codestream only update The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libudev1-249.12-150400.8.13.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - libmount1-2.37.2-150400.8.8.1 updated - krb5-1.19.2-150400.3.3.1 updated - util-linux-2.37.2-150400.8.8.1 updated - timezone-2022f-150000.75.15.1 updated - libapparmor1-3.0.4-150400.5.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - python3-rpm-4.14.3-150300.52.1 updated - hwdata-0.363-150000.3.51.1 updated - systemd-249.12-150400.8.13.1 updated - apache2-mod_wsgi-4.7.1-150400.3.3.1 updated - spacewalk-backend-4.3.17-150400.3.9.9 updated - python3-spacewalk-client-tools-4.3.13-150400.3.9.9 updated - spacewalk-client-tools-4.3.13-150400.3.9.9 updated - spacewalk-proxy-package-manager-4.3.13-150400.3.8.7 updated - spacewalk-proxy-common-4.3.13-150400.3.8.7 updated - spacewalk-proxy-broker-4.3.13-150400.3.8.7 updated - spacewalk-proxy-redirect-4.3.13-150400.3.8.7 updated From sle-updates at lists.suse.com Wed Dec 14 10:36:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 11:36:04 +0100 (CET) Subject: SUSE-CU-2022:3374-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20221214103604.0F06DFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3374-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.3 , suse/manager/4.3/proxy-salt-broker:4.3.3.9.12.1 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.12.1 Severity : critical Type : security References : 1177460 1188607 1190651 1190651 1194047 1194530 1198165 1201590 1201959 1202148 1202324 1203125 1203652 1203681 1203911 1204179 1204211 1204256 1204383 1204386 1204577 1204649 1204690 1204708 1204968 1205126 1205156 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-22569 CVE-2021-46848 CVE-2022-1941 CVE-2022-3171 CVE-2022-32221 CVE-2022-37454 CVE-2022-3821 CVE-2022-42898 CVE-2022-42916 CVE-2022-43680 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libudev1-249.12-150400.8.13.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libmount1-2.37.2-150400.8.8.1 updated - krb5-1.19.2-150400.3.3.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - pam-1.3.0-150000.6.61.1 updated - util-linux-2.37.2-150400.8.8.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - timezone-2022f-150000.75.15.1 updated - curl-7.79.1-150400.5.9.1 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated From sle-updates at lists.suse.com Wed Dec 14 10:36:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 11:36:32 +0100 (CET) Subject: SUSE-CU-2022:3376-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20221214103632.97C52FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3376-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.3 , suse/manager/4.3/proxy-squid:4.3.3.9.19.1 , suse/manager/4.3/proxy-squid:latest Container Release : 9.19.1 Severity : important Type : security References : 1177460 1190651 1198165 1201959 1202324 1203652 1204179 1204211 1204649 1204968 1205126 1205156 CVE-2022-3821 CVE-2022-42898 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - libmount1-2.37.2-150400.8.8.1 updated - krb5-1.19.2-150400.3.3.1 updated - util-linux-2.37.2-150400.8.8.1 updated - timezone-2022f-150000.75.15.1 updated From sle-updates at lists.suse.com Wed Dec 14 10:36:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 11:36:50 +0100 (CET) Subject: SUSE-CU-2022:3378-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20221214103650.66D3DFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3378-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.3 , suse/manager/4.3/proxy-ssh:4.3.3.9.12.1 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.12.1 Severity : important Type : security References : 1177460 1188607 1190651 1190651 1192439 1194047 1198165 1201959 1202148 1202324 1203125 1203652 1203911 1204179 1204211 1204383 1204386 1204577 1204649 1204708 1204968 1205126 1205156 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2022-32221 CVE-2022-37454 CVE-2022-3821 CVE-2022-42898 CVE-2022-42916 CVE-2022-43680 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libudev1-249.12-150400.8.13.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - libmount1-2.37.2-150400.8.8.1 updated - krb5-1.19.2-150400.3.3.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - pam-1.3.0-150000.6.61.1 updated - util-linux-2.37.2-150400.8.8.1 updated - timezone-2022f-150000.75.15.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - openssh-common-8.4p1-150300.3.12.2 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - openssh-fips-8.4p1-150300.3.12.2 updated - openssh-server-8.4p1-150300.3.12.2 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-8.4p1-150300.3.12.2 updated From sle-updates at lists.suse.com Wed Dec 14 10:37:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 11:37:10 +0100 (CET) Subject: SUSE-CU-2022:3380-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20221214103710.88C0AFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3380-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.3 , suse/manager/4.3/proxy-tftpd:4.3.3.9.12.1 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.12.1 Severity : critical Type : security References : 1177460 1188607 1190651 1190651 1194047 1198165 1199944 1201959 1202148 1202324 1203125 1203652 1203911 1204145 1204179 1204211 1204383 1204386 1204577 1204649 1204690 1204708 1204968 1205126 1205156 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-46848 CVE-2022-1664 CVE-2022-32221 CVE-2022-37454 CVE-2022-3821 CVE-2022-42898 CVE-2022-42916 CVE-2022-43680 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). The following package changes have been done: - libuuid1-2.37.2-150400.8.8.1 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libz1-1.2.11-150000.3.36.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.16.1 updated - libmount1-2.37.2-150400.8.8.1 updated - krb5-1.19.2-150400.3.3.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - permissions-20201225-150400.5.16.1 updated - pam-1.3.0-150000.6.61.1 updated - util-linux-2.37.2-150400.8.8.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - timezone-2022f-150000.75.15.1 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - python3-iniconfig-1.1.1-150000.1.9.1 updated - python3-apipkg-1.4-150000.3.4.1 updated From sle-updates at lists.suse.com Wed Dec 14 11:21:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 12:21:32 +0100 (CET) Subject: SUSE-RU-2022:4474-1: moderate: Recommended update for python-paramiko Message-ID: <20221214112132.0FFA5FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4474-1 Rating: moderate References: #1205132 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-paramiko fixes the following issues: - Fix loading of RSA key (bsc#1205132) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4474=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4474=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-4474=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4474=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4474=1 Package List: - openSUSE Leap 15.4 (noarch): python-paramiko-doc-2.4.3-150100.6.18.1 python3-paramiko-2.4.3-150100.6.18.1 - openSUSE Leap 15.3 (noarch): python-paramiko-doc-2.4.3-150100.6.18.1 python2-paramiko-2.4.3-150100.6.18.1 python3-paramiko-2.4.3-150100.6.18.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-paramiko-2.4.3-150100.6.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-paramiko-2.4.3-150100.6.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-paramiko-2.4.3-150100.6.18.1 References: https://bugzilla.suse.com/1205132 From sle-updates at lists.suse.com Wed Dec 14 14:22:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 15:22:41 +0100 (CET) Subject: SUSE-RU-2022:4475-1: moderate: Recommended update for SUSE Manager Server 4.3 Message-ID: <20221214142241.222D0FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4475-1 Rating: moderate References: #1205896 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update fixes the following issues: susemanager-docs_en: - Removed SLE Micro 5.1 notes in Client Configuration Guide - Added SLE Micro bootstrapping note in Client Configuration Guide - Added Red Hat Enterprise Linux 9 clients as supported in Client Configuration Guide (bsc#1205896) How to apply this update: 1. Log in as root user to the SUSE Manager Server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-4475=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): susemanager-docs_en-4.3-150400.9.12.1 susemanager-docs_en-pdf-4.3-150400.9.12.1 References: https://bugzilla.suse.com/1205896 From sle-updates at lists.suse.com Wed Dec 14 14:23:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 15:23:18 +0100 (CET) Subject: SUSE-SU-2022:4478-1: moderate: Security update for capnproto Message-ID: <20221214142318.AD701FD2D@maintenance.suse.de> SUSE Security Update: Security update for capnproto ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4478-1 Rating: moderate References: #1205968 Cross-References: CVE-2022-46149 CVSS scores: CVE-2022-46149 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2022-46149 (SUSE): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for capnproto fixes the following issues: - CVE-2022-46149: Fixed out of bounds read when handling a list of lists (bsc#1205968). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4478=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4478=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): capnproto-0.9.1-150400.3.4.1 capnproto-debuginfo-0.9.1-150400.3.4.1 capnproto-debugsource-0.9.1-150400.3.4.1 libcapnp-0_9-0.9.1-150400.3.4.1 libcapnp-0_9-debuginfo-0.9.1-150400.3.4.1 libcapnp-devel-0.9.1-150400.3.4.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): capnproto-debuginfo-0.9.1-150400.3.4.1 capnproto-debugsource-0.9.1-150400.3.4.1 libcapnp-0_9-0.9.1-150400.3.4.1 libcapnp-0_9-debuginfo-0.9.1-150400.3.4.1 References: https://www.suse.com/security/cve/CVE-2022-46149.html https://bugzilla.suse.com/1205968 From sle-updates at lists.suse.com Wed Dec 14 14:23:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 15:23:57 +0100 (CET) Subject: SUSE-RU-2022:4476-1: important: Recommended update for SUSE Manager Server 4.3 Message-ID: <20221214142357.B27BCFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Server 4.3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4476-1 Rating: important References: Affected Products: SUSE Manager Server 4.3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update fixes the following issue: release-notes-susemanager: - Update to SUSE Manager 4.3.3.1 * Bootrapping from UI is not functioning for SLE Micro Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-4476=1 Package List: - SUSE Manager Server 4.3 (ppc64le s390x x86_64): release-notes-susemanager-4.3.3.1-150400.3.26.2 References: From sle-updates at lists.suse.com Wed Dec 14 14:24:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 15:24:39 +0100 (CET) Subject: SUSE-SU-2022:4477-1: moderate: Security update for zabbix Message-ID: <20221214142439.B7178FD2D@maintenance.suse.de> SUSE Security Update: Security update for zabbix ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4477-1 Rating: moderate References: #1206083 Cross-References: CVE-2022-43515 CVSS scores: CVE-2022-43515 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43515 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zabbix fixes the following issues: - CVE-2022-43515: X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode (bsc#1206083). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4477=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4477=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4477=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4477=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4477=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4477=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): zabbix-agent-4.0.12-4.21.1 zabbix-agent-debuginfo-4.0.12-4.21.1 zabbix-debugsource-4.0.12-4.21.1 - SUSE OpenStack Cloud 9 (x86_64): zabbix-agent-4.0.12-4.21.1 zabbix-agent-debuginfo-4.0.12-4.21.1 zabbix-debugsource-4.0.12-4.21.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): zabbix-agent-4.0.12-4.21.1 zabbix-agent-debuginfo-4.0.12-4.21.1 zabbix-debugsource-4.0.12-4.21.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zabbix-agent-4.0.12-4.21.1 zabbix-agent-debuginfo-4.0.12-4.21.1 zabbix-debugsource-4.0.12-4.21.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): zabbix-agent-4.0.12-4.21.1 zabbix-agent-debuginfo-4.0.12-4.21.1 zabbix-debugsource-4.0.12-4.21.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): zabbix-agent-4.0.12-4.21.1 zabbix-agent-debuginfo-4.0.12-4.21.1 zabbix-debugsource-4.0.12-4.21.1 References: https://www.suse.com/security/cve/CVE-2022-43515.html https://bugzilla.suse.com/1206083 From sle-updates at lists.suse.com Wed Dec 14 17:22:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:22:06 +0100 (CET) Subject: SUSE-RU-2022:4491-1: important: Recommended update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme Message-ID: <20221214172206.22C2CFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4491-1 Rating: important References: #1111657 #1144506 #1148184 #1186870 #1199282 PM-3243 SLE-24629 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that has 5 recommended fixes and contains two features can now be installed. Description: This update for libsodium, python-Django, python-PyNaCl, python-cffi, python-hypothesis, python-packaging, python-readthedocs-sphinx-ext, python-semver, python-sphinx_rtd_theme fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Enterprise versions of Visual Studio are now supported * Visual Studio 2019 is now supported * 32-bit binaries for Visual Studio 2010 are now provided * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) python-cffi: - Version update from 1.11.2 to 1.15.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fixed MANIFEST.in to include missing file for Windows arm64 support * Fixed Linux wheel build to use gcc default ISA for libffi * Updated setup.py Python trove specifiers to currently-tested Python versions * CPython 3.10 support (including wheels) * MacOS arm64 support (including wheels) * Initial Windows arm64 support * Misc. doc and test updates - Fix for using to proper void returning function not to corrupt memory in tests. (bsc#1111657) python-Django: - New package at version 2.0.7 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-hypothesis: - Version update from 3.40.1 to 3.76.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * This release deprecates using floats for min_size and max_size * The type hint for average_size arguments has been changed from Optional[int] to None, because non-None values are always ignored and deprecated. * Fix a broken link in a docstring * Deprecate the use of 'min_size=None', setting the mdefault min_size to 0 * Strategies are now fully constructed and validated before the timer is started * Fix some broken formatting and links in the documentation * Check that the value of the print_blob setting is a PrintSettings instance * Being able to specify a boolean value was not intended, and is now deprecated. In addition, specifying True will now cause the blob to always be printed, instead of causing it to be suppressed. * Specifying any value that is not a PrintSettings or a boolean is now an error * Changes the documentation for hypothesis.strategies.datetimes, hypothesis.strategies.dates, hypothesis.strategies.times to use the new parameter names min_value and max_value instead of the deprecated names * Ensure that Hypothesis deprecation warnings display the code that emitted them when you???re not running in -Werror mode * For the full list of changes please consult the changelog at https://hypothesis.readthedocs.io/en/latest/changes.html#v3-76-0 python-packaging: - Version update from 16.8 to 21.3 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Fix testsuite on big-endian targets * Ignore python3.6.2 since the test doesn't support it * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake * Work around dependency generator issues (bsc#1186870) * Remove dependency on attrs (bsc#1144506) * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5. * Replace distutils usage with sysconfig * Add support for zip files in `parse_sdist_filename` * Use cached `_hash` attribute to short-circuit tag equality comparisons * Specify the default value for the `specifier` argument to `SpecifierSet` * Proper keyword-only "warn" argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for `Version.post`` and `Version.dev` * Use typing alias `UnparsedVersion`` * Improve type inference for `packaging.specifiers.filter()` * Tighten the return type of `canonicalize_version()` * For the full list of changes please consult the packaged CHANGELOG file python-PyNaCl: - Version update from 1.2.1 to 1.4.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add dependency requirement to python-six, needed by the testsuite * Update `libsodium` to 1.0.18. * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit `manylinux1` wheels. Continuing to produce them was a maintenance burden. * Added support for Python 3.8, and removed support for Python 3.4. * Add low level bindings for extracting the seed and the public key from crypto_sign_ed25519 secret key * Add low level bindings for deterministic random generation. * Add `wheel` and `setuptools` setup_requirements in `setup.py` * Fix checks on very slow builders (#481, #495) * Add low-level bindings to ed25519 arithmetic functions * Update low-level blake2b state implementation * Fix wrong short-input behavior of SealedBox.decrypt() * Raise CryptPrefixError exception instead of InvalidkeyError when trying to check a password against a verifier stored in a unknown format * Add support for minimal builds of libsodium. Trying to call functions not available in a minimal build will raise an UnavailableError exception. To compile a minimal build of the bundled libsodium, set the SODIUM_INSTALL_MINIMAL environment variable to any non-empty string (e.g. `SODIUM_INSTALL_MINIMAL=1`) for setup. python-semver: - New package at version 2.13.0 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) python-sphinx_rtd_theme: - Version update from 0.2.4 to 0.5.1 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Add github, gitlab, bitbucket page arguments option * Add html language attribute * Add language to the JS output variable * Add open list spacing * Add option to style external links * Add pygments support * Add setuptools entry point allowing to use sphinx_rtd_theme as Sphinx html_theme directly. * Add Sphinx as a dependency * Allow setting 'rel' and 'title' attributes for stylesheets * Changed code and literals to use a native font stack * Color accessibility improvements on the left navigation * Compress our Javascript files * Do not rely on readthedocs.org for CSS/JS * Fix line height adjustments for Liberation Mono * Fix line number spacing to align with the code lines * Fix many sidebar glitches * Fix many styling issues * Fix mkdocs version selector * Fix small styling issues * Fix some HTML warnings and errors * Fix table centering * Hide Edit links on auto created pages * Include missing font files with the theme * Updated dependencies * Write theme version and build date at top of JavaScript and CSS Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4491=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4491=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4491=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-4491=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4491=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4491=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4491=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4491=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4491=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4491=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4491=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4491=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libsodium-debugsource-1.0.18-150000.4.6.1 libsodium23-1.0.18-150000.4.6.1 libsodium23-debuginfo-1.0.18-150000.4.6.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsodium-debugsource-1.0.18-150000.4.6.1 libsodium-devel-1.0.18-150000.4.6.1 libsodium23-1.0.18-150000.4.6.1 libsodium23-debuginfo-1.0.18-150000.4.6.1 python-PyNaCl-debuginfo-1.4.0-150000.3.6.6 python-PyNaCl-debugsource-1.4.0-150000.3.6.6 python3-PyNaCl-1.4.0-150000.3.6.6 python3-PyNaCl-debuginfo-1.4.0-150000.3.6.6 - openSUSE Leap 15.4 (noarch): python3-sphinx_rtd_theme-0.5.1-150000.3.5.1 - openSUSE Leap 15.4 (x86_64): libsodium23-32bit-1.0.18-150000.4.6.1 libsodium23-32bit-debuginfo-1.0.18-150000.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsodium-debugsource-1.0.18-150000.4.6.1 libsodium-devel-1.0.18-150000.4.6.1 libsodium23-1.0.18-150000.4.6.1 libsodium23-debuginfo-1.0.18-150000.4.6.1 python-PyNaCl-debuginfo-1.4.0-150000.3.6.6 python-PyNaCl-debugsource-1.4.0-150000.3.6.6 python2-PyNaCl-1.4.0-150000.3.6.6 python2-PyNaCl-debuginfo-1.4.0-150000.3.6.6 python3-PyNaCl-1.4.0-150000.3.6.6 python3-PyNaCl-debuginfo-1.4.0-150000.3.6.6 - openSUSE Leap 15.3 (noarch): python2-hypothesis-3.76.0-150000.3.3.1 python2-sphinx_rtd_theme-0.5.1-150000.3.5.1 python3-hypothesis-3.76.0-150000.3.3.1 python3-sphinx_rtd_theme-0.5.1-150000.3.5.1 - openSUSE Leap 15.3 (x86_64): libsodium23-32bit-1.0.18-150000.4.6.1 libsodium23-32bit-debuginfo-1.0.18-150000.4.6.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-PyNaCl-debuginfo-1.4.0-150000.3.6.6 python-PyNaCl-debugsource-1.4.0-150000.3.6.6 python2-PyNaCl-1.4.0-150000.3.6.6 python2-PyNaCl-debuginfo-1.4.0-150000.3.6.6 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-sphinx_rtd_theme-0.5.1-150000.3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-sphinx_rtd_theme-0.5.1-150000.3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-sphinx_rtd_theme-0.5.1-150000.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsodium-debugsource-1.0.18-150000.4.6.1 libsodium-devel-1.0.18-150000.4.6.1 libsodium23-1.0.18-150000.4.6.1 libsodium23-debuginfo-1.0.18-150000.4.6.1 python-PyNaCl-debuginfo-1.4.0-150000.3.6.6 python-PyNaCl-debugsource-1.4.0-150000.3.6.6 python3-PyNaCl-1.4.0-150000.3.6.6 python3-PyNaCl-debuginfo-1.4.0-150000.3.6.6 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libsodium23-32bit-1.0.18-150000.4.6.1 libsodium23-32bit-debuginfo-1.0.18-150000.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-sphinx_rtd_theme-0.5.1-150000.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsodium-debugsource-1.0.18-150000.4.6.1 libsodium-devel-1.0.18-150000.4.6.1 libsodium23-1.0.18-150000.4.6.1 libsodium23-debuginfo-1.0.18-150000.4.6.1 python-PyNaCl-debuginfo-1.4.0-150000.3.6.6 python-PyNaCl-debugsource-1.4.0-150000.3.6.6 python3-PyNaCl-1.4.0-150000.3.6.6 python3-PyNaCl-debuginfo-1.4.0-150000.3.6.6 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-sphinx_rtd_theme-0.5.1-150000.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsodium23-32bit-1.0.18-150000.4.6.1 libsodium23-32bit-debuginfo-1.0.18-150000.4.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsodium-debugsource-1.0.18-150000.4.6.1 libsodium23-1.0.18-150000.4.6.1 libsodium23-debuginfo-1.0.18-150000.4.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsodium-debugsource-1.0.18-150000.4.6.1 libsodium23-1.0.18-150000.4.6.1 libsodium23-debuginfo-1.0.18-150000.4.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsodium-debugsource-1.0.18-150000.4.6.1 libsodium23-1.0.18-150000.4.6.1 libsodium23-debuginfo-1.0.18-150000.4.6.1 References: https://bugzilla.suse.com/1111657 https://bugzilla.suse.com/1144506 https://bugzilla.suse.com/1148184 https://bugzilla.suse.com/1186870 https://bugzilla.suse.com/1199282 From sle-updates at lists.suse.com Wed Dec 14 17:23:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:23:29 +0100 (CET) Subject: SUSE-SU-2022:4485-1: important: Security update for xorg-x11-server Message-ID: <20221214172329.B5032FD2D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4485-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4485=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4485=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.57.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.57.1 xorg-x11-server-debugsource-7.6_1.18.3-76.57.1 xorg-x11-server-extra-7.6_1.18.3-76.57.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.57.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.57.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.57.1 xorg-x11-server-debugsource-7.6_1.18.3-76.57.1 xorg-x11-server-extra-7.6_1.18.3-76.57.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.57.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017 From sle-updates at lists.suse.com Wed Dec 14 17:24:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:24:37 +0100 (CET) Subject: SUSE-SU-2022:4483-1: important: Security update for xorg-x11-server Message-ID: <20221214172437.C1FEFFD2D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4483-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4483=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4483=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.19.6-10.40.1 xorg-x11-server-debugsource-1.19.6-10.40.1 xorg-x11-server-sdk-1.19.6-10.40.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-10.40.1 xorg-x11-server-debuginfo-1.19.6-10.40.1 xorg-x11-server-debugsource-1.19.6-10.40.1 xorg-x11-server-extra-1.19.6-10.40.1 xorg-x11-server-extra-debuginfo-1.19.6-10.40.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017 From sle-updates at lists.suse.com Wed Dec 14 17:25:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:25:52 +0100 (CET) Subject: SUSE-RU-2022:4492-1: moderate: Recommended update for mozilla-nss Message-ID: <20221214172552.14D0BFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4492-1 Rating: moderate References: #1191546 #1198980 #1201298 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4492=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4492=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4492=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4492=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libfreebl3-3.79.2-150400.3.18.1 libfreebl3-debuginfo-3.79.2-150400.3.18.1 libfreebl3-hmac-3.79.2-150400.3.18.1 libsoftokn3-3.79.2-150400.3.18.1 libsoftokn3-debuginfo-3.79.2-150400.3.18.1 libsoftokn3-hmac-3.79.2-150400.3.18.1 mozilla-nss-3.79.2-150400.3.18.1 mozilla-nss-certs-3.79.2-150400.3.18.1 mozilla-nss-certs-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-debugsource-3.79.2-150400.3.18.1 mozilla-nss-tools-3.79.2-150400.3.18.1 mozilla-nss-tools-debuginfo-3.79.2-150400.3.18.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-150400.3.18.1 libfreebl3-debuginfo-3.79.2-150400.3.18.1 libfreebl3-hmac-3.79.2-150400.3.18.1 libsoftokn3-3.79.2-150400.3.18.1 libsoftokn3-debuginfo-3.79.2-150400.3.18.1 libsoftokn3-hmac-3.79.2-150400.3.18.1 mozilla-nss-3.79.2-150400.3.18.1 mozilla-nss-certs-3.79.2-150400.3.18.1 mozilla-nss-certs-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-debugsource-3.79.2-150400.3.18.1 mozilla-nss-devel-3.79.2-150400.3.18.1 mozilla-nss-sysinit-3.79.2-150400.3.18.1 mozilla-nss-sysinit-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-tools-3.79.2-150400.3.18.1 mozilla-nss-tools-debuginfo-3.79.2-150400.3.18.1 - openSUSE Leap 15.4 (x86_64): libfreebl3-32bit-3.79.2-150400.3.18.1 libfreebl3-32bit-debuginfo-3.79.2-150400.3.18.1 libfreebl3-hmac-32bit-3.79.2-150400.3.18.1 libsoftokn3-32bit-3.79.2-150400.3.18.1 libsoftokn3-32bit-debuginfo-3.79.2-150400.3.18.1 libsoftokn3-hmac-32bit-3.79.2-150400.3.18.1 mozilla-nss-32bit-3.79.2-150400.3.18.1 mozilla-nss-32bit-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-certs-32bit-3.79.2-150400.3.18.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-sysinit-32bit-3.79.2-150400.3.18.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.2-150400.3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.2-150400.3.18.1 libfreebl3-debuginfo-3.79.2-150400.3.18.1 libfreebl3-hmac-3.79.2-150400.3.18.1 libsoftokn3-3.79.2-150400.3.18.1 libsoftokn3-debuginfo-3.79.2-150400.3.18.1 libsoftokn3-hmac-3.79.2-150400.3.18.1 mozilla-nss-3.79.2-150400.3.18.1 mozilla-nss-certs-3.79.2-150400.3.18.1 mozilla-nss-certs-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-debugsource-3.79.2-150400.3.18.1 mozilla-nss-devel-3.79.2-150400.3.18.1 mozilla-nss-sysinit-3.79.2-150400.3.18.1 mozilla-nss-sysinit-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-tools-3.79.2-150400.3.18.1 mozilla-nss-tools-debuginfo-3.79.2-150400.3.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libfreebl3-32bit-3.79.2-150400.3.18.1 libfreebl3-32bit-debuginfo-3.79.2-150400.3.18.1 libfreebl3-hmac-32bit-3.79.2-150400.3.18.1 libsoftokn3-32bit-3.79.2-150400.3.18.1 libsoftokn3-32bit-debuginfo-3.79.2-150400.3.18.1 libsoftokn3-hmac-32bit-3.79.2-150400.3.18.1 mozilla-nss-32bit-3.79.2-150400.3.18.1 mozilla-nss-32bit-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-certs-32bit-3.79.2-150400.3.18.1 mozilla-nss-certs-32bit-debuginfo-3.79.2-150400.3.18.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libfreebl3-3.79.2-150400.3.18.1 libfreebl3-debuginfo-3.79.2-150400.3.18.1 libfreebl3-hmac-3.79.2-150400.3.18.1 libsoftokn3-3.79.2-150400.3.18.1 libsoftokn3-debuginfo-3.79.2-150400.3.18.1 libsoftokn3-hmac-3.79.2-150400.3.18.1 mozilla-nss-3.79.2-150400.3.18.1 mozilla-nss-certs-3.79.2-150400.3.18.1 mozilla-nss-certs-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-debuginfo-3.79.2-150400.3.18.1 mozilla-nss-debugsource-3.79.2-150400.3.18.1 mozilla-nss-tools-3.79.2-150400.3.18.1 mozilla-nss-tools-debuginfo-3.79.2-150400.3.18.1 References: https://bugzilla.suse.com/1191546 https://bugzilla.suse.com/1198980 https://bugzilla.suse.com/1201298 From sle-updates at lists.suse.com Wed Dec 14 17:26:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:26:48 +0100 (CET) Subject: SUSE-SU-2022:4484-1: important: Security update for xorg-x11-server Message-ID: <20221214172648.9881DFD2D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4484-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4484=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4484=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4484=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4484=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xorg-x11-server-1.19.6-4.39.1 xorg-x11-server-debuginfo-1.19.6-4.39.1 xorg-x11-server-debugsource-1.19.6-4.39.1 xorg-x11-server-extra-1.19.6-4.39.1 xorg-x11-server-extra-debuginfo-1.19.6-4.39.1 - SUSE OpenStack Cloud 9 (x86_64): xorg-x11-server-1.19.6-4.39.1 xorg-x11-server-debuginfo-1.19.6-4.39.1 xorg-x11-server-debugsource-1.19.6-4.39.1 xorg-x11-server-extra-1.19.6-4.39.1 xorg-x11-server-extra-debuginfo-1.19.6-4.39.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): xorg-x11-server-1.19.6-4.39.1 xorg-x11-server-debuginfo-1.19.6-4.39.1 xorg-x11-server-debugsource-1.19.6-4.39.1 xorg-x11-server-extra-1.19.6-4.39.1 xorg-x11-server-extra-debuginfo-1.19.6-4.39.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.19.6-4.39.1 xorg-x11-server-debuginfo-1.19.6-4.39.1 xorg-x11-server-debugsource-1.19.6-4.39.1 xorg-x11-server-extra-1.19.6-4.39.1 xorg-x11-server-extra-debuginfo-1.19.6-4.39.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017 From sle-updates at lists.suse.com Wed Dec 14 17:28:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:28:02 +0100 (CET) Subject: SUSE-SU-2022:4487-1: important: Security update for xwayland Message-ID: <20221214172802.4C755FD2D@maintenance.suse.de> SUSE Security Update: Security update for xwayland ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4487-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xwayland fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4487=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4487=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xwayland-21.1.4-150400.3.6.1 xwayland-debuginfo-21.1.4-150400.3.6.1 xwayland-debugsource-21.1.4-150400.3.6.1 xwayland-devel-21.1.4-150400.3.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xwayland-21.1.4-150400.3.6.1 xwayland-debuginfo-21.1.4-150400.3.6.1 xwayland-debugsource-21.1.4-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017 From sle-updates at lists.suse.com Wed Dec 14 17:29:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:29:34 +0100 (CET) Subject: SUSE-SU-2022:4480-1: important: Security update for xorg-x11-server Message-ID: <20221214172934.925ABFD2D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4480-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4480=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4480=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4480=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4480=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4480=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4480=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4480=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4480=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4480=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4480=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4480=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4480=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4480=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4480=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4480=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-wayland-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.63.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 xorg-x11-server-source-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.63.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Manager Proxy 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-1.20.3-150200.22.5.63.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.63.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-1.20.3-150200.22.5.63.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.63.1 xorg-x11-server-sdk-1.20.3-150200.22.5.63.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017 From sle-updates at lists.suse.com Wed Dec 14 17:31:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:31:11 +0100 (CET) Subject: SUSE-RU-2022:4490-1: moderate: Recommended update for nvptx-tools Message-ID: <20221214173111.5068DFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for nvptx-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4490-1 Rating: moderate References: SLE-25047 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for nvptx-tools fixes the following issues: Update nvptx-tools, which deals with CUDA 11 dropping support for NVIDIA Kepler sm_30 and sm_32 Package nvptx-none-run and nvptx-none-run-single tools. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Toolchain 12: zypper in -t patch SUSE-SLE-Module-Toolchain-12-2022-4490=1 Package List: - SUSE Linux Enterprise Module for Toolchain 12 (aarch64 x86_64): nvptx-tools-1.0-8.1 nvptx-tools-debuginfo-1.0-8.1 nvptx-tools-debugsource-1.0-8.1 References: From sle-updates at lists.suse.com Wed Dec 14 17:31:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:31:52 +0100 (CET) Subject: SUSE-SU-2022:4479-1: important: Security update for xorg-x11-server Message-ID: <20221214173152.4CD0AFD2D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4479-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4479=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4479=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4479=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.13.1 xorg-x11-server-debuginfo-1.20.3-150400.38.13.1 xorg-x11-server-debugsource-1.20.3-150400.38.13.1 xorg-x11-server-extra-1.20.3-150400.38.13.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.13.1 xorg-x11-server-sdk-1.20.3-150400.38.13.1 xorg-x11-server-source-1.20.3-150400.38.13.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150400.38.13.1 xorg-x11-server-debugsource-1.20.3-150400.38.13.1 xorg-x11-server-sdk-1.20.3-150400.38.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150400.38.13.1 xorg-x11-server-debuginfo-1.20.3-150400.38.13.1 xorg-x11-server-debugsource-1.20.3-150400.38.13.1 xorg-x11-server-extra-1.20.3-150400.38.13.1 xorg-x11-server-extra-debuginfo-1.20.3-150400.38.13.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017 From sle-updates at lists.suse.com Wed Dec 14 17:33:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:33:36 +0100 (CET) Subject: SUSE-SU-2022:4488-1: moderate: Security update for apache2-mod_wsgi Message-ID: <20221214173336.BC646FD2D@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_wsgi ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4488-1 Rating: moderate References: #1201634 Cross-References: CVE-2022-2255 CVSS scores: CVE-2022-2255 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-2255 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for apache2-mod_wsgi fixes the following issues: - CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4488=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4488=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4488=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4488=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-4488=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-4488=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-4488=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4488=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4488=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4488=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-python3-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-python3-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): apache2-mod_wsgi-4.5.18-150000.4.6.1 apache2-mod_wsgi-debuginfo-4.5.18-150000.4.6.1 apache2-mod_wsgi-debugsource-4.5.18-150000.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-2255.html https://bugzilla.suse.com/1201634 From sle-updates at lists.suse.com Wed Dec 14 17:34:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:34:44 +0100 (CET) Subject: SUSE-SU-2022:4482-1: important: Security update for xorg-x11-server Message-ID: <20221214173444.6855FFD2D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4482-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4482=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4482=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4482=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4482=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): xorg-x11-server-1.19.6-150000.8.47.1 xorg-x11-server-debuginfo-1.19.6-150000.8.47.1 xorg-x11-server-debugsource-1.19.6-150000.8.47.1 xorg-x11-server-extra-1.19.6-150000.8.47.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.47.1 xorg-x11-server-sdk-1.19.6-150000.8.47.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): xorg-x11-server-1.19.6-150000.8.47.1 xorg-x11-server-debuginfo-1.19.6-150000.8.47.1 xorg-x11-server-debugsource-1.19.6-150000.8.47.1 xorg-x11-server-extra-1.19.6-150000.8.47.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.47.1 xorg-x11-server-sdk-1.19.6-150000.8.47.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): xorg-x11-server-1.19.6-150000.8.47.1 xorg-x11-server-debuginfo-1.19.6-150000.8.47.1 xorg-x11-server-debugsource-1.19.6-150000.8.47.1 xorg-x11-server-extra-1.19.6-150000.8.47.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.47.1 xorg-x11-server-sdk-1.19.6-150000.8.47.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): xorg-x11-server-1.19.6-150000.8.47.1 xorg-x11-server-debuginfo-1.19.6-150000.8.47.1 xorg-x11-server-debugsource-1.19.6-150000.8.47.1 xorg-x11-server-extra-1.19.6-150000.8.47.1 xorg-x11-server-extra-debuginfo-1.19.6-150000.8.47.1 xorg-x11-server-sdk-1.19.6-150000.8.47.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017 From sle-updates at lists.suse.com Wed Dec 14 17:36:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:36:02 +0100 (CET) Subject: SUSE-RU-2022:4489-1: moderate: Recommended update for keepalived Message-ID: <20221214173602.50FD8FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for keepalived ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4489-1 Rating: moderate References: PED-2086 SLE-11203 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update of keepalived fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). - rebuild against the new libipset (jsc#PED-2086). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4489=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4489=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4489=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4489=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): keepalived-2.2.2-150400.3.7.2 keepalived-debuginfo-2.2.2-150400.3.7.2 keepalived-debugsource-2.2.2-150400.3.7.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): keepalived-2.2.2-150400.3.7.2 keepalived-debuginfo-2.2.2-150400.3.7.2 keepalived-debugsource-2.2.2-150400.3.7.2 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): keepalived-2.2.2-150400.3.7.2 keepalived-debuginfo-2.2.2-150400.3.7.2 keepalived-debugsource-2.2.2-150400.3.7.2 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): keepalived-2.2.2-150400.3.7.2 keepalived-debuginfo-2.2.2-150400.3.7.2 keepalived-debugsource-2.2.2-150400.3.7.2 References: From sle-updates at lists.suse.com Wed Dec 14 17:36:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:36:51 +0100 (CET) Subject: SUSE-SU-2022:4481-1: important: Security update for xorg-x11-server Message-ID: <20221214173651.098DFFD2D@maintenance.suse.de> SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4481-1 Rating: important References: #1205874 #1205875 #1205876 #1205877 #1205878 #1205879 #1206017 Cross-References: CVE-2022-4283 CVE-2022-46340 CVE-2022-46341 CVE-2022-46342 CVE-2022-46343 CVE-2022-46344 CVSS scores: CVE-2022-4283 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46340 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46341 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-46342 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-46343 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-46344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2022-46340: Server XTestSwapFakeInput stack overflow (bsc#1205874) - CVE-2022-46341: Server XIPassiveUngrabDevice out-of-bounds access (bsc#1205877) - CVE-2022-46342: Server XvdiSelectVideoNotify use-after-free (bsc#1205879) - CVE-2022-46343: Server ScreenSaverSetAttributes use-after-free (bsc#1205878) - CVE-2022-46344: Server XIChangeProperty out-of-bounds access (bsc#1205876) - CVE-2022-4283: Reset the radio_groups pointer to NULL after freeing it (bsc#1206017) - Xi: return an error from XI property changes if verification failed (bsc#1205875) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4481=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4481=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4481=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4481=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4481=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4481=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): xorg-x11-server-1.20.3-150100.14.5.33.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-sdk-1.20.3-150100.14.5.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150100.14.5.33.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-sdk-1.20.3-150100.14.5.33.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): xorg-x11-server-1.20.3-150100.14.5.33.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-sdk-1.20.3-150100.14.5.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.33.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-sdk-1.20.3-150100.14.5.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.33.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-sdk-1.20.3-150100.14.5.33.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): xorg-x11-server-1.20.3-150100.14.5.33.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-sdk-1.20.3-150100.14.5.33.1 - SUSE CaaS Platform 4.0 (x86_64): xorg-x11-server-1.20.3-150100.14.5.33.1 xorg-x11-server-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-debugsource-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-1.20.3-150100.14.5.33.1 xorg-x11-server-extra-debuginfo-1.20.3-150100.14.5.33.1 xorg-x11-server-sdk-1.20.3-150100.14.5.33.1 References: https://www.suse.com/security/cve/CVE-2022-4283.html https://www.suse.com/security/cve/CVE-2022-46340.html https://www.suse.com/security/cve/CVE-2022-46341.html https://www.suse.com/security/cve/CVE-2022-46342.html https://www.suse.com/security/cve/CVE-2022-46343.html https://www.suse.com/security/cve/CVE-2022-46344.html https://bugzilla.suse.com/1205874 https://bugzilla.suse.com/1205875 https://bugzilla.suse.com/1205876 https://bugzilla.suse.com/1205877 https://bugzilla.suse.com/1205878 https://bugzilla.suse.com/1205879 https://bugzilla.suse.com/1206017 From sle-updates at lists.suse.com Wed Dec 14 17:38:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Dec 2022 18:38:07 +0100 (CET) Subject: SUSE-RU-2022:4493-1: moderate: Recommended update for libsass Message-ID: <20221214173807.C3D93FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsass ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4493-1 Rating: moderate References: #1201074 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libsass fixes the following issues: - Update libsass to fix Greybird Geeko theme build failures (bsc#1201074) - Update version to 3.6.5 (bsc#1201074): * Fix extend edge case going endlessly * Fix source-maps and how we count unicode characters * Fix seed generator if std::random_device fails * Fix url() containing exclamation mark causing an error * Fix Offset initialization when end was not given * Fix obvious backporting error in pseudo extend * Fix obvious identical subexpressions in op_color_number * Fix edge case regarding unit-less number equality as object keys * Revert compound re-ordering for non extended selectors * Prevent compiler warning about unnecessary copy - Update version to 3.6.4 * Fix parenthesization for selector schema and real parents * Add deprecation warning for global variable creation * Ensure correct output order of compound selectors * Handle loaded source code as shared objects * New custom memory allocator - disabled for now * Add back C-API getters for plugin paths * Fix abspath handling on windows without directory * Fix various edge case crashes * Fix segfault on directive ruleset * Fix heap-buffer-overflow in lexer * Fix stack-overflow in parser * Fix memory leak in parser * Fix memory leak in evaluation * Fix memory handling edge case * Fix some null pointer access crashes * Preparations for ongoing refactoring - from v3.6.3 * Fix compound extend warning * Fix extend being stuck in endless loop * Fix various edge-case segfault crashes * Extend error_src lifetime on c-api context * Fix memory leak in permutation function * Preserve indentation in nested mode - from v3.6.2 * Improve pseudo selector handling * Code improvements * Fix various functions arguments * Fix "call" for $function * Check weight argument on invert call * Improve makefile to use dylib extension on MacOS * Fix bug in scale-color with positive saturation * Minor API documentation improvements * Fix selector isInvisible logic * Fix evaluation of unary expressions in loops * Fix attribute selector equality with modifiers Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4493=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4493=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsass-debugsource-3.6.5-150200.4.3.1 libsass-devel-3.6.5-150200.4.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsass-debugsource-3.6.5-150200.4.3.1 libsass-devel-3.6.5-150200.4.3.1 References: https://bugzilla.suse.com/1201074 From sle-updates at lists.suse.com Thu Dec 15 08:26:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 09:26:48 +0100 (CET) Subject: SUSE-CU-2022:3383-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20221215082648.10012FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3383-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.54 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.54 Severity : important Type : recommended References : 1197998 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) The following package changes have been done: - sudo-1.9.9-150400.4.9.1 updated From sle-updates at lists.suse.com Thu Dec 15 08:27:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 09:27:05 +0100 (CET) Subject: SUSE-CU-2022:3384-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20221215082705.E806CFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3384-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.18 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.18 Severity : important Type : recommended References : 1197998 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) The following package changes have been done: - sudo-1.9.9-150400.4.9.1 updated From sle-updates at lists.suse.com Thu Dec 15 08:29:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 09:29:58 +0100 (CET) Subject: SUSE-CU-2022:3385-1: Security update of bci/golang Message-ID: <20221215082958.35725FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3385-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-18.52 Container Release : 18.52 Severity : moderate Type : security References : 1193742 1206134 1206135 CVE-2022-41717 CVE-2022-41720 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4398-1 Released: Fri Dec 9 15:59:41 2022 Summary: Security update for go1.18 Type: security Severity: moderate References: 1193742,1206134,1206135,CVE-2022-41717,CVE-2022-41720 This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135) - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134) The following package changes have been done: - go1.18-1.18.9-150000.1.40.1 updated - container:sles15-image-15.0.0-27.14.23 updated From sle-updates at lists.suse.com Thu Dec 15 08:31:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 09:31:37 +0100 (CET) Subject: SUSE-CU-2022:3386-1: Security update of bci/golang Message-ID: <20221215083137.3DA7AFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3386-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-18.50 , bci/golang:latest Container Release : 18.50 Severity : moderate Type : security References : 1200441 1206134 1206135 CVE-2022-41717 CVE-2022-41720 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4397-1 Released: Fri Dec 9 15:59:23 2022 Summary: Security update for go1.19 Type: security Severity: moderate References: 1200441,1206134,1206135,CVE-2022-41717,CVE-2022-41720 This update for go1.19 fixes the following issues: Update to version 1.19.4, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries (bsc#1206135). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). The following package changes have been done: - go1.19-1.19.4-150000.1.18.1 updated - container:sles15-image-15.0.0-27.14.23 updated From sle-updates at lists.suse.com Thu Dec 15 08:33:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 09:33:20 +0100 (CET) Subject: SUSE-CU-2022:3387-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20221215083320.3319AFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3387-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.331 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.331 Severity : important Type : recommended References : 1197998 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4470-1 Released: Wed Dec 14 06:05:48 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) The following package changes have been done: - sudo-1.9.5p2-150300.3.16.1 updated From sle-updates at lists.suse.com Thu Dec 15 08:41:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 09:41:28 +0100 (CET) Subject: SUSE-CU-2022:3389-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20221215084128.D08BFFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3389-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.152 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.152 Severity : important Type : recommended References : 1197998 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4470-1 Released: Wed Dec 14 06:05:48 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) The following package changes have been done: - sudo-1.9.5p2-150300.3.16.1 updated From sle-updates at lists.suse.com Thu Dec 15 17:20:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 18:20:46 +0100 (CET) Subject: SUSE-RU-2022:4499-1: moderate: Recommended update for openssh Message-ID: <20221215172046.D996CFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4499-1 Rating: moderate References: #1179465 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4499=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4499=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4499=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4499=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4499=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4499=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4499=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4499=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4499=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4499=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4499=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4499=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): openssh-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-clients-debuginfo-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-common-debuginfo-8.4p1-150300.3.15.4 openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssh-server-debuginfo-8.4p1-150300.3.15.4 - openSUSE Leap Micro 5.2 (aarch64 x86_64): openssh-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-clients-debuginfo-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-common-debuginfo-8.4p1-150300.3.15.4 openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssh-server-debuginfo-8.4p1-150300.3.15.4 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-150300.3.15.4 openssh-askpass-gnome-8.4p1-150300.3.15.2 openssh-askpass-gnome-debuginfo-8.4p1-150300.3.15.2 openssh-askpass-gnome-debugsource-8.4p1-150300.3.15.2 openssh-cavs-8.4p1-150300.3.15.4 openssh-cavs-debuginfo-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-clients-debuginfo-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-common-debuginfo-8.4p1-150300.3.15.4 openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 openssh-helpers-8.4p1-150300.3.15.4 openssh-helpers-debuginfo-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssh-server-debuginfo-8.4p1-150300.3.15.4 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-150300.3.15.4 openssh-askpass-gnome-8.4p1-150300.3.15.2 openssh-askpass-gnome-debuginfo-8.4p1-150300.3.15.2 openssh-askpass-gnome-debugsource-8.4p1-150300.3.15.2 openssh-cavs-8.4p1-150300.3.15.4 openssh-cavs-debuginfo-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-clients-debuginfo-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-common-debuginfo-8.4p1-150300.3.15.4 openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 openssh-helpers-8.4p1-150300.3.15.4 openssh-helpers-debuginfo-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssh-server-debuginfo-8.4p1-150300.3.15.4 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-8.4p1-150300.3.15.2 openssh-askpass-gnome-debuginfo-8.4p1-150300.3.15.2 openssh-askpass-gnome-debugsource-8.4p1-150300.3.15.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-askpass-gnome-8.4p1-150300.3.15.2 openssh-askpass-gnome-debuginfo-8.4p1-150300.3.15.2 openssh-askpass-gnome-debugsource-8.4p1-150300.3.15.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-clients-debuginfo-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-common-debuginfo-8.4p1-150300.3.15.4 openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 openssh-helpers-8.4p1-150300.3.15.4 openssh-helpers-debuginfo-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssh-server-debuginfo-8.4p1-150300.3.15.4 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): openssh-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-clients-debuginfo-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-common-debuginfo-8.4p1-150300.3.15.4 openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 openssh-helpers-8.4p1-150300.3.15.4 openssh-helpers-debuginfo-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssh-server-debuginfo-8.4p1-150300.3.15.4 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): openssh-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-clients-debuginfo-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-common-debuginfo-8.4p1-150300.3.15.4 openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssh-server-debuginfo-8.4p1-150300.3.15.4 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): openssh-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-clients-debuginfo-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-common-debuginfo-8.4p1-150300.3.15.4 openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssh-server-debuginfo-8.4p1-150300.3.15.4 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): openssh-8.4p1-150300.3.15.4 openssh-clients-8.4p1-150300.3.15.4 openssh-clients-debuginfo-8.4p1-150300.3.15.4 openssh-common-8.4p1-150300.3.15.4 openssh-common-debuginfo-8.4p1-150300.3.15.4 openssh-debuginfo-8.4p1-150300.3.15.4 openssh-debugsource-8.4p1-150300.3.15.4 openssh-fips-8.4p1-150300.3.15.4 openssh-server-8.4p1-150300.3.15.4 openssh-server-debuginfo-8.4p1-150300.3.15.4 References: https://bugzilla.suse.com/1179465 From sle-updates at lists.suse.com Thu Dec 15 17:21:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 18:21:50 +0100 (CET) Subject: SUSE-FU-2022:4496-1: moderate: Feature update for SCA patterns Message-ID: <20221215172150.1014FFD2D@maintenance.suse.de> SUSE Feature Update: Feature update for SCA patterns ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4496-1 Rating: moderate References: #1045605 #1124793 #1131489 #1138452 #1144162 #1152800 #1154768 #1154824 #1155181 #1155990 #1156353 #1157778 #1158890 #1159356 #1159891 #1162119 #1163403 #1163508 #1164692 #1167689 #1175623 #1176021 #1176140 #1176375 #1176579 #1177369 #1177753 #1179170 #1180894 #1182194 #1182905 #1182917 #1183405 #1183464 #1184594 #1185357 #1185593 #1185594 #1185684 #1185758 #1185857 #1186034 #1186312 #1186316 #1186317 #1186420 #1186442 #1186792 #1187194 #1187508 #1187983 #1189394 #1189483 #1189889 #1190260 #1190460 #1191005 #1191199 #1193878 #1196730 #1196873 SLE-21579 SLE-24335 SLE-25064 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 7 vulnerabilities, contains three features and has 54 fixes is now available. Description: This update for SCA patterns fixes the following issues: sca-patterns-base: - Version update from 1.3.1 to 1.5.0 to implement the conversion of SCA Tool to Python3 (jsc#SLE-25064, jsc#SLE-24335): * Convert SCA Tool from Python2 to Python3 (bsc#1191005, SLE-21579) * Added Core.loadFullFile for sectionless parsing (bsc#1187194) * Added SUSE.getNetworkInterfaces (bsc#1144162) * Changed required dependencies from python to python3-base (bsc#1191199) * Fix SUSE.getFileSystems invalid index error (bsc#1185594) * Fix SUSE.getFileSystems unbound local SWAP variable (bsc#1185593) * Removed Novell/OES references from libraries (bsc#1186034) * Updated documentation for SUSE.compareKernel * Updated kernel version constants for all SUSE libraries (bsc#1189483) sca-patterns-hae: - Version update from 1.3.1 to 1.5.1 to implement the conversion of SCA Tool to Python3 (jsc#SLE-25064, jsc#SLE-24335): * Convert SCA Tool from Python2 to Python3 (bsc#1191005, SLE-21579) * Added distribution and service pack subdirectories (bsc#1193878) * False positive hit from /usr/lib/sca/patterns/HAE/stonith-00002.pl (bsc#1124793) * HAE Policies Quorum 2 node cluster requires ignore policy (bsc#1167689) * supportconfig indicates IPv6 required by HAE, is already enabled (bsc#1045605) sca-patterns-suma: - Version update from 1.0 to 1.5.1 to implement the conversion of SCA Tool to Python3 (jsc#SLE-25064, jsc#SLE-24335): * Convert SCA Tool from Python2 to Python3 (bsc#1191005, SLE-21579) sca-server-report: - Version update from 1.0.1 to 1.5.1 to implement the conversion of SCA Tool to Python3 (jsc#SLE-25064, jsc#SLE-24335): * Convert SCA Tool from Python2 to Python3 (bsc#1191005, SLE-21579) * Changed absolute paths to relative ones (bsc#1186316) * Changed required dependencies from python to python3-base (bsc#1191199) * Ensure that the legacy SuSE-release file works (bsc#1196730) * Fix sca report header supportconfig file (bsc#1186442) * Fix the report file output path (bsc#1180894) * Removed preprocessor elements for OES Filr eDir (bsc#1186420) sca-patterns-sle15: - Version update from 1.0.1 to 1.5.1 to implement the conversion of SCA Tool to Python3 (jsc#SLE-25064, jsc#SLE-24335): * Convert SCA Tool from Python2 to Python3 (bsc#1191005, SLE-21579) * Added Video link to coredumpctl-000018634.py * Added video links to patterns (bsc#1190460): * bhc-scc-expired.py, bhc-scc-registered.py, bhc-diskused-00001.pl, bhc-memused-00001.pl * Fixed crosstalk message strings (bsc#1186312) * Fixed field reference in sle15all/lvm-00003.pl * Fixed metadata tags in scc-registered.py * Fixed percent used calculation for bhc-memused-00001.pl (bsc#1189889) * Removed outdated TID2 link in bhc-diskused-00001.pl (bsc#1190260) * Requires Core library 1.3.3 which contains Core.logFullFile function * Updated registration link in bhc-scc-registered.py * Updated renewal link in bhc-scc-expired.py - New security announcement patterns: * Apr 2022 (13) for SUSE-SU-2022:1293-1 SUSE-SU-2022:1313-1 SUSE-SU-2022:1250-1 SUSE-SU-2022:1108-1 SUSE-SU-2022:1292-1 SUSE-SU-2022:1313-1 SUSE-SU-2022:1448-1 SUSE-SU-2022:1250-1 SUSE-SU-2022:1255-1 SUSE-SU-2022:1255-1 SUSE-SU-2022:1288-1 SUSE-SU-2022:1427-1 SUSE-SU-2022:1139-1 * Mar 2022 (48) for SUSE-SU-2022:1293-1 SUSE-SU-2022:1313-1 SUSE-SU-2022:1250-1 SUSE-SU-2022:1108-1 SUSE-SU-2022:1292-1 SUSE-SU-2022:1313-1 SUSE-SU-2022:1448-1 SUSE-SU-2022:1250-1 SUSE-SU-2022:1255-1 SUSE-SU-2022:1255-1 SUSE-SU-2022:1288-1 SUSE-SU-2022:1427-1 SUSE-SU-2022:1139-1 SUSE-SU-2022:0931-1 SUSE-SU-2022:0703-1 SUSE-SU-2022:0779-1 SUSE-SU-2022:0695-1 SUSE-SU-2022:0826-1 SUSE-SU-2022:0825-1 SUSE-SU-2022:1058-1 SUSE-SU-2022:0679-1 SUSE-SU-2022:0853-1 SUSE-SU-2022:0819-1 SUSE-SU-2022:0778-1 SUSE-SU-2022:0676-1 SUSE-SU-2022:0725-1 SUSE-SU-2022:0754-1 SUSE-SU-2022:0929-1 SUSE-SU-2022:0732-1 SUSE-SU-2022:0703-1 SUSE-SU-2022:0810-1 SUSE-SU-2022:0694-1 SUSE-SU-2022:0826-1 SUSE-SU-2022:0825-1 SUSE-SU-2022:1057-1 SUSE-SU-2022:0679-1 SUSE-SU-2022:0851-1 SUSE-SU-2022:1041-1 SUSE-SU-2022:0819-1 SUSE-SU-2022:0778-1 SUSE-SU-2022:0676-1 SUSE-SU-2022:0725-1 SUSE-SU-2022:0754-1 SUSE-SU-2022:0766-1 SUSE-SU-2022:0766-1 SUSE-SU-2022:0933-1 SUSE-SU-2022:0934-1 SUSE-SU-2022:0929-1 * Feb 2022 (60) for SUSE-SU-2022:1293-1 SUSE-SU-2022:1313-1 SUSE-SU-2022:1250-1 SUSE-SU-2022:1108-1 SUSE-SU-2022:1292-1 SUSE-SU-2022:1313-1 SUSE-SU-2022:1448-1 SUSE-SU-2022:1250-1 SUSE-SU-2022:1255-1 SUSE-SU-2022:1255-1 SUSE-SU-2022:1288-1 SUSE-SU-2022:1427-1 SUSE-SU-2022:1139-1 SUSE-SU-2022:0931-1 SUSE-SU-2022:0703-1 SUSE-SU-2022:0779-1 SUSE-SU-2022:0695-1 SUSE-SU-2022:0826-1 SUSE-SU-2022:0825-1 SUSE-SU-2022:1058-1 SUSE-SU-2022:0679-1 SUSE-SU-2022:0853-1 SUSE-SU-2022:0819-1 SUSE-SU-2022:0778-1 SUSE-SU-2022:0676-1 SUSE-SU-2022:0725-1 SUSE-SU-2022:0754-1 SUSE-SU-2022:0929-1 SUSE-SU-2022:0732-1 SUSE-SU-2022:0703-1 SUSE-SU-2022:0810-1 SUSE-SU-2022:0694-1 SUSE-SU-2022:0826-1 SUSE-SU-2022:0825-1 SUSE-SU-2022:1057-1 SUSE-SU-2022:0679-1 SUSE-SU-2022:0851-1 SUSE-SU-2022:1041-1 SUSE-SU-2022:0819-1 SUSE-SU-2022:0778-1 SUSE-SU-2022:0676-1 SUSE-SU-2022:0725-1 SUSE-SU-2022:0754-1 SUSE-SU-2022:0766-1 SUSE-SU-2022:0766-1 SUSE-SU-2022:0933-1 SUSE-SU-2022:0934-1 SUSE-SU-2022:0929-1 SUSE-SU-2022:0277-1 SUSE-SU-2022:0283-1 SUSE-SU-2022:0500-1 SUSE-SU-2022:0468-1 SUSE-SU-2022:0541-1 SUSE-SU-2022:0284-1 SUSE-SU-2022:0563-1 SUSE-SU-2022:0500-1 SUSE-SU-2022:0563-1 SUSE-SU-2022:0301-1 SUSE-SU-2022:0367-1 SUSE-SU-2022:0367-1 * Jan 2022 (92) for SUSE-SU-2022:1293-1 SUSE-SU-2022:1313-1 SUSE-SU-2022:1250-1 SUSE-SU-2022:1108-1 SUSE-SU-2022:1292-1 SUSE-SU-2022:1313-1 SUSE-SU-2022:1448-1 SUSE-SU-2022:1250-1 SUSE-SU-2022:1255-1 SUSE-SU-2022:1255-1 SUSE-SU-2022:1288-1 SUSE-SU-2022:1427-1 SUSE-SU-2022:1139-1 SUSE-SU-2022:0931-1 SUSE-SU-2022:0703-1 SUSE-SU-2022:0779-1 SUSE-SU-2022:0695-1 SUSE-SU-2022:0826-1 SUSE-SU-2022:0825-1 SUSE-SU-2022:1058-1 SUSE-SU-2022:0679-1 SUSE-SU-2022:0853-1 SUSE-SU-2022:0819-1 SUSE-SU-2022:0778-1 SUSE-SU-2022:0676-1 SUSE-SU-2022:0725-1 SUSE-SU-2022:0754-1 SUSE-SU-2022:0929-1 SUSE-SU-2022:0732-1 SUSE-SU-2022:0703-1 SUSE-SU-2022:0810-1 SUSE-SU-2022:0694-1 SUSE-SU-2022:0826-1 SUSE-SU-2022:0825-1 SUSE-SU-2022:1057-1 SUSE-SU-2022:0679-1 SUSE-SU-2022:0851-1 SUSE-SU-2022:1041-1 SUSE-SU-2022:0819-1 SUSE-SU-2022:0778-1 SUSE-SU-2022:0676-1 SUSE-SU-2022:0725-1 SUSE-SU-2022:0754-1 SUSE-SU-2022:0766-1 SUSE-SU-2022:0766-1 SUSE-SU-2022:0933-1 SUSE-SU-2022:0934-1 SUSE-SU-2022:0929-1 SUSE-SU-2022:0277-1 SUSE-SU-2022:0283-1 SUSE-SU-2022:0500-1 SUSE-SU-2022:0468-1 SUSE-SU-2022:0541-1 SUSE-SU-2022:0284-1 SUSE-SU-2022:0563-1 SUSE-SU-2022:0500-1 SUSE-SU-2022:0563-1 SUSE-SU-2022:0301-1 SUSE-SU-2022:0367-1 SUSE-SU-2022:0367-1 SUSE-SU-2022:0043-1 SUSE-SU-2022:0177-1 SUSE-SU-2022:0064-1 SUSE-SU-2022:0134-1 SUSE-SU-2022:0141-1 SUSE-SU-2022:0050-1 SUSE-SU-2022:0021-1 SUSE-SU-2022:0069-1 SUSE-SU-2022:0198-1 SUSE-SU-2022:0131-1 SUSE-SU-2022:0088-1 SUSE-SU-2022:0144-1 SUSE-SU-2022:0151-1 SUSE-SU-2022:0091-1 SUSE-SU-2022:0091-1 SUSE-SU-2022:0183-1 SUSE-SU-2022:0211-1 SUSE-SU-2022:0191-1 SUSE-SU-2022:0050-1 SUSE-SU-2022:0137-1 SUSE-SU-2022:0214-1 SUSE-SU-2022:0128-1 SUSE-SU-2022:0119-1 SUSE-SU-2022:0183-1 SUSE-SU-2022:0211-1 SUSE-SU-2022:0251-1 SUSE-SU-2022:0200-1 SUSE-SU-2022:0191-1 SUSE-SU-2022:0137-1 SUSE-SU-2022:0214-1 SUSE-SU-2022:0031-1 SUSE-SU-2022:0119-1 * Jul 2021 (20) for SUSE-SU-2021:2457-1 SUSE-SU-2021:2410-1 SUSE-SU-2021:2442-1 SUSE-SU-2021:2352-1 SUSE-SU-2021:1863-2 SUSE-SU-2021:2415-1 SUSE-SU-2021:2555-1 SUSE-SU-2021:2439-1 SUSE-SU-2021:2459-1 SUSE-SU-2021:2291-1 SUSE-SU-2021:2457-1 SUSE-SU-2021:2404-1 SUSE-SU-2021:2474-1 SUSE-SU-2021:2471-1 SUSE-SU-2021:2438-1 SUSE-SU-2021:2325-1 SUSE-SU-2021:2439-1 SUSE-SU-2021:2461-1 SUSE-SU-2021:2421-1 SUSE-SU-2021:2470-1 * Jun 2021 (46) for SUSE-SU-2021:2011-1 SUSE-SU-2021:1933-1 SUSE-SU-2021:1998-1 SUSE-SU-2021:2106-1 SUSE-SU-2021:1951-1 SUSE-SU-2021:2213-1 SUSE-SU-2021:1942-1 SUSE-SU-2021:2012-1 SUSE-SU-2021:1859-1 SUSE-SU-2021:1843-1 SUSE-SU-2021:1825-1 SUSE-SU-2021:2196-1 SUSE-SU-2021:1917-1 SUSE-SU-2021:1958-1 SUSE-SU-2021:2184-1 SUSE-SU-2021:1977-1 SUSE-SU-2021:1819-1 SUSE-SU-2021:1944-1 SUSE-SU-2021:1834-1 SUSE-SU-2021:1826-1 SUSE-SU-2021:2127-1 SUSE-SU-2021:2011-1 SUSE-SU-2021:1933-1 SUSE-SU-2021:1999-1 SUSE-SU-2021:2106-1 SUSE-SU-2021:2212-1 SUSE-SU-2021:1893-1 SUSE-SU-2021:1859-1 SUSE-SU-2021:1994-1 SUSE-SU-2021:1970-1 SUSE-SU-2021:1843-1 SUSE-SU-2021:2196-1 SUSE-SU-2021:1917-1 SUSE-SU-2021:1958-1 SUSE-SU-2021:1890-1 SUSE-SU-2021:1819-1 SUSE-SU-2021:1834-1 SUSE-SU-2021:2127-1 SUSE-SU-2021:1901-1 SUSE-SU-2021:1911-1 SUSE-SU-2021:2104-1 SUSE-SU-2021:1895-1 SUSE-SU-2021:2155-1 SUSE-SU-2021:2122-1 SUSE-SU-2021:2211-1 SUSE-SU-2021:1845-1 * May 2021 (39) for SUSE-SU-2021:1557-1 SUSE-SU-2021:1806-1 SUSE-SU-2021:1785-1 SUSE-SU-2021:1466-1 SUSE-SU-2021:1491-1 SUSE-SU-2021:1577-1 SUSE-SU-2021:1654-1 SUSE-SU-2021:1523-1 SUSE-SU-2021:1765-1 SUSE-SU-2021:1755-1 SUSE-SU-2021:1599-1 SUSE-SU-2021:1761-1 SUSE-SU-2021:1655-1 SUSE-SU-2021:1598-1 SUSE-SU-2021:1762-1 SUSE-SU-2021:1474-1 SUSE-SU-2021:1493-1 SUSE-SU-2021:1557-1 SUSE-SU-2021:1806-1 SUSE-SU-2021:1785-1 SUSE-SU-2021:1466-1 SUSE-SU-2021:1491-1 SUSE-SU-2021:1577-1 SUSE-SU-2021:1654-1 SUSE-SU-2021:1523-1 SUSE-SU-2021:1765-1 SUSE-SU-2021:1755-1 SUSE-SU-2021:1574-1 SUSE-SU-2021:1599-1 SUSE-SU-2021:1761-1 SUSE-SU-2021:1636-1 SUSE-SU-2021:1655-1 SUSE-SU-2021:1598-1 SUSE-SU-2021:1762-1 SUSE-SU-2021:1474-1 SUSE-SU-2021:1493-1 SUSE-SU-2021:1500-1 SUSE-SU-2021:1792-1 SUSE-SU-2021:1573-1 * May 2021 (30) for SUSE-SU-2021:1182-1 SUSE-SU-2021:1430-1 SUSE-SU-2021:1168-1 SUSE-SU-2021:1408-1 SUSE-SU-2021:1409-1 SUSE-SU-2021:1182-1 SUSE-SU-2021:1028-1 SUSE-SU-2021:1166-1 SUSE-SU-2021:1430-1 SUSE-SU-2021:1113-1 SUSE-SU-2021:1444-1 SUSE-SU-2021:1280-1 SUSE-SU-2021:1243-1 SUSE-SU-2021:1168-1 SUSE-SU-2021:1408-1 SUSE-SU-2021:1094-1 SUSE-SU-2021:1029-1 SUSE-SU-2021:1238-1 SUSE-SU-2021:1409-1 SUSE-SU-2021:1006-1 SUSE-SU-2021:1161-1 SUSE-SU-2021:1108-1 SUSE-SU-2021:1282-1 SUSE-SU-2021:1179-1 SUSE-SU-2021:1153-1 SUSE-SU-2021:1445-1 SUSE-SU-2021:1244-1 SUSE-SU-2021:1292-1 SUSE-SU-2021:1103-1 SUSE-SU-2021:1455-1 - New regular patterns: * sle15sp3/oldlvm-000019878.py, sle15sp2/oldlvm-000019878.py: Physical Volume is using an old PV header (bsc#1179170) * sle15sp3/intelpstate_153-000020273.py: Frequency scaling driver intel_pstate not loading on some Intel Xeon Scalable processors (bsc#1185758) * sle15sp3/dasdkvm-000020295.py: DASD partitions not recognized on SUSE Linux Enterprise 15 Service Pack 3 KVM guest * sle15sp2/rpmnfs-000020364.py, sle15sp3/rpmnfs-000020364.py: Upgrading an RPM reports cpio chmod failed (bsc#1189394) * sle15sp2/nfstimeout_152-000019943.py: Delayed outgoing packets causing NFS timeouts (bsc#1183405) * sle15sp2/mpiopmem-000019884.py: Executing multipath -ll on Optane memory based pmem devices returns HDIO_GETGEO failed with 25 (bsc#1182917) * sle15sp2/ipmitool-000020250.py: hanging on getting cipher suites (bsc#1185684) * sle15sp2/intelpstate_152-000020273.py: Frequency scaling driver intel_pstate not loading on some Intel Xeon Scalable processors (bsc#1185758) * sle15sp2/ghostcat_152-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle15sp2/fcoe-000019889.py: System with FCoE connected devices fails to boot randomly due to wicked ordering cycle problems (bsc#1176140) * sle15sp1/qlogic-000019630.py: System crashes when the system is rebooted with SR-IOV enabled QLogic cards (bsc#1155990) * sle15sp1/passthrough-000019579.py: Passthrough of Raid Controller to KVM guest results in NMI and unresponsiveness on host (bsc#1152800) * sle15sp1/nfsperf-151-000019615.py: Performance loss when writing large files over NFS (bsc#1163403) * sle15sp1/nfsipv6_151-000019618.py: Timeout when attempting NFS mount over IPv6 (bsc#1144162) * sle15sp1/nfit-000019688.py: dmesg shows NFIT related messages after updating the kernel (bsc#1159356) * sle15sp1/namespace-000019571.py: Activation of multiple namespaces simultaneously may lead to an activation failure (bsc#1157778) * sle15sp1/ipmi-000019602.py: IPMI driver can be unloaded when being accessed by user space (bsc#1154768) * sle15sp1/ghostcat_151-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle15sp1/edac-000019537.py: A kernel message shows EDAC amd64 Error F0 not found, device 0x1460 broken BIOS (bsc#1131489) * sle15sp1/docore_151-000019881.py: System crash in do_coredump() when a process is restarted (bsc#1177753) * sle15sp0/mpiofindpaths-000019511.py: Using the find_multipaths yes option in multipath.conf (bsc#1138452) * sle15sp0/ghostcat_150-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle15all/zypproxy-000020275.py: zypper commands return Error code HTTP response 0 * sle15all/vmcore-00002.pl: Detects the need for a kernel core analysis * sle15all/vmcore-00001.pl: Identifies kernel core dumps for review * sle15all/udevmac-000020260.py: systemd-udevd Could not generate persistent MAC address for br0 No such file or directory (bsc#1185357) * sle15all/systemd-current-failed-7017137.py: Check for failed systemd services * sle15all/sysdjobs-000020261.py: Troubleshooting systemd jobs that are hung or stuck * sle15all/softlock-000018705.py: soft lockup messages about * sle15all/slapd-000019711.py: slapd.service not enabled/failed after upgrade from SUSE Linux Enterprise 11 Service Pack 4 to SUSE Linux Enterprise 15 (bsc#1156353) * sle15all/sizingbtrfs-000018798.py: How to resize/extend a btrfs formatted root partition * sle15all/sdagentconfig-000020301.py: SCA Appliance configuration reports ERROR 2002 HY000 Cannot connect to MySQL server (bsc#1183464) * sle15all/scc-registered.py: Check system registration status * sle15all/scc-expired.py: Identify if SCC registrations have expired * sle15all/scatool-000020253.py: scatool fails to analyze supportconfigs with xz compression (bsc#1155181) * sle15all/scatool-000004685.py: scatool fails with traceback * sle15all/proxy-00003.pl: Checks for proxy environment variables * sle15all/postfix-000020356.py: Postfix fails to start with IPv6 disabled * sle15all/oomvsftpd-000020252.py: vsftpd and other processes terminated due to OOM scenario (bsc#1182905) * sle15all/nobarrier-000020240.py: XFS nobarrier option has been completely deprecated starting from SUSE Linux Enterprise 15 Service Pack 2 (bsc#1176375) * sle15all/mysqlperf-000020354.py: mysqld segfault when the system is under stress (bsc#1186792) * sle15all/lvmsnapshot-000019858.py: LVM snapshot changed state to Invalid and should be removed (bsc#1179170) * sle15all/lvm-00005.pl: Duplicate volume groups are usually a configuration issue * sle15all/lvm-00004.pl: LMV Check sum errors may indicate corrupted LVM metadata * sle15all/lvm-00003.pl: Physical volumes can be removed or damaged and appear missing. This pattern looks for missing physical volumes. * sle15all/iscsimnts-000019648.py: Proper mount options for iSCSI drives * sle15all/cronlimit-000020338.py: crontab - More than 1000 entries in crontab file, can't install (bsc#1187508) * sle15all/coredumpctl-000018634.py: How to obtain systemd service core dumps * sle15all/btrfsmaster-000018779.py: BTRFS Master TID * sle15all/blacklist-000019607.py: System exit to emergency shell at boot with multipath enabled * sle15all/bhc-scc.sh: Pattern removed (bsc#1184594, bsc#1186317) * sle15all/acpid-000019708.py: acpid.service failed to start after upgrade (bsc#1158890) * CVE-2020-0543: Special Register Buffer Data Sampling aka CrossTalk (bsc#1154824) + sle15sp2/crosstalk_152-000019643.py + sle15sp1/crosstalk_151-000019643.py * CVE-2020-0548, CVE-2020-0549: L1D data cache eviction and Vector Register sampling (bsc#1156353) + sle15sp2/ucodeintel_152-000019635.py + sle15sp1/ucodeintel_151-000019635.py + sle15sp0/ucodeintel_150-000019635.py - Renamed pattern files for filename standard * Renamed patterns/SLE/sle15all/scc-expired.py to patterns/SLE/sle15all/bhc-scc-expired.py * Renamed /SLE/sle15all/scc-registered.py to patterns/SLE/sle15all/bhc-scc-registered.py - Updated regular patterns: * sle15all/lvm-00003.pl: Physical volumes can be removed or damaged and appear missing. This pattern looks for missing physical volumes sca-patterns-sle12: - Version update from 1.0.2 to 1.5.1 to implement the conversion of SCA Tool to Python3 (jsc#SLE-25064, jsc#SLE-24335): * Convert SCA Tool from Python2 to Python3 (bsc#1191005, SLE-21579) * Added Video link to coredumpctl-000018634.py * Added video links to patterns (bsc#1190460): + bhc-scc-expired.py, bhc-scc-registered.py, bhc-diskused-00001.pl, bhc-memused-00001.pl * Fixed crosstalk message strings (bsc#1186312) * Fixed metadata tags for scc-registered.py * Removed outdated TID2 link in bhc-diskused-00001.pl (bsc#1190260) * Requires Core library 1.3.3 which contains Core.logFullFile function * Updated registration link in bhc-scc-registered.py * Updated renewal link in bhc-scc-expired.py * Updated scc-registered.py pattern to fix registration detection - New security announcement patterns: * Apr 2022 (53) for SUSE-SU-2022:1254-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1151-1 SUSE-SU-2022:1094-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1478-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1272-1 SUSE-SU-2022:1217-1 SUSE-SU-2022:1266-1 SUSE-SU-2022:1474-1 SUSE-SU-2022:1475-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1429-1 SUSE-SU-2022:1417-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1285-1 SUSE-SU-2022:1105-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1258-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1217-1 SUSE-SU-2022:1267-1 SUSE-SU-2022:1267-1 SUSE-SU-2022:1275-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1429-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1408-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1440-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1270-1 SUSE-SU-2022:1270-1 SUSE-SU-2022:1275-1 SUSE-SU-2022:1123-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1428-1 * Mar 2022 (127) for SUSE-SU-2022:1254-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1151-1 SUSE-SU-2022:1094-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1478-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1272-1 SUSE-SU-2022:1217-1 SUSE-SU-2022:1266-1 SUSE-SU-2022:1474-1 SUSE-SU-2022:1475-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1429-1 SUSE-SU-2022:1417-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1285-1 SUSE-SU-2022:1105-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1258-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1217-1 SUSE-SU-2022:1267-1 SUSE-SU-2022:1267-1 SUSE-SU-2022:1275-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1429-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1408-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1440-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1270-1 SUSE-SU-2022:1270-1 SUSE-SU-2022:1275-1 SUSE-SU-2022:1123-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1428-1 SUSE-SU-2022:0733-1 SUSE-SU-2022:1023-1 SUSE-SU-2022:0939-1 SUSE-SU-2022:0811-1 SUSE-SU-2022:0690-1 SUSE-SU-2022:0784-1 SUSE-SU-2022:0895-1 SUSE-SU-2022:0860-1 SUSE-SU-2022:0857-1 SUSE-SU-2022:0822-1 SUSE-SU-2022:0777-1 SUSE-SU-2022:0782-1 SUSE-SU-2022:0820-1 SUSE-SU-2022:0913-1 SUSE-SU-2022:1026-1 SUSE-SU-2022:1025-1 SUSE-SU-2022:1024-1 SUSE-SU-2022:0765-1 SUSE-SU-2022:0910-1 SUSE-SU-2022:0871-1 SUSE-SU-2022:0730-1 SUSE-SU-2022:0678-1 SUSE-SU-2022:0677-1 SUSE-SU-2022:0842-1 SUSE-SU-2022:0698-1 SUSE-SU-2022:0908-1 SUSE-SU-2022:0881-1 SUSE-SU-2022:0928-1 SUSE-SU-2022:0733-1 SUSE-SU-2022:1062-1 SUSE-SU-2022:0811-1 SUSE-SU-2022:0690-1 SUSE-SU-2022:0784-1 SUSE-SU-2022:0860-1 SUSE-SU-2022:0857-1 SUSE-SU-2022:0822-1 SUSE-SU-2022:0777-1 SUSE-SU-2022:0782-1 SUSE-SU-2022:0820-1 SUSE-SU-2022:1026-1 SUSE-SU-2022:1025-1 SUSE-SU-2022:1024-1 SUSE-SU-2022:0910-1 SUSE-SU-2022:0871-1 SUSE-SU-2022:0842-1 SUSE-SU-2022:0698-1 SUSE-SU-2022:0908-1 SUSE-SU-2022:0918-1 SUSE-SU-2022:0733-1 SUSE-SU-2022:1043-1 SUSE-SU-2022:0811-1 SUSE-SU-2022:0690-1 SUSE-SU-2022:0854-1 SUSE-SU-2022:0822-1 SUSE-SU-2022:0777-1 SUSE-SU-2022:0820-1 SUSE-SU-2022:1036-1 SUSE-SU-2022:1026-1 SUSE-SU-2022:1025-1 SUSE-SU-2022:1024-1 SUSE-SU-2022:1012-1 SUSE-SU-2022:1003-1 SUSE-SU-2022:0668-1 SUSE-SU-2022:0667-1 SUSE-SU-2022:0653-1 SUSE-SU-2022:0762-1 SUSE-SU-2022:0762-1 SUSE-SU-2022:0871-1 SUSE-SU-2022:0909-1 SUSE-SU-2022:0842-1 SUSE-SU-2022:0698-1 SUSE-SU-2022:0918-1 SUSE-SU-2022:1044-1 SUSE-SU-2022:0882-1 * Feb 2022 (169) for SUSE-SU-2022:1254-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1151-1 SUSE-SU-2022:1094-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1478-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1272-1 SUSE-SU-2022:1217-1 SUSE-SU-2022:1266-1 SUSE-SU-2022:1474-1 SUSE-SU-2022:1475-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1429-1 SUSE-SU-2022:1417-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1285-1 SUSE-SU-2022:1105-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1258-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1217-1 SUSE-SU-2022:1267-1 SUSE-SU-2022:1267-1 SUSE-SU-2022:1275-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1429-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1408-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1440-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1270-1 SUSE-SU-2022:1270-1 SUSE-SU-2022:1275-1 SUSE-SU-2022:1123-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1428-1 SUSE-SU-2022:0733-1 SUSE-SU-2022:1023-1 SUSE-SU-2022:0939-1 SUSE-SU-2022:0811-1 SUSE-SU-2022:0690-1 SUSE-SU-2022:0784-1 SUSE-SU-2022:0895-1 SUSE-SU-2022:0860-1 SUSE-SU-2022:0857-1 SUSE-SU-2022:0822-1 SUSE-SU-2022:0777-1 SUSE-SU-2022:0782-1 SUSE-SU-2022:0820-1 SUSE-SU-2022:0913-1 SUSE-SU-2022:1026-1 SUSE-SU-2022:1025-1 SUSE-SU-2022:1024-1 SUSE-SU-2022:0765-1 SUSE-SU-2022:0910-1 SUSE-SU-2022:0871-1 SUSE-SU-2022:0730-1 SUSE-SU-2022:0678-1 SUSE-SU-2022:0677-1 SUSE-SU-2022:0842-1 SUSE-SU-2022:0698-1 SUSE-SU-2022:0908-1 SUSE-SU-2022:0881-1 SUSE-SU-2022:0928-1 SUSE-SU-2022:0733-1 SUSE-SU-2022:1062-1 SUSE-SU-2022:0811-1 SUSE-SU-2022:0690-1 SUSE-SU-2022:0784-1 SUSE-SU-2022:0860-1 SUSE-SU-2022:0857-1 SUSE-SU-2022:0822-1 SUSE-SU-2022:0777-1 SUSE-SU-2022:0782-1 SUSE-SU-2022:0820-1 SUSE-SU-2022:1026-1 SUSE-SU-2022:1025-1 SUSE-SU-2022:1024-1 SUSE-SU-2022:0910-1 SUSE-SU-2022:0871-1 SUSE-SU-2022:0842-1 SUSE-SU-2022:0698-1 SUSE-SU-2022:0908-1 SUSE-SU-2022:0918-1 SUSE-SU-2022:0733-1 SUSE-SU-2022:1043-1 SUSE-SU-2022:0811-1 SUSE-SU-2022:0690-1 SUSE-SU-2022:0854-1 SUSE-SU-2022:0822-1 SUSE-SU-2022:0777-1 SUSE-SU-2022:0820-1 SUSE-SU-2022:1036-1 SUSE-SU-2022:1026-1 SUSE-SU-2022:1025-1 SUSE-SU-2022:1024-1 SUSE-SU-2022:1012-1 SUSE-SU-2022:1003-1 SUSE-SU-2022:0668-1 SUSE-SU-2022:0667-1 SUSE-SU-2022:0653-1 SUSE-SU-2022:0762-1 SUSE-SU-2022:0762-1 SUSE-SU-2022:0871-1 SUSE-SU-2022:0909-1 SUSE-SU-2022:0842-1 SUSE-SU-2022:0698-1 SUSE-SU-2022:0918-1 SUSE-SU-2022:1044-1 SUSE-SU-2022:0882-1 SUSE-SU-2022:0542-1 SUSE-SU-2022:0469-1 SUSE-SU-2022:0504-1 SUSE-SU-2022:0478-1 SUSE-SU-2022:0576-1 SUSE-SU-2022:0496-1 SUSE-SU-2022:0505-1 SUSE-SU-2022:0323-1 SUSE-SU-2022:0565-1 SUSE-SU-2022:0441-1 SUSE-SU-2022:0372-1 SUSE-SU-2022:0561-1 SUSE-SU-2022:0495-1 SUSE-SU-2022:0440-1 SUSE-SU-2022:0542-1 SUSE-SU-2022:0331-1 SUSE-SU-2022:0478-1 SUSE-SU-2022:0575-1 SUSE-SU-2022:0496-1 SUSE-SU-2022:0505-1 SUSE-SU-2022:0565-1 SUSE-SU-2022:0441-1 SUSE-SU-2022:0271-1 SUSE-SU-2022:0495-1 SUSE-SU-2022:0358-1 SUSE-SU-2022:0542-1 SUSE-SU-2022:0359-1 SUSE-SU-2022:0478-1 SUSE-SU-2022:0575-1 SUSE-SU-2022:0496-1 SUSE-SU-2022:0505-1 SUSE-SU-2022:0565-1 SUSE-SU-2022:0552-1 SUSE-SU-2022:0329-1 SUSE-SU-2022:0328-1 SUSE-SU-2022:0327-1 SUSE-SU-2022:0325-1 SUSE-SU-2022:0271-1 SUSE-SU-2022:0362-1 SUSE-SU-2022:0362-1 SUSE-SU-2022:0495-1 SUSE-SU-2022:0358-1 * Jan 2022 (218) for SUSE-SU-2022:1254-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1151-1 SUSE-SU-2022:1094-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1478-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1272-1 SUSE-SU-2022:1217-1 SUSE-SU-2022:1266-1 SUSE-SU-2022:1474-1 SUSE-SU-2022:1475-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1429-1 SUSE-SU-2022:1417-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1285-1 SUSE-SU-2022:1105-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1258-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1217-1 SUSE-SU-2022:1267-1 SUSE-SU-2022:1267-1 SUSE-SU-2022:1275-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1429-1 SUSE-SU-2022:1160-1 SUSE-SU-2022:1408-1 SUSE-SU-2022:1294-1 SUSE-SU-2022:1129-1 SUSE-SU-2022:1113-1 SUSE-SU-2022:1308-1 SUSE-SU-2022:1168-1 SUSE-SU-2022:1440-1 SUSE-SU-2022:1312-1 SUSE-SU-2022:1270-1 SUSE-SU-2022:1270-1 SUSE-SU-2022:1275-1 SUSE-SU-2022:1123-1 SUSE-SU-2022:1306-1 SUSE-SU-2022:1289-1 SUSE-SU-2022:1428-1 SUSE-SU-2022:0733-1 SUSE-SU-2022:1023-1 SUSE-SU-2022:0939-1 SUSE-SU-2022:0811-1 SUSE-SU-2022:0690-1 SUSE-SU-2022:0784-1 SUSE-SU-2022:0895-1 SUSE-SU-2022:0860-1 SUSE-SU-2022:0857-1 SUSE-SU-2022:0822-1 SUSE-SU-2022:0777-1 SUSE-SU-2022:0782-1 SUSE-SU-2022:0820-1 SUSE-SU-2022:0913-1 SUSE-SU-2022:1026-1 SUSE-SU-2022:1025-1 SUSE-SU-2022:1024-1 SUSE-SU-2022:0765-1 SUSE-SU-2022:0910-1 SUSE-SU-2022:0871-1 SUSE-SU-2022:0730-1 SUSE-SU-2022:0678-1 SUSE-SU-2022:0677-1 SUSE-SU-2022:0842-1 SUSE-SU-2022:0698-1 SUSE-SU-2022:0908-1 SUSE-SU-2022:0881-1 SUSE-SU-2022:0928-1 SUSE-SU-2022:0733-1 SUSE-SU-2022:1062-1 SUSE-SU-2022:0811-1 SUSE-SU-2022:0690-1 SUSE-SU-2022:0784-1 SUSE-SU-2022:0860-1 SUSE-SU-2022:0857-1 SUSE-SU-2022:0822-1 SUSE-SU-2022:0777-1 SUSE-SU-2022:0782-1 SUSE-SU-2022:0820-1 SUSE-SU-2022:1026-1 SUSE-SU-2022:1025-1 SUSE-SU-2022:1024-1 SUSE-SU-2022:0910-1 SUSE-SU-2022:0871-1 SUSE-SU-2022:0842-1 SUSE-SU-2022:0698-1 SUSE-SU-2022:0908-1 SUSE-SU-2022:0918-1 SUSE-SU-2022:0733-1 SUSE-SU-2022:1043-1 SUSE-SU-2022:0811-1 SUSE-SU-2022:0690-1 SUSE-SU-2022:0854-1 SUSE-SU-2022:0822-1 SUSE-SU-2022:0777-1 SUSE-SU-2022:0820-1 SUSE-SU-2022:1036-1 SUSE-SU-2022:1026-1 SUSE-SU-2022:1025-1 SUSE-SU-2022:1024-1 SUSE-SU-2022:1012-1 SUSE-SU-2022:1003-1 SUSE-SU-2022:0668-1 SUSE-SU-2022:0667-1 SUSE-SU-2022:0653-1 SUSE-SU-2022:0762-1 SUSE-SU-2022:0762-1 SUSE-SU-2022:0871-1 SUSE-SU-2022:0909-1 SUSE-SU-2022:0842-1 SUSE-SU-2022:0698-1 SUSE-SU-2022:0918-1 SUSE-SU-2022:1044-1 SUSE-SU-2022:0882-1 SUSE-SU-2022:0542-1 SUSE-SU-2022:0469-1 SUSE-SU-2022:0504-1 SUSE-SU-2022:0478-1 SUSE-SU-2022:0576-1 SUSE-SU-2022:0496-1 SUSE-SU-2022:0505-1 SUSE-SU-2022:0323-1 SUSE-SU-2022:0565-1 SUSE-SU-2022:0441-1 SUSE-SU-2022:0372-1 SUSE-SU-2022:0561-1 SUSE-SU-2022:0495-1 SUSE-SU-2022:0440-1 SUSE-SU-2022:0542-1 SUSE-SU-2022:0331-1 SUSE-SU-2022:0478-1 SUSE-SU-2022:0575-1 SUSE-SU-2022:0496-1 SUSE-SU-2022:0505-1 SUSE-SU-2022:0565-1 SUSE-SU-2022:0441-1 SUSE-SU-2022:0271-1 SUSE-SU-2022:0495-1 SUSE-SU-2022:0358-1 SUSE-SU-2022:0542-1 SUSE-SU-2022:0359-1 SUSE-SU-2022:0478-1 SUSE-SU-2022:0575-1 SUSE-SU-2022:0496-1 SUSE-SU-2022:0505-1 SUSE-SU-2022:0565-1 SUSE-SU-2022:0552-1 SUSE-SU-2022:0329-1 SUSE-SU-2022:0328-1 SUSE-SU-2022:0327-1 SUSE-SU-2022:0325-1 SUSE-SU-2022:0271-1 SUSE-SU-2022:0362-1 SUSE-SU-2022:0362-1 SUSE-SU-2022:0495-1 SUSE-SU-2022:0358-1 SUSE-SU-2022:0161-1 SUSE-SU-2022:0142-1 SUSE-SU-2022:0110-1 SUSE-SU-2022:0202-1 SUSE-SU-2022:0060-1 SUSE-SU-2022:0118-1 SUSE-SU-2022:0189-1 SUSE-SU-2022:0061-1 SUSE-SU-2022:0030-1 SUSE-SU-2022:0115-1 SUSE-SU-2022:0212-1 SUSE-SU-2022:0032-1 SUSE-SU-2022:0034-1 SUSE-SU-2022:0080-1 SUSE-SU-2022:0068-1 SUSE-SU-2022:0166-1 SUSE-SU-2022:0107-1 SUSE-SU-2022:0081-1 SUSE-SU-2022:0179-1 SUSE-SU-2022:0160-1 SUSE-SU-2022:0145-1 SUSE-SU-2022:0161-1 SUSE-SU-2022:0142-1 SUSE-SU-2022:0202-1 SUSE-SU-2022:0189-1 SUSE-SU-2022:0030-1 SUSE-SU-2022:0115-1 SUSE-SU-2022:0212-1 SUSE-SU-2022:0042-1 SUSE-SU-2022:0034-1 SUSE-SU-2022:0166-1 SUSE-SU-2022:0107-1 SUSE-SU-2022:0179-1 SUSE-SU-2022:0065-1 SUSE-SU-2022:0145-1 SUSE-SU-2022:0161-1 SUSE-SU-2022:0142-1 SUSE-SU-2022:0202-1 SUSE-SU-2022:0189-1 SUSE-SU-2022:0030-1 SUSE-SU-2022:0115-1 SUSE-SU-2022:0212-1 SUSE-SU-2022:0041-1 SUSE-SU-2022:0034-1 SUSE-SU-2022:0166-1 SUSE-SU-2022:0107-1 SUSE-SU-2022:0179-1 SUSE-SU-2022:0065-1 SUSE-SU-2022:0145-1 * Jun 2021 (80) for SUSE-SU-2021:2014-1 SUSE-SU-2021:1990-1 SUSE-SU-2021:1929-1 SUSE-SU-2021:1838-1 SUSE-SU-2021:1906-1 SUSE-SU-2021:1880-1 SUSE-SU-2021:1837-1 SUSE-SU-2021:1842-1 SUSE-SU-2021:2152-1 SUSE-SU-2021:2159-1 SUSE-SU-2021:1886-1 SUSE-SU-2021:1892-1 SUSE-SU-2021:1830-1 SUSE-SU-2021:2180-1 SUSE-SU-2021:2135-1 SUSE-SU-2021:1957-1 SUSE-SU-2021:2156-1 SUSE-SU-2021:2016-1 SUSE-SU-2021:1913-1 SUSE-SU-2021:1887-1 SUSE-SU-2021:1980-1 SUSE-SU-2021:1875-1 SUSE-SU-2021:1959-1 SUSE-SU-2021:1822-1 SUSE-SU-2021:2137-1 SUSE-SU-2021:1943-1 SUSE-SU-2021:2175-1 SUSE-SU-2021:2006-1 SUSE-SU-2021:1900-1 SUSE-SU-2021:2014-1 SUSE-SU-2021:1990-1 SUSE-SU-2021:1930-1 SUSE-SU-2021:1906-1 SUSE-SU-2021:1947-1 SUSE-SU-2021:1842-1 SUSE-SU-2021:2152-1 SUSE-SU-2021:2159-1 SUSE-SU-2021:1886-1 SUSE-SU-2021:1892-1 SUSE-SU-2021:1830-1 SUSE-SU-2021:2180-1 SUSE-SU-2021:2135-1 SUSE-SU-2021:2156-1 SUSE-SU-2021:1891-1 SUSE-SU-2021:1980-1 SUSE-SU-2021:1875-1 SUSE-SU-2021:1960-1 SUSE-SU-2021:1822-1 SUSE-SU-2021:1943-1 SUSE-SU-2021:1494-2 SUSE-SU-2021:2175-1 SUSE-SU-2021:2006-1 SUSE-SU-2021:1900-1 SUSE-SU-2021:2014-1 SUSE-SU-2021:1990-1 SUSE-SU-2021:1930-1 SUSE-SU-2021:1906-1 SUSE-SU-2021:1894-1 SUSE-SU-2021:1842-1 SUSE-SU-2021:2119-1 SUSE-SU-2021:2159-1 SUSE-SU-2021:1886-1 SUSE-SU-2021:1892-1 SUSE-SU-2021:1830-1 SUSE-SU-2021:2180-1 SUSE-SU-2021:2135-1 SUSE-SU-2021:2156-1 SUSE-SU-2021:2060-1 SUSE-SU-2021:2042-1 SUSE-SU-2021:2026-1 SUSE-SU-2021:1870-1 SUSE-SU-2021:1865-1 SUSE-SU-2021:1980-1 SUSE-SU-2021:1875-1 SUSE-SU-2021:1960-1 SUSE-SU-2021:1822-1 SUSE-SU-2021:1943-1 SUSE-SU-2021:1494-2 SUSE-SU-2021:2175-1 SUSE-SU-2021:2006-1 * May 2021 (39) for SUSE-SU-2021:1580-1 SUSE-SU-2021:1621-1 SUSE-SU-2021:1490-1 SUSE-SU-2021:1783-1 SUSE-SU-2021:1782-1 SUSE-SU-2021:1576-1 SUSE-SU-2021:1658-1 SUSE-SU-2021:1524-1 SUSE-SU-2021:1766-1 SUSE-SU-2021:1595-1 SUSE-SU-2021:1572-1 SUSE-SU-2021:1760-1 SUSE-SU-2021:1646-1 SUSE-SU-2021:1813-1 SUSE-SU-2021:1645-1 SUSE-SU-2021:1763-1 SUSE-SU-2021:1468-1 SUSE-SU-2021:1494-1 SUSE-SU-2021:1648-1 SUSE-SU-2021:1492-1 SUSE-SU-2021:1621-1 SUSE-SU-2021:1658-1 SUSE-SU-2021:1596-1 SUSE-SU-2021:1646-1 SUSE-SU-2021:1813-1 SUSE-SU-2021:1645-1 SUSE-SU-2021:1786-1 SUSE-SU-2021:1468-1 SUSE-SU-2021:1492-1 SUSE-SU-2021:1621-1 SUSE-SU-2021:1658-1 SUSE-SU-2021:1623-1 SUSE-SU-2021:1646-1 SUSE-SU-2021:1813-1 SUSE-SU-2021:1645-1 SUSE-SU-2021:1469-1 SUSE-SU-2021:1621-1 SUSE-SU-2021:1617-1 SUSE-SU-2021:1469-1 * Apr 2021 (69) for SUSE-SU-2021:1181-1 SUSE-SU-2021:1023-1 SUSE-SU-2021:1274-1 SUSE-SU-2021:1438-1 SUSE-SU-2021:1242-1 SUSE-SU-2021:1401-1 SUSE-SU-2021:1399-1 SUSE-SU-2021:1396-1 SUSE-SU-2021:1325-1 SUSE-SU-2021:1152-1 SUSE-SU-2021:1125-1 SUSE-SU-2021:1248-1 SUSE-SU-2021:1210-1 SUSE-SU-2021:1175-1 SUSE-SU-2021:1435-1 SUSE-SU-2021:1314-1 SUSE-SU-2021:1277-1 SUSE-SU-2021:1030-1 SUSE-SU-2021:1165-1 SUSE-SU-2021:1111-1 SUSE-SU-2021:1453-1 SUSE-SU-2021:1174-1 SUSE-SU-2021:1159-1 SUSE-SU-2021:1315-1 SUSE-SU-2021:1180-1 SUSE-SU-2021:1251-1 SUSE-SU-2021:1273-1 SUSE-SU-2021:1241-1 SUSE-SU-2021:1429-1 SUSE-SU-2021:1401-1 SUSE-SU-2021:1399-1 SUSE-SU-2021:1325-1 SUSE-SU-2021:1152-1 SUSE-SU-2021:1435-1 SUSE-SU-2021:1165-1 SUSE-SU-2021:1111-1 SUSE-SU-2021:1453-1 SUSE-SU-2021:1189-1 SUSE-SU-2021:1187-1 SUSE-SU-2021:1252-1 SUSE-SU-2021:1431-1 SUSE-SU-2021:1273-1 SUSE-SU-2021:1240-1 SUSE-SU-2021:1401-1 SUSE-SU-2021:1399-1 SUSE-SU-2021:1373-1 SUSE-SU-2021:1341-1 SUSE-SU-2021:1325-1 SUSE-SU-2021:1152-1 SUSE-SU-2021:1075-1 SUSE-SU-2021:1074-1 SUSE-SU-2021:1435-1 SUSE-SU-2021:1111-1 SUSE-SU-2021:1453-1 SUSE-SU-2021:1189-1 SUSE-SU-2021:1187-1 SUSE-SU-2021:1431-1 SUSE-SU-2021:1267-1 SUSE-SU-2021:1442-1 SUSE-SU-2021:1439-1 SUSE-SU-2021:1305-1 SUSE-SU-2021:1401-1 SUSE-SU-2021:1399-1 SUSE-SU-2021:1325-1 SUSE-SU-2021:1152-1 SUSE-SU-2021:1148-1 SUSE-SU-2021:1145-1 SUSE-SU-2021:1453-1 SUSE-SU-2021:1189-1 * Mar 2021 New Security Announcement Patterns (79) for SUSE-SU-2021:0990-1 SUSE-SU-2021:0720-1 SUSE-SU-2021:0929-1 SUSE-SU-2021:0988-1 SUSE-SU-2021:0975-1 SUSE-SU-2021:0776-1 SUSE-SU-2021:0794-1 SUSE-SU-2021:0886-1 SUSE-SU-2021:0887-1 SUSE-SU-2021:0675-1 SUSE-SU-2021:0987-1 SUSE-SU-2021:0954-1 SUSE-SU-2021:0752-1 SUSE-SU-2021:0725-1 SUSE-SU-2021:0998-1 SUSE-SU-2021:0693-1 SUSE-SU-2021:0663-1 SUSE-SU-2021:0932-1 SUSE-SU-2021:0999-1 SUSE-SU-2021:0667-1 SUSE-SU-2021:0742-1 SUSE-SU-2021:0739-1 SUSE-SU-2021:0681-1 SUSE-SU-2021:0801-1 SUSE-SU-2021:0756-1 SUSE-SU-2021:0713-1 SUSE-SU-2021:0779-1 SUSE-SU-2021:0745-1 SUSE-SU-2021:0929-1 SUSE-SU-2021:0988-1 SUSE-SU-2021:0794-1 SUSE-SU-2021:0675-1 SUSE-SU-2020:2173-2 SUSE-SU-2021:0954-1 SUSE-SU-2021:0752-1 SUSE-SU-2021:0725-1 SUSE-SU-2021:0693-1 SUSE-SU-2021:0663-1 SUSE-SU-2021:0932-1 SUSE-SU-2021:0999-1 SUSE-SU-2021:0667-1 SUSE-SU-2021:0736-1 SUSE-SU-2021:0681-1 SUSE-SU-2021:0801-1 SUSE-SU-2021:0756-1 SUSE-SU-2021:0745-1 SUSE-SU-2021:0929-1 SUSE-SU-2021:0794-1 SUSE-SU-2021:0675-1 SUSE-SU-2020:2173-2 SUSE-SU-2021:0939-1 SUSE-SU-2021:0693-1 SUSE-SU-2021:0932-1 SUSE-SU-2021:0999-1 SUSE-SU-2021:0667-1 SUSE-SU-2021:0870-1 SUSE-SU-2021:0835-1 SUSE-SU-2021:0743-1 SUSE-SU-2021:0682-1 SUSE-SU-2021:0801-1 SUSE-SU-2021:0756-1 SUSE-SU-2021:0745-1 SUSE-SU-2021:0929-1 SUSE-SU-2021:0928-1 SUSE-SU-2021:0794-1 SUSE-SU-2021:0675-1 SUSE-SU-2020:2173-2 SUSE-SU-2021:0939-1 SUSE-SU-2021:0693-1 SUSE-SU-2021:0932-1 SUSE-SU-2021:0999-1 SUSE-SU-2021:0999-1 SUSE-SU-2021:0667-1 SUSE-SU-2021:0870-1 SUSE-SU-2021:0835-1 SUSE-SU-2021:0744-1 SUSE-SU-2021:0679-1 SUSE-SU-2021:0801-1 SUSE-SU-2021:0756-1 - New regular patterns: * sle12sp5/vmtools-000004682.py: Extensive logging in vmware-vmsvc-root.log with open-vm-tools (bsc#1162119) * sle12sp5/tailf-000019885.py: Aborting tailf causes bash session to be corrupted (bsc#1177369) * sle12sp5/systemd-current-failed-7017137.py: Check for failed systemd services * sle12sp5/systemd_SUSE-SU-2021_2405-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 SP5 * sle12sp5/sdagentconfig-000020301.py: SCA Appliance configuration reports ERROR 2002 HY000 Cannot connect to MySQL server (bsc#1183464) * sle12sp5/qemu_SUSE-SU-2021_2448-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 Service Pack 5 * sle12sp5/python-py_SUSE-SU-2021_2236-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 Service Pack 5 * sle12sp5/permissions_SUSE-SU-2021_2280-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 Service Pack 5 * sle12sp5/nobarrier-000020240.py: XFS nobarrier option has been completely deprecated starting from SUSE Linux Enterprise 15 Service Pack 2 (bsc#1176375) * sle12sp5/nfstimeout_125-000019943.py: Delayed outgoing packets causing NFS timeouts (bsc#1183405) * sle12sp5/nfsperf-125-000019615.py: Performance loss when writing large files over NFS (bsc#1163403) * sle12sp5/nfsipv6_125-000019618.py: Timeout when attempting NFS mount over IPv6 (bsc#1144162) * sle12sp5/lscpu-000019784-12.py: lscpu segfaults on IBM Power8 - Assertion failed (bsc#1175623) * sle12sp5/linuxptp_SUSE-SU-2021_2545-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 SP5 * sle12sp5/kgraft-patch_SUSE-SU-2021_2462-1_12.5.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP5 * sle12sp5/kgraft-patch_SUSE-SU-2021_2389-1_12.5.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP5 * sle12sp5/kgraft-patch_SUSE-SU-2021_2324-1_12.5.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP5 * sle12sp5/kernel_SUSE-SU-2021_2416-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 SP5 * sle12sp5/kernel_SUSE-SU-2021_2407-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 SP5 * sle12sp5/kernel_SUSE-SU-2021_2321-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 SP5 * sle12sp5/intelpstate_125-000020273.py: Frequency scaling driver intel_pstate not loading on some Intel Xeon Scalable processors (bsc#1185758) * sle12sp5/glibc_SUSE-SU-2021_2480-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 SP5 * sle12sp5/ghostcat_125-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle12sp5/docore_125-000019881.py: System crash in do_coredump() when a process is restarted (bsc#1182194) * sle12sp5/dbus-1_SUSE-SU-2021_2424-1_12.5.py: Security fixes for SUSE Linux Enterprise 12 SP5 * sle12sp5/cronlimit-000020338.py: crontab - More than 1000 entries in crontab file, can't install (bsc#1187508) * sle12sp5/btrfscrash-125-000019638.py: System crash during a BTRFS maintenance task (bsc#1163508) * sle12sp5/btrfscrash-125-000019638.py: System crash during a BTRFS maintenance task (bsc#1163508) * sle12sp4/vmtools-000004682.py: Extensive logging in vmware-vmsvc-root.log with open-vm-tools (bsc#1162119) * sle12sp4/tcpdumpcore-000019666.py: Running tcpdump on a SUSE Linux Enterprise 12 Service Pack 4 System with Kernel 4.12.14-95.48-default may crash the system (bsc#1176579) * sle12sp4/tailf-000019885.py: Aborting tailf causes bash session to be corrupted (bsc#1177369) * sle12sp4/systemd-current-failed-7017137.py: Check for failed systemd services * sle12sp4/systemd_SUSE-SU-2021_2423-1_12.4.ltss.py: Security fixes for SUSE Linux Enterprise 12 SP4 LTSS * sle12sp4/sdagentconfig-000020301.py: SCA Appliance configuration reports ERROR 2002 HY000 Cannot connect to MySQL server (bsc#1183464) * sle12sp4/plymouth-000019595.py: plymouth hang - login to console not possible * sle12sp4/nobarrier-000020240.py: XFS nobarrier option has been completely deprecated starting from SUSE Linux Enterprise 15 Service Pack 2 (bsc#1176375) * sle12sp4/nfsperf-124-000019615.py: Performance loss when writing large files over NFS (bsc#1163403) * sle12sp4/mpiofindpaths-000019511.py: Using the find_multipaths yes option in multipath.conf (bsc#1138452) * sle12sp4/linuxptp_SUSE-SU-2021_2443-1_12.4.ltss.py: Security fixes for SUSE Linux Enterprise 12 SP4 LTSS * sle12sp4/kgraft-patch_SUSE-SU-2021_2546-1_12.4.ltss.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP4 LTSS * sle12sp4/kgraft-patch_SUSE-SU-2021_2389-1_12.4.ltss.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP4 LTSS * sle12sp4/kernel_SUSE-SU-2021_2422-1_12.4.ltss.py: Security fixes for SUSE Linux Enterprise 12 SP4 LTSS * sle12sp4/ghostcat_124-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle12sp4/docore_124-000019881.py: System crash in do_coredump() when a process is restarted (bsc#1182194) * sle12sp4/curl_SUSE-SU-2021_2425-1_12.4.ltss.py: Security fixes for SUSE Linux Enterprise 12 SP4 LTSS * sle12sp4/cronlimit-000020338.py: crontab - More than 1000 entries in crontab file, can't install (bsc#1187508) * sle12sp4/btrfscrash-124-000019638.py: System crash during a BTRFS maintenance task (bsc#1163508) * sle12sp4/btrfscrash-124-000019638.py: System crash during a BTRFS maintenance task (bsc#1163508) * sle12sp3/systemd-current-failed-7017137.py: Check for failed systemd services * sle12sp3/systemd_SUSE-SU-2021_2423-1_12.3.ltss.py: Security fixes for SUSE Linux Enterprise 12 SP3 LTSS * sle12sp3/mpiofindpaths-000019511.py: Using the find_multipaths yes option in multipath.conf (bsc#1138452) * sle12sp3/linuxptp_SUSE-SU-2021_2443-1_12.3.ltss.py: Security fixes for SUSE Linux Enterprise 12 SP3 LTSS * sle12sp3/kgraft-patch_SUSE-SU-2021_2563-1_12.3.ltss.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP3 LTSS * sle12sp3/kgraft-patch_SUSE-SU-2021_2538-1_12.3.ltss.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP3 LTSS * sle12sp3/kgraft-patch_SUSE-SU-2021_2451-1_12.3.ltss.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP3 LTSS * sle12sp3/kgraft-patch_SUSE-SU-2021_2433-1_12.3.ltss.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP3 LTSS * sle12sp3/kgraft-patch_SUSE-SU-2021_2389-1_12.3.ltss.py: Security fixes for SUSE Linux Kernel Live Patch 12 SP3 LTSS * sle12sp3/ghostcat_123-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle12sp2/systemd-current-failed-7017137.py: Check for failed systemd services * sle12sp2/ghostcat_122-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle12sp1/systemd-current-failed-7017137.py: Check for failed systemd services * sle12sp1/ghostcat_121-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle12sp0/systemd-current-failed-7017137.py: Check for failed systemd services * sle12all/zypproxy-000020275.py: zypper commands return Error code HTTP response 0 * sle12all/zerologon-000019713.py: Zerologon aka CVE-2020-1472 (bsc#1176579) * sle12all/sysdjobs-000020261.py: Troubleshooting systemd jobs that are hung or stuck * sle12all/softlock-000018705.py: soft lockup messages about * sle12all/sizingbtrfs-000018798.py: How to resize/extend a btrfs formatted root partition * sle12all/scatool-000020253.py: scatool fails to analyze supportconfigs with xz compression (bsc#1186316) * sle12all/postfix-000020356.py: Postfix fails to start with IPv6 disabled * sle12all/lvmsnapshot-000019858.py: LVM snapshot changed state to Invalid and should be removed * sle12all/lvm-volume-list-7016683.py: Fixed execution error * sle12all/iscsimnts-000019648.py: Proper mount options for iSCSI drives * sle12all/coredumpctl-000018634.py: How to obtain systemd service core dumps * sle12all/btrfsmaster-000018779.py: BTRFS Master TID * sle12all/btrfscron-000019583.py: After upgrading BTRFS cron jobs are not working anymore (bsc#1159891) * sle12all/blacklist-000019607.py: System exit to emergency shell at boot with multipath enabled * CVE-2020-12351, CVE-2020-12352, CVE-2020-24490: BleedingTooth + sle12sp5/bleedingtooth_125-000019735.py + sle12sp4/bleedingtooth_124-000019735.py + sle12sp3/bleedingtooth_123-000019735.py + sle12sp2/bleedingtooth_122-000019735.py * CVE-2020-0548, CVE-2020-0549: L1D data cache eviction and Vector Register sampling (bsc#1156353) + sle12sp5/ucodeintel_125-000019635.py + sle12sp4/ucodeintel_124-000019635.py + sle12sp3/ucodeintel_123-000019635.py + sle12sp2/ucodeintel_122-000019635.py * CVE-2020-0543: Special Register Buffer Data Sampling aka CrossTalk (bsc#1154824) + sle12sp5/crosstalk_125-000019643.py + sle12sp4/crosstalk_124-000019643.py + sle12sp3/crosstalk_123-000019643.py + sle12sp2/crosstalk_122-000019643.py - Updated patterns: * sle12all/scc-expired.py: Identify if SCC registrations have expired * sle12all/lvm-00003.pl: Physical volumes can be removed or damaged and appear missing. This pattern looks for missing physical volumes * sle12all/lvm-00004.pl: LMV Check sum errors may indicate corrupted LVM metadata * sle12all/lvm-00005.pl: Duplicate volume groups are usually a configuration issue - Renamed patterns for file standard: * Renamed patterns/SLE/sle12all/scc-expired.py to patterns/SLE/sle12all/bhc-scc-expired.py * Renamed patterns/SLE/sle12all/scc-registered.py to patterns/SLE/sle12all/bhc-scc-registered.py - Deleted regular patterns (1) * sle12all/systemd-current-failed-7017137.py: Moved to service packs with fixes (bsc#1187983) * sle12all/bhc-scc.sh: Pattern removed (bsc#1184594) * sle12all/pdc-00001.pl: Pattern removed OES Dependent * sle12all/pdc-00002.pl: Pattern removed OES Dependent * sle12all/lvm-00001.pl: Pattern removed * sle12all/lvm-00002.pl: Pattern removed sca-patterns-sle11: - Version update from 1.3.1 to 1.5.1 to implement the conversion of SCA Tool to Python3 (jsc#SLE-25064, jsc#SLE-24335): * Convert SCA Tool from Python2 to Python3 (bsc#1191005, SLE-21579) * Removed OES dependent patterns (bsc#1196873) - New security announcement patterns: * Apr 2022 (5) for SUSE-SU-2022:14938-1 SUSE-SU-2022:14943-1 SUSE-SU-2022:14936-1 SUSE-SU-2022:14941-1 SUSE-SU-2022:14951-1 * Mar 2022 (19) for SUSE-SU-2022:14938-1 SUSE-SU-2022:14943-1 SUSE-SU-2022:14936-1 SUSE-SU-2022:14941-1 SUSE-SU-2022:14951-1 SUSE-SU-2022:14910-1 SUSE-SU-2022:14929-1 SUSE-SU-2022:14908-1 SUSE-SU-2022:14914-1 SUSE-SU-2022:14915-1 SUSE-SU-2022:14906-1 SUSE-SU-2022:14904-1 SUSE-SU-2022:14909-1 SUSE-SU-2022:14905-1 SUSE-SU-2022:14927-1 SUSE-SU-2022:14923-1 SUSE-SU-2022:14934-1 SUSE-SU-2022:14903-1 SUSE-SU-2022:14924-1 * Feb 2022 (27) for SUSE-SU-2022:14938-1 SUSE-SU-2022:14943-1 SUSE-SU-2022:14936-1 SUSE-SU-2022:14941-1 SUSE-SU-2022:14951-1 SUSE-SU-2022:14910-1 SUSE-SU-2022:14929-1 SUSE-SU-2022:14908-1 SUSE-SU-2022:14914-1 SUSE-SU-2022:14915-1 SUSE-SU-2022:14906-1 SUSE-SU-2022:14904-1 SUSE-SU-2022:14909-1 SUSE-SU-2022:14905-1 SUSE-SU-2022:14927-1 SUSE-SU-2022:14923-1 SUSE-SU-2022:14934-1 SUSE-SU-2022:14903-1 SUSE-SU-2022:14924-1 SUSE-SU-2022:14889-1 SUSE-SU-2022:14886-1 SUSE-SU-2022:14888-1 SUSE-SU-2022:14890-1 SUSE-SU-2022:14887-1 SUSE-SU-2022:14896-1 SUSE-SU-2022:14884-1 SUSE-SU-2022:14894-1 * Jan 2022 (34) for SUSE-SU-2022:14938-1 SUSE-SU-2022:14943-1 SUSE-SU-2022:14936-1 SUSE-SU-2022:14941-1 SUSE-SU-2022:14951-1 SUSE-SU-2022:14910-1 SUSE-SU-2022:14929-1 SUSE-SU-2022:14908-1 SUSE-SU-2022:14914-1 SUSE-SU-2022:14915-1 SUSE-SU-2022:14906-1 SUSE-SU-2022:14904-1 SUSE-SU-2022:14909-1 SUSE-SU-2022:14905-1 SUSE-SU-2022:14927-1 SUSE-SU-2022:14923-1 SUSE-SU-2022:14934-1 SUSE-SU-2022:14903-1 SUSE-SU-2022:14924-1 SUSE-SU-2022:14889-1 SUSE-SU-2022:14886-1 SUSE-SU-2022:14888-1 SUSE-SU-2022:14890-1 SUSE-SU-2022:14887-1 SUSE-SU-2022:14896-1 SUSE-SU-2022:14884-1 SUSE-SU-2022:14894-1 SUSE-SU-2022:14880-1 SUSE-SU-2022:14881-1 SUSE-SU-2022:14872-1 SUSE-SU-2022:14875-1 SUSE-SU-2022:14878-1 SUSE-SU-2022:14882-1 SUSE-SU-2022:14879-1 * Jul 2021 (5) for SUSE-SU-2021:14769-1 SUSE-SU-2021:14771-1 SUSE-SU-2021:14766-1 SUSE-SU-2021:14764-1 SUSE-SU-2021:14761-1 * Jun 2021 (12) for SUSE-SU-2021:14747-1 SUSE-SU-2021:14748-1 SUSE-SU-2021:14744-1 SUSE-SU-2021:14757-1 SUSE-SU-2021:14743-1 SUSE-SU-2021:14758-1 SUSE-SU-2021:14751-1 SUSE-SU-2021:14750-1 SUSE-SU-2021:14740-1 SUSE-SU-2021:14760-1 SUSE-SU-2021:14759-1 SUSE-SU-2021:14749-1 * May 2021 (5) for SUSE-SU-2021:14729-1 SUSE-SU-2021:14724-1 SUSE-SU-2021:14738-1 SUSE-SU-2021:14728-1 SUSE-SU-2021:14714-1 * Apr 2021 (10) for SUSE-SU-2021:14690-1 SUSE-SU-2021:14702-1 SUSE-SU-2021:14705-1 SUSE-SU-2021:14709-1 SUSE-SU-2021:14700-1 SUSE-SU-2021:14708-1 SUSE-SU-2021:14684-1 SUSE-SU-2021:14704-1 SUSE-SU-2021:14712-1 SUSE-SU-2021:14692-1 - New regular patterns: * sle11sp4/ghostcat_114-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle11sp3/ghostcat_113-000019606.py: Ghostcat - Apache Tomcat AJP File Read/Inclusion Vulnerability (bsc#1164692) * sle11all/softlock-000018705.py: soft lockup messages about * sle11all/sizingbtrfs-000018798.py: How to resize/extend a btrfs formatted root partition * sle11all/btrfsmaster-000018779.py: BTRFS Master TID * CVE-2020-0543: sle11sp4/crosstalk_114-000019643.py: Special Register Buffer Data Sampling aka CrossTalk (bsc#1154824) - Deleted regular patterns: * sle11all/bhc-scc.sh: Pattern removed (bsc#1184594) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4496=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4496=1 Package List: - openSUSE Leap 15.3 (noarch): sca-patterns-base-1.5.0-150300.10.3.1 sca-patterns-hae-1.5.1-150300.10.3.1 sca-patterns-sle11-1.5.1-150300.18.3.1 sca-patterns-sle12-1.5.1-150300.3.3.1 sca-patterns-sle15-1.5.1-150300.14.3.1 sca-patterns-suma-1.5.0-150300.9.3.1 sca-server-report-1.5.1-150300.11.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): sca-patterns-base-1.5.0-150300.10.3.1 sca-patterns-hae-1.5.1-150300.10.3.1 sca-patterns-sle11-1.5.1-150300.18.3.1 sca-patterns-sle12-1.5.1-150300.3.3.1 sca-patterns-sle15-1.5.1-150300.14.3.1 sca-patterns-suma-1.5.0-150300.9.3.1 sca-server-report-1.5.1-150300.11.3.1 References: https://www.suse.com/security/cve/CVE-2020-0543.html https://www.suse.com/security/cve/CVE-2020-0548.html https://www.suse.com/security/cve/CVE-2020-0549.html https://www.suse.com/security/cve/CVE-2020-12351.html https://www.suse.com/security/cve/CVE-2020-12352.html https://www.suse.com/security/cve/CVE-2020-1472.html https://www.suse.com/security/cve/CVE-2020-24490.html https://bugzilla.suse.com/1045605 https://bugzilla.suse.com/1124793 https://bugzilla.suse.com/1131489 https://bugzilla.suse.com/1138452 https://bugzilla.suse.com/1144162 https://bugzilla.suse.com/1152800 https://bugzilla.suse.com/1154768 https://bugzilla.suse.com/1154824 https://bugzilla.suse.com/1155181 https://bugzilla.suse.com/1155990 https://bugzilla.suse.com/1156353 https://bugzilla.suse.com/1157778 https://bugzilla.suse.com/1158890 https://bugzilla.suse.com/1159356 https://bugzilla.suse.com/1159891 https://bugzilla.suse.com/1162119 https://bugzilla.suse.com/1163403 https://bugzilla.suse.com/1163508 https://bugzilla.suse.com/1164692 https://bugzilla.suse.com/1167689 https://bugzilla.suse.com/1175623 https://bugzilla.suse.com/1176021 https://bugzilla.suse.com/1176140 https://bugzilla.suse.com/1176375 https://bugzilla.suse.com/1176579 https://bugzilla.suse.com/1177369 https://bugzilla.suse.com/1177753 https://bugzilla.suse.com/1179170 https://bugzilla.suse.com/1180894 https://bugzilla.suse.com/1182194 https://bugzilla.suse.com/1182905 https://bugzilla.suse.com/1182917 https://bugzilla.suse.com/1183405 https://bugzilla.suse.com/1183464 https://bugzilla.suse.com/1184594 https://bugzilla.suse.com/1185357 https://bugzilla.suse.com/1185593 https://bugzilla.suse.com/1185594 https://bugzilla.suse.com/1185684 https://bugzilla.suse.com/1185758 https://bugzilla.suse.com/1185857 https://bugzilla.suse.com/1186034 https://bugzilla.suse.com/1186312 https://bugzilla.suse.com/1186316 https://bugzilla.suse.com/1186317 https://bugzilla.suse.com/1186420 https://bugzilla.suse.com/1186442 https://bugzilla.suse.com/1186792 https://bugzilla.suse.com/1187194 https://bugzilla.suse.com/1187508 https://bugzilla.suse.com/1187983 https://bugzilla.suse.com/1189394 https://bugzilla.suse.com/1189483 https://bugzilla.suse.com/1189889 https://bugzilla.suse.com/1190260 https://bugzilla.suse.com/1190460 https://bugzilla.suse.com/1191005 https://bugzilla.suse.com/1191199 https://bugzilla.suse.com/1193878 https://bugzilla.suse.com/1196730 https://bugzilla.suse.com/1196873 From sle-updates at lists.suse.com Thu Dec 15 17:27:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 18:27:26 +0100 (CET) Subject: SUSE-SU-2022:4501-1: important: Security update for ceph Message-ID: <20221215172726.4D24CFD84@maintenance.suse.de> SUSE Security Update: Security update for ceph ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4501-1 Rating: important References: #1178073 #1194131 #1194353 #1194875 #1195359 #1196044 #1196785 #1196938 #1200064 #1200553 SES-2515 SLE-24710 SLE-24711 Cross-References: CVE-2021-3979 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability, contains three features and has 9 fixes is now available. Description: This update for ceph fixes the following issues: ceph was updated to the Pacific release (16.2.9-536-g41a9f9a5573): + (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR + (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979) + (bsc#1200064,) Remove last vestiges of docker.io image paths + (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname + (bsc#1196785) cephadm: avoid crashing on expected non-zero exit + (jsc#SES-2515) High-availability NFS export + (bsc#1194875) [SES7P] include/buffer: include + cephadm: update image paths to registry.suse.com + cephadm: use snmp-notifier image from registry.suse.de + cephadm: infer the default container image during pull + mgr/cephadm: try to get FQDN for inventory address + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12 + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade + Update Prometheus Container image paths (pr #459) + mgr/dashboard: Fix documentation URL (pr #456) + mgr/dashboard: Adapt downstream branded navigation page (pr #454) + Update prometheus-server version + (bsc#1194353) Downstream branding breaks dashboard npm build + (bsc#1178073) mgr/dashboard: fix downstream NFS doc links Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4501=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4501=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4501=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4501=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4501=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ceph-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-base-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-base-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-common-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-fuse-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-fuse-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-immutable-object-cache-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-immutable-object-cache-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mds-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mds-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mon-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mon-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-osd-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-osd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-radosgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 cephfs-shell-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs2-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados-devel-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 libradospp-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-cephfs-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-cephfs-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rados-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rados-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rbd-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rgw-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 rados-objclass-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-fuse-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-fuse-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-mirror-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-mirror-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-nbd-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-nbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 - openSUSE Leap 15.3 (noarch): ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-diskprediction-local-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-k8sevents-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.6.3.1 cephadm-16.2.9.536+g41a9f9a5573-150300.6.3.1 - openSUSE Leap 15.3 (x86_64): ceph-test-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-test-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-test-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-common-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 fmt-debugsource-8.0.1-150300.7.5.1 libcephfs-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs2-16.2.9.536+g41a9f9a5573-150300.6.3.1 libcephfs2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados-devel-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 libradospp-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librgw2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-cephfs-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-cephfs-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rados-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rados-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rbd-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rgw-16.2.9.536+g41a9f9a5573-150300.6.3.1 python3-rgw-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 rados-objclass-devel-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-nbd-16.2.9.536+g41a9f9a5573-150300.6.3.1 rbd-nbd-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64): ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 x86_64): ceph-debugsource-16.2.9.536+g41a9f9a5573-150300.6.3.1 libfmt8-8.0.1-150300.7.5.1 libfmt8-debuginfo-8.0.1-150300.7.5.1 librados2-16.2.9.536+g41a9f9a5573-150300.6.3.1 librados2-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-16.2.9.536+g41a9f9a5573-150300.6.3.1 librbd1-debuginfo-16.2.9.536+g41a9f9a5573-150300.6.3.1 References: https://www.suse.com/security/cve/CVE-2021-3979.html https://bugzilla.suse.com/1178073 https://bugzilla.suse.com/1194131 https://bugzilla.suse.com/1194353 https://bugzilla.suse.com/1194875 https://bugzilla.suse.com/1195359 https://bugzilla.suse.com/1196044 https://bugzilla.suse.com/1196785 https://bugzilla.suse.com/1196938 https://bugzilla.suse.com/1200064 https://bugzilla.suse.com/1200553 From sle-updates at lists.suse.com Thu Dec 15 17:29:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 18:29:01 +0100 (CET) Subject: SUSE-FU-2022:4495-1: important: Feature update for lsvpd Message-ID: <20221215172901.44407FD84@maintenance.suse.de> SUSE Feature Update: Feature update for lsvpd ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4495-1 Rating: important References: #1187665 PED-534 SLE-24497 SLE-25107 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one feature fix and contains three features can now be installed. Description: This update for lsvpd fixes the following issues: Version update from 1.7.13 to 1.7.14 (jsc#SLE-25107, jsc#SLE-24497, jsc#PED-534): - Prevent corruption of database file when running vpdupdate (bsc#1187665) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4495=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4495=1 Package List: - openSUSE Leap 15.4 (ppc64le): lsvpd-1.7.14-150400.3.4.2 lsvpd-debuginfo-1.7.14-150400.3.4.2 lsvpd-debugsource-1.7.14-150400.3.4.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (ppc64le): lsvpd-1.7.14-150400.3.4.2 lsvpd-debuginfo-1.7.14-150400.3.4.2 lsvpd-debugsource-1.7.14-150400.3.4.2 References: https://bugzilla.suse.com/1187665 From sle-updates at lists.suse.com Thu Dec 15 17:29:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 18:29:43 +0100 (CET) Subject: SUSE-RU-2022:4494-1: important: Recommended update for lsvpd Message-ID: <20221215172943.56195FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for lsvpd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4494-1 Rating: important References: #1187665 PED-534 SLE-24497 SLE-25107 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix and contains three features can now be installed. Description: This update for lsvpd fixes the following issues: Version update from 1.7.13 to 1.7.14 (jsc#SLE-25107, jsc#SLE-24497): - Prevent corruption of database file when running vpdupdate (bsc#1187665) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4494=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4494=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4494=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4494=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4494=1 Package List: - openSUSE Leap 15.3 (ppc64le): lsvpd-1.7.14-150200.3.15.2 lsvpd-debuginfo-1.7.14-150200.3.15.2 lsvpd-debugsource-1.7.14-150200.3.15.2 - SUSE Manager Server 4.1 (ppc64le): lsvpd-1.7.14-150200.3.15.2 lsvpd-debuginfo-1.7.14-150200.3.15.2 lsvpd-debugsource-1.7.14-150200.3.15.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le): lsvpd-1.7.14-150200.3.15.2 lsvpd-debuginfo-1.7.14-150200.3.15.2 lsvpd-debugsource-1.7.14-150200.3.15.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le): lsvpd-1.7.14-150200.3.15.2 lsvpd-debuginfo-1.7.14-150200.3.15.2 lsvpd-debugsource-1.7.14-150200.3.15.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le): lsvpd-1.7.14-150200.3.15.2 lsvpd-debuginfo-1.7.14-150200.3.15.2 lsvpd-debugsource-1.7.14-150200.3.15.2 References: https://bugzilla.suse.com/1187665 From sle-updates at lists.suse.com Thu Dec 15 17:30:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 18:30:27 +0100 (CET) Subject: SUSE-RU-2022:4497-1: moderate: Recommended update for yast2-cluster Message-ID: <20221215173027.826C2FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4497-1 Rating: moderate References: #1204530 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issues: - Set crypto_hash as "sha1" and set crypto_cipher as "aes256" (bsc#1204530) - Set transport as "udpu" when detect in cloud - Set default values for mcastaddr/mcastport/bindnedaddr when cluster firstly configured - Set focus on "Generate Auth Key File" when secauth is true - Implement ValidateSecurity method - Set focus on 'memberaddr add' when using udpu Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-4497=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (noarch): yast2-cluster-4.2.12-150200.3.15.1 References: https://bugzilla.suse.com/1204530 From sle-updates at lists.suse.com Thu Dec 15 17:31:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Dec 2022 18:31:09 +0100 (CET) Subject: SUSE-RU-2022:4498-1: moderate: Recommended update for yast2-cluster Message-ID: <20221215173109.BBA63FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-cluster ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4498-1 Rating: moderate References: #1204530 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-cluster fixes the following issues: - Set crypto_hash as "sha1" and set crypto_cipher as "aes256" (bsc#1204530) - Set transport as "udpu" when detect in cloud - Set default values for mcastaddr/mcastport/bindnedaddr when cluster firstly configured - Set focus on "Generate Auth Key File" when secauth is true - Implement ValidateSecurity method - Set focus on 'memberaddr add' when using udpu Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4498=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-4498=1 Package List: - openSUSE Leap 15.3 (noarch): yast2-cluster-4.3.7-150300.3.3.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): yast2-cluster-4.3.7-150300.3.3.1 References: https://bugzilla.suse.com/1204530 From sle-updates at lists.suse.com Fri Dec 16 11:19:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2022 12:19:52 +0100 (CET) Subject: SUSE-RU-2022:4502-1: moderate: Recommended update for rekor Message-ID: <20221216111952.3DFC4FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for rekor ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4502-1 Rating: moderate References: SLE-23476 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for rekor fixes the following issues: Rekor was updated to 1.0.1 (jsc#SLE-23476): - stop inserting envelope hash for intoto:0.0.2 types into index - build with FIPSified go1.18. updated to rekor 1.0.0 (jsc#SLE-23476): - add description on /api/v1/index/retrieve endpoint - Adding e2e test coverage - export rekor build/version information - Use POST instead of GET for /api/log/entries/retrieve metrics. - Search through all shards when searching - verify: verify checkpoint's STH against the inclusion proof root hash - add ability to enable/disable specific rekor API endpoints - enable configurable client retries with backoff in RekorClient - remove dead code around api-key and timestamp references - update swagger API version to 1.0.0 - remove unused RekorVersion API definition - install gocovmerge in hack/tools - add retry command line flag on rekor-cli - Add some info and debug logging to commonly used funcs updated to rekor 0.12.2 (jsc#SLE-23476): - add description on /api/v1/index/retrieve endpoint - Adding e2e test coverage - export rekor build/version information - Use POST instead of GET for /api/log/entries/retrieve metrics. - Search through all shards when searching by hash updated to rekor 0.12.1 (jsc#SLE-23476): - ** Rekor ** v0.12.1 comes with a breaking change to rekor-cli v0.12.1. Users of rekor-cli MUST upgrade to the latest version The addition of the intotov2 created a breaking change for the rekor-cli - What's Changed - fix: fix harness tests with intoto v0.0.2 - feat: add file based signer and password - Adds new rekor metrics for latency and QPS. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4502=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4502=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rekor-1.0.1-150400.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): rekor-1.0.1-150400.4.6.1 References: From sle-updates at lists.suse.com Fri Dec 16 17:19:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2022 18:19:59 +0100 (CET) Subject: SUSE-SU-2022:4505-1: important: Security update for the Linux Kernel Message-ID: <20221216171959.D940AFD89@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4505-1 Rating: important References: #1065729 #1071995 #1106594 #1156395 #1164051 #1184350 #1199365 #1200845 #1201455 #1203183 #1203746 #1203860 #1203960 #1204017 #1204142 #1204414 #1204446 #1204631 #1204636 #1204810 #1204850 #1204868 #1204963 #1205006 #1205128 #1205130 #1205220 #1205234 #1205264 #1205473 #1205514 #1205617 #1205671 #1205705 #1205709 #1205796 #1205901 #1205902 #1205903 #1205904 #1205905 #1205906 #1205907 #1205908 #1206032 #1206037 #1206113 #1206114 #1206117 #1206118 #1206119 #1206120 #1206207 #1206213 Cross-References: CVE-2022-28693 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3643 CVE-2022-3903 CVE-2022-4095 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 38 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bnc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bnc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bnc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - KVM: s390: split kvm_s390_logical_to_effective (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - NIU: fix incorrect error return, missed in previous revert (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (git-fixes). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PM: hibernate: fix sparse warnings (git-fixes). - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add missing bug reference to a hv_netvsc patch file (bsc#1204850). - always clear the X2APIC_ENABLE bit for PV guest (git-fixes). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - bfq: Update cgroup information before merging bio (git-fixes). - blk-mq: add callback of .cleanup_rq (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: respect queue limit of max discard segment (git-fixes). - block: rsxx: select CONFIG_CRC32 (git-fixes). - block: use "unsigned long" for blk_validate_block_size() (git-fixes). - bnxt_en: Clean up completion ring page arrays completely (git-fixes). - bnxt_en: Do not use static arrays for completion ring pages (git-fixes). - bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: Free context memory after disabling PCI in probe error path (git-fixes). - bnxt_en: Increase maximum RX ring size if jumbo ring is not used (git-fixes). - brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - ceph: check availability of mds cluster on mount after wait timeout (bsc#1205903). - ceph: do not skip updating wanted caps when cap is stale (bsc#1205905). - ceph: fix fscache invalidation (bsc#1205907). - ceph: fix potential race in ceph_check_caps (bsc#1205906). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205908). - ceph: return -EINVAL if given fsc mount option on kernel w/o support (bsc#1205902). - ceph: return -ERANGE if virtual xattr value didn't fit in buffer (bsc#1205901). - ceph: return ceph_mdsc_do_request() errors from __get_parent() (bsc#1205904). - cuse: prevent clone (bsc#1206120). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: remove harmful bio-based optimization (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206119). - fuse: retrieve: cap requested size to negotiated max_write (bsc#1206118). - fuse: use READ_ONCE on congestion_threshold and max_background (bsc#1206117). - gianfar: Disable EEE autoneg by default (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (git-fixes). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Sync offloading features to VF NIC (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - i40e: Fix kernel crash during module removal (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ice: Increase control queue timeout (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kprobes/x86/xen: blacklist non-attachable xen interrupt functions (git-fixes). - macsec: check return value of skb_to_sgvec always (git-fixes). - macsec: fix memory leaks when skb_to_sgvec fails (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mceusb: RX -EPIPE (urb status = -32) lockup failure fix (git-fixes). - media: mceusb: TX -EPIPE (urb status = -32) lockup fix (git-fixes). - media: mceusb: do not read data parameters unless required (git-fixes). - media: mceusb: fix inaccurate debug buffer dumps, and misleading debug messages (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: mceusb: sporadic RX truncation corruption fix (git-fixes). - mm, swap, frontswap: fix THP swap if frontswap enabled (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - module: harden ELF info handling (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - nbd: do not update block size after device is started (git-fixes). - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5e: Fix endianness handling in pedit mask (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net: aquantia: Fix actual speed capabilities reporting (git-fixes). - net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (git-fixes). - net: ethernet: arc: fix error handling in emac_rockchip_probe (git-fixes). - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes). - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (git-fixes). - net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes). - net: hns3: check vlan id before using it (git-fixes). - net: hns3: disable sriov before unload hclge layer (git-fixes). - net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes). - net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: hns3: reset DWRR of unused tc to zero (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes). - net: moxa: fix UAF in moxart_mac_probe (git-fixes). - net: natsemi: Fix missing pci_disable_device() in probe and remove (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes). - net: qcom/emac: fix UAF in emac_remove (git-fixes). - net: smsc911x: Fix unload crash when link is up (git-fixes). - net: ti: fix UAF in tlan_remove_one (git-fixes). - net: xen-netback: fix return type of ndo_start_xmit function (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fix the null_add_dev() error path (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - phy: mdio: fix memory leak (git-fixes). - ptp: dp83640: do not define PAGE0 (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (bsc#1206213 LTC#200742). - s390/qeth: Fix error handling during VNICC initialization (git-fixes). - s390/qeth: Fix initialization of vnicc cmd masks during set online (git-fixes). - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes). - s390/qeth: do not defer close_dev work during recovery (bsc#1206213 LTC#200742). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/qeth: fix deadlock during failing recovery (bsc#1206213 LTC#200742). - s390/qeth: fix false reporting of VNIC CHAR config failure (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: remove driver-wide workqueue (bsc#1206213 LTC#200742). - s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes). - s390/qeth: vnicc Fix init to default (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: appldata depends on PROC_SYSCTL (git-fixes). - s390: define get_cycles macro for arch-override (git-fixes). - s390: fix nospec table alignments (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - sfp: fix RX_LOS signal handling (git-fixes). - sis900: Fix missing pci_disable_device() in probe and remove (git-fixes). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: musb: Fix suspend with devices connected for a64 (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: Return from panic notifier (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen-netfront: remove warning when unloading module (git-fixes). - xen/balloon: fix balloon initialization for PVH Dom0 (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/blkback: fix memory leaks (git-fixes). - xen/efi: Set nonblocking callbacks (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Fix off-by-one error when unmapping with holes (git-fixes). - xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/grant-table: Use put_page instead of free_page (git-fixes). - xen/pciback: Check dev_data before using it (git-fixes). - xen/pciback: remove set but not used variable 'old_state' (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/scsiback: add error handling for xenbus_printf (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes). - xen: add error handling for xenbus_printf (git-fixes). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (git-fixes). - xen: xenbus: use put_device() instead of kfree() (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4505=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.120.1 kernel-azure-base-4.12.14-16.120.1 kernel-azure-base-debuginfo-4.12.14-16.120.1 kernel-azure-debuginfo-4.12.14-16.120.1 kernel-azure-debugsource-4.12.14-16.120.1 kernel-azure-devel-4.12.14-16.120.1 kernel-syms-azure-4.12.14-16.120.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.120.1 kernel-source-azure-4.12.14-16.120.1 References: https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1164051 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1199365 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203746 https://bugzilla.suse.com/1203860 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1205006 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205234 https://bugzilla.suse.com/1205264 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1205901 https://bugzilla.suse.com/1205902 https://bugzilla.suse.com/1205903 https://bugzilla.suse.com/1205904 https://bugzilla.suse.com/1205905 https://bugzilla.suse.com/1205906 https://bugzilla.suse.com/1205907 https://bugzilla.suse.com/1205908 https://bugzilla.suse.com/1206032 https://bugzilla.suse.com/1206037 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206117 https://bugzilla.suse.com/1206118 https://bugzilla.suse.com/1206119 https://bugzilla.suse.com/1206120 https://bugzilla.suse.com/1206207 https://bugzilla.suse.com/1206213 From sle-updates at lists.suse.com Fri Dec 16 17:25:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2022 18:25:18 +0100 (CET) Subject: SUSE-SU-2022:4503-1: important: Security update for the Linux Kernel Message-ID: <20221216172518.7778DFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4503-1 Rating: important References: #1065729 #1071995 #1156395 #1184350 #1189297 #1192761 #1200845 #1201455 #1203144 #1203746 #1203960 #1204017 #1204142 #1204215 #1204228 #1204241 #1204328 #1204446 #1204636 #1204693 #1204780 #1204791 #1204810 #1204827 #1204850 #1204868 #1204934 #1204957 #1204963 #1204967 #1205220 #1205264 #1205329 #1205330 #1205428 #1205514 #1205567 #1205617 #1205671 #1205700 #1205705 #1205709 #1205753 #1205984 #1205985 #1205986 #1205987 #1205988 #1205989 #1206207 Cross-References: CVE-2022-2602 CVE-2022-28693 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 33 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" (git-fixes). - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use "unsigned long" for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4503=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4503=1 Package List: - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.88.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.88.1 dlm-kmp-azure-5.3.18-150300.38.88.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.88.1 gfs2-kmp-azure-5.3.18-150300.38.88.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.88.1 kernel-azure-5.3.18-150300.38.88.1 kernel-azure-debuginfo-5.3.18-150300.38.88.1 kernel-azure-debugsource-5.3.18-150300.38.88.1 kernel-azure-devel-5.3.18-150300.38.88.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.88.1 kernel-azure-extra-5.3.18-150300.38.88.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.88.1 kernel-azure-livepatch-devel-5.3.18-150300.38.88.1 kernel-azure-optional-5.3.18-150300.38.88.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.88.1 kernel-syms-azure-5.3.18-150300.38.88.1 kselftests-kmp-azure-5.3.18-150300.38.88.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.88.1 ocfs2-kmp-azure-5.3.18-150300.38.88.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.88.1 reiserfs-kmp-azure-5.3.18-150300.38.88.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.88.1 - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.88.1 kernel-source-azure-5.3.18-150300.38.88.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.88.1 kernel-azure-debuginfo-5.3.18-150300.38.88.1 kernel-azure-debugsource-5.3.18-150300.38.88.1 kernel-azure-devel-5.3.18-150300.38.88.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.88.1 kernel-syms-azure-5.3.18-150300.38.88.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.88.1 kernel-source-azure-5.3.18-150300.38.88.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1189297 https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1203144 https://bugzilla.suse.com/1203746 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204215 https://bugzilla.suse.com/1204228 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204328 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204780 https://bugzilla.suse.com/1204791 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204827 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204934 https://bugzilla.suse.com/1204957 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1204967 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205264 https://bugzilla.suse.com/1205329 https://bugzilla.suse.com/1205330 https://bugzilla.suse.com/1205428 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205567 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205700 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205753 https://bugzilla.suse.com/1205984 https://bugzilla.suse.com/1205985 https://bugzilla.suse.com/1205986 https://bugzilla.suse.com/1205987 https://bugzilla.suse.com/1205988 https://bugzilla.suse.com/1205989 https://bugzilla.suse.com/1206207 From sle-updates at lists.suse.com Fri Dec 16 17:30:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2022 18:30:08 +0100 (CET) Subject: SUSE-SU-2022:4504-1: important: Security update for the Linux Kernel Message-ID: <20221216173008.A856FFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4504-1 Rating: important References: #1065729 #1156395 #1164051 #1184350 #1189297 #1190256 #1193629 #1194869 #1202341 #1203183 #1204631 #1204636 #1204693 #1204810 #1204850 #1205007 #1205100 #1205111 #1205128 #1205130 #1205149 #1205153 #1205220 #1205331 #1205428 #1205473 #1205514 #1205617 #1205653 #1205744 #1205764 #1205796 #1205882 #1205993 #1206035 #1206036 #1206037 #1206046 #1206047 #1206051 #1206056 #1206057 #1206113 #1206114 #1206147 #1206149 #1206207 #1206273 PED-1573 PED-1706 PED-1936 PED-2684 PED-611 PED-824 PED-849 Cross-References: CVE-2022-2602 CVE-2022-3176 CVE-2022-3566 CVE-2022-3567 CVE-2022-3635 CVE-2022-3643 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45869 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-45869 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45888 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-45888 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 22 vulnerabilities, contains 7 features and has 26 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bnc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bnc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bnc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c of the component IPsec (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() of the component IPv6 Handler (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-41850: Fixed a use-after-free in roccat_report_event in drivers/hid/hid-roccat.c (bnc#1203960). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - Revert "net: phy: meson-gxl: improve link-up behavior" (git-fixes). - Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" (git-fixes). - Revert "tty: n_gsm: replace kicktimer with delayed_work" (git-fixes). - Revert "usb: dwc3: disable USB core PHY management" (git-fixes). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after "KVM: x86/pmu: Use different raw event masks for AMD and Intel" (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in "direct IRQ" mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous "to" in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous "the" (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4504=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4504=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-azure-5.14.21-150400.14.28.1 cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.28.1 dlm-kmp-azure-5.14.21-150400.14.28.1 dlm-kmp-azure-debuginfo-5.14.21-150400.14.28.1 gfs2-kmp-azure-5.14.21-150400.14.28.1 gfs2-kmp-azure-debuginfo-5.14.21-150400.14.28.1 kernel-azure-5.14.21-150400.14.28.1 kernel-azure-debuginfo-5.14.21-150400.14.28.1 kernel-azure-debugsource-5.14.21-150400.14.28.1 kernel-azure-devel-5.14.21-150400.14.28.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.28.1 kernel-azure-extra-5.14.21-150400.14.28.1 kernel-azure-extra-debuginfo-5.14.21-150400.14.28.1 kernel-azure-livepatch-devel-5.14.21-150400.14.28.1 kernel-azure-optional-5.14.21-150400.14.28.1 kernel-azure-optional-debuginfo-5.14.21-150400.14.28.1 kernel-syms-azure-5.14.21-150400.14.28.1 kselftests-kmp-azure-5.14.21-150400.14.28.1 kselftests-kmp-azure-debuginfo-5.14.21-150400.14.28.1 ocfs2-kmp-azure-5.14.21-150400.14.28.1 ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.28.1 reiserfs-kmp-azure-5.14.21-150400.14.28.1 reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.28.1 - openSUSE Leap 15.4 (noarch): kernel-devel-azure-5.14.21-150400.14.28.1 kernel-source-azure-5.14.21-150400.14.28.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): kernel-azure-5.14.21-150400.14.28.1 kernel-azure-debuginfo-5.14.21-150400.14.28.1 kernel-azure-debugsource-5.14.21-150400.14.28.1 kernel-azure-devel-5.14.21-150400.14.28.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.28.1 kernel-syms-azure-5.14.21-150400.14.28.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): kernel-devel-azure-5.14.21-150400.14.28.1 kernel-source-azure-5.14.21-150400.14.28.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3566.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45869.html https://www.suse.com/security/cve/CVE-2022-45888.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1164051 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1189297 https://bugzilla.suse.com/1190256 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1205007 https://bugzilla.suse.com/1205100 https://bugzilla.suse.com/1205111 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1205153 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205331 https://bugzilla.suse.com/1205428 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205653 https://bugzilla.suse.com/1205744 https://bugzilla.suse.com/1205764 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1205882 https://bugzilla.suse.com/1205993 https://bugzilla.suse.com/1206035 https://bugzilla.suse.com/1206036 https://bugzilla.suse.com/1206037 https://bugzilla.suse.com/1206046 https://bugzilla.suse.com/1206047 https://bugzilla.suse.com/1206051 https://bugzilla.suse.com/1206056 https://bugzilla.suse.com/1206057 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206147 https://bugzilla.suse.com/1206149 https://bugzilla.suse.com/1206207 https://bugzilla.suse.com/1206273 From sle-updates at lists.suse.com Fri Dec 16 20:20:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2022 21:20:01 +0100 (CET) Subject: SUSE-SU-2022:4506-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP1) Message-ID: <20221216202001.8A4B7FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4506-1 Rating: important References: #1203606 #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_117 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4508=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-4511=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-4512=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-4507=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4509=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4506=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_114-default-7-150100.2.1 kernel-livepatch-4_12_14-150100_197_117-default-5-150100.2.1 kernel-livepatch-4_12_14-150100_197_123-default-2-150100.2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_101-default-2-150000.2.1 kernel-livepatch-4_12_14-150000_150_101-default-debuginfo-2-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_130-default-5-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_99-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Fri Dec 16 20:21:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Dec 2022 21:21:08 +0100 (CET) Subject: SUSE-SU-2022:4510-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP5) Message-ID: <20221216202108.A9A06FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4510-1 Rating: important References: #1205130 #1206228 Cross-References: CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_139 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4510=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_139-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Fri Dec 16 23:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Dec 2022 00:20:08 +0100 (CET) Subject: SUSE-SU-2022:4513-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2) Message-ID: <20221216232008.23956FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4513-1 Rating: important References: #1203606 #1204424 #1204486 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3577 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_115 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4513=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-4514=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_115-default-9-150200.2.1 kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-9-150200.2.1 kernel-livepatch-5_3_18-150200_24_126-default-6-150200.2.1 kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-6-150200.2.1 kernel-livepatch-SLE15-SP2_Update_27-debugsource-9-150200.2.1 kernel-livepatch-SLE15-SP2_Update_29-debugsource-6-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 02:20:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Dec 2022 03:20:34 +0100 (CET) Subject: SUSE-SU-2022:4517-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP3) Message-ID: <20221217022034.A1AF6FD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4517-1 Rating: important References: #1204424 #1204576 #1204624 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-3640 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_98 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3640: Fixed a use-after-free in l2cap_conn_del of the file net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4517=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_98-default-3-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204624 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 02:21:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Dec 2022 03:21:43 +0100 (CET) Subject: SUSE-SU-2022:4518-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Message-ID: <20221217022143.9FAE2FD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4518-1 Rating: important References: #1203606 #1204424 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4518=1 SUSE-SLE-Module-Live-Patching-15-SP4-2022-4519=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_11-default-6-150400.2.1 kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-6-150400.2.1 kernel-livepatch-5_14_21-150400_24_18-default-6-150400.2.1 kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-6-150400.2.1 kernel-livepatch-SLE15-SP4_Update_1-debugsource-6-150400.2.1 kernel-livepatch-SLE15-SP4_Update_2-debugsource-6-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 02:22:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Dec 2022 03:22:57 +0100 (CET) Subject: SUSE-SU-2022:4516-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP3) Message-ID: <20221217022257.05414FD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4516-1 Rating: important References: #1203606 #1204424 #1204576 #1204624 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-3640 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_93 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3640: Fixed a use-after-free in l2cap_conn_del of the file net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4516=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_93-default-5-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204624 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 02:24:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Dec 2022 03:24:13 +0100 (CET) Subject: SUSE-SU-2022:4515-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2) Message-ID: <20221217022413.2192BFD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4515-1 Rating: important References: #1204424 #1204486 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3577 CVE-2022-3586 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_134 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4515=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_134-default-3-150200.2.1 kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-3-150200.2.1 kernel-livepatch-SLE15-SP2_Update_31-debugsource-3-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 17:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Dec 2022 18:19:32 +0100 (CET) Subject: SUSE-SU-2022:4527-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) Message-ID: <20221217171932.B6DE7FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4527-1 Rating: important References: #1203606 #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_111 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4527=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_111-default-10-150100.2.2 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 17:20:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Dec 2022 18:20:46 +0100 (CET) Subject: SUSE-SU-2022:4520-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) Message-ID: <20221217172046.8E104FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4520-1 Rating: important References: #1203008 #1203606 #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-2964 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_103 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4521=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-4523=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-4524=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4520=1 SUSE-SLE-Live-Patching-12-SP5-2022-4522=1 SUSE-SLE-Live-Patching-12-SP5-2022-4525=1 SUSE-SLE-Live-Patching-12-SP5-2022-4526=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-16-150100.2.2 kernel-livepatch-4_12_14-197_105-default-12-150100.2.2 kernel-livepatch-4_12_14-197_108-default-11-150100.2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-17-2.2 kgraft-patch-4_12_14-122_106-default-15-2.2 kgraft-patch-4_12_14-122_110-default-13-2.2 kgraft-patch-4_12_14-122_113-default-12-2.2 References: https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 23:21:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 18 Dec 2022 00:21:14 +0100 (CET) Subject: SUSE-SU-2022:4533-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1) Message-ID: <20221217232114.674D0FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4533-1 Rating: important References: #1203606 #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_120 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4537=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4530=1 SUSE-SLE-Live-Patching-12-SP5-2022-4536=1 SUSE-SLE-Live-Patching-12-SP5-2022-4540=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4533=1 SUSE-SLE-Live-Patching-12-SP4-2022-4535=1 SUSE-SLE-Live-Patching-12-SP4-2022-4538=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_120-default-5-150100.2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_121-default-8-2.2 kgraft-patch-4_12_14-122_124-default-7-2.1 kgraft-patch-4_12_14-122_127-default-5-2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_102-default-5-2.1 kgraft-patch-4_12_14-95_105-default-5-2.1 kgraft-patch-4_12_14-95_108-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 23:22:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 18 Dec 2022 00:22:33 +0100 (CET) Subject: SUSE-SU-2022:4539-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP1) Message-ID: <20221217232233.75421FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4539-1 Rating: important References: #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150100_197_126 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4539=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-4541=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4529=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-150100_197_126-default-2-150100.2.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_104-default-2-150000.2.1 kernel-livepatch-4_12_14-150000_150_104-default-debuginfo-2-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_111-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 23:23:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 18 Dec 2022 00:23:37 +0100 (CET) Subject: SUSE-SU-2022:4528-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) Message-ID: <20221217232337.97F8CFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4528-1 Rating: important References: #1203008 #1203606 #1204424 #1204486 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-2964 CVE-2022-3545 CVE-2022-3577 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_49 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4528=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4532=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_49-default-16-150300.2.2 kernel-livepatch-5_3_18-150300_59_60-default-14-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 23:25:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 18 Dec 2022 00:25:07 +0100 (CET) Subject: SUSE-SU-2022:4534-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2) Message-ID: <20221217232507.76895FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4534-1 Rating: important References: #1203606 #1204424 #1204486 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3577 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_129 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4534=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4531=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_71-default-9-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_129-default-3-150200.2.1 kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-3-150200.2.1 kernel-livepatch-SLE15-SP2_Update_30-debugsource-3-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sat Dec 17 23:26:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 18 Dec 2022 00:26:30 +0100 (CET) Subject: SUSE-SU-2022:4542-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Message-ID: <20221217232630.6A373FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4542-1 Rating: important References: #1196959 #1205130 #1205815 #1206228 Cross-References: CVE-2021-39698 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2021-39698: Fixed a use-after-free in aio_poll_complete_work of aio.c (bsc#1196956). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4542=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_33-default-2-150400.2.1 kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-2-150400.2.1 kernel-livepatch-SLE15-SP4_Update_5-debugsource-2-150400.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sun Dec 18 05:19:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 18 Dec 2022 06:19:50 +0100 (CET) Subject: SUSE-SU-2022:4545-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP5) Message-ID: <20221218051950.961C4FD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4545-1 Rating: important References: #1203606 #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_133 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4545=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_133-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sun Dec 18 05:20:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 18 Dec 2022 06:20:59 +0100 (CET) Subject: SUSE-SU-2022:4543-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) Message-ID: <20221218052059.1054EFD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4543-1 Rating: important References: #1203606 #1204424 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_87 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4543=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_87-default-7-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sun Dec 18 05:22:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 18 Dec 2022 06:22:07 +0100 (CET) Subject: SUSE-SU-2022:4546-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) Message-ID: <20221218052207.A380BFD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4546-1 Rating: important References: #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_136 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4546=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_136-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Sun Dec 18 05:23:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 18 Dec 2022 06:23:08 +0100 (CET) Subject: SUSE-SU-2022:4544-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3) Message-ID: <20221218052308.12C15FD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4544-1 Rating: important References: #1203606 #1204424 #1204576 #1204624 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-3640 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_90 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3640: Fixed a use-after-free in l2cap_conn_del of the file net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4544=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_90-default-6-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204624 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Mon Dec 19 14:20:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 15:20:27 +0100 (CET) Subject: SUSE-SU-2022:4551-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) Message-ID: <20221219142027.49BABFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4551-1 Rating: important References: #1203606 #1204424 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_76 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4551=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_76-default-8-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Mon Dec 19 17:21:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 18:21:04 +0100 (CET) Subject: SUSE-SU-2022:4561-1: important: Security update for the Linux Kernel Message-ID: <20221219172104.967ACFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4561-1 Rating: important References: #1012382 #1129898 #1177282 #1196018 #1198702 #1202097 #1202686 #1203008 #1203290 #1203322 #1203514 #1203960 #1203987 #1204166 #1204168 #1204170 #1204354 #1204402 #1204414 #1204431 #1204432 #1204439 #1204479 #1204574 #1204576 #1204631 #1204635 #1204636 #1204646 #1204647 #1204653 #1204868 #1205128 #1205130 #1205220 #1205514 #1205671 #1205796 #1206091 Cross-References: CVE-2019-3874 CVE-2020-26541 CVE-2021-4037 CVE-2022-2663 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3524 CVE-2022-3542 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41848 CVE-2022-41850 CVE-2022-41858 CVE-2022-42703 CVE-2022-43750 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2019-3874 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3874 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves 31 vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism (bsc#1177282). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bsc#1202097). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987). The following non-security bugs were fixed: - x86/build/64: Force the linker to use 2MB page size (bnc#1012382, bsc#1206091). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4561=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.196.2 kernel-macros-4.4.121-92.196.2 kernel-source-4.4.121-92.196.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.196.2 kernel-default-base-4.4.121-92.196.2 kernel-default-base-debuginfo-4.4.121-92.196.2 kernel-default-debuginfo-4.4.121-92.196.2 kernel-default-debugsource-4.4.121-92.196.2 kernel-default-devel-4.4.121-92.196.2 kernel-syms-4.4.121-92.196.2 References: https://www.suse.com/security/cve/CVE-2019-3874.html https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1129898 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204432 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1206091 From sle-updates at lists.suse.com Mon Dec 19 17:25:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 18:25:32 +0100 (CET) Subject: SUSE-SU-2022:4566-1: important: Security update for the Linux Kernel Message-ID: <20221219172532.83648FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4566-1 Rating: important References: #1065729 #1071995 #1106594 #1156395 #1164051 #1184350 #1199365 #1200845 #1201455 #1203183 #1203746 #1203860 #1203960 #1204017 #1204142 #1204414 #1204446 #1204631 #1204636 #1204810 #1204850 #1204868 #1204963 #1205006 #1205128 #1205130 #1205220 #1205234 #1205264 #1205473 #1205514 #1205617 #1205671 #1205705 #1205709 #1205796 #1205901 #1205902 #1205903 #1205904 #1205905 #1205906 #1205907 #1205908 #1206032 #1206037 #1206113 #1206114 #1206117 #1206118 #1206119 #1206120 #1206207 #1206213 Cross-References: CVE-2022-28693 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3643 CVE-2022-3903 CVE-2022-4095 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 38 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes). - FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - KVM: s390: split kvm_s390_logical_to_effective (git-fixes). - KVM: s390: split kvm_s390_real_to_abs (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - NIU: fix incorrect error return, missed in previous revert (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (git-fixes). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PM: hibernate: fix sparse warnings (git-fixes). - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add missing bug reference to a hv_netvsc patch file (bsc#1204850). - always clear the X2APIC_ENABLE bit for PV guest (git-fixes). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes). - bfq: Update cgroup information before merging bio (git-fixes). - blk-mq: add callback of .cleanup_rq (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/bfq: fix ifdef for CONFIG_BFQ_GROUP_IOSCHED=y (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: do not delete queue kobject before its children (git-fixes). - block: respect queue limit of max discard segment (git-fixes). - block: rsxx: select CONFIG_CRC32 (git-fixes). - block: use "unsigned long" for blk_validate_block_size() (git-fixes). - bnxt_en: Clean up completion ring page arrays completely (git-fixes). - bnxt_en: Do not use static arrays for completion ring pages (git-fixes). - bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: Free context memory after disabling PCI in probe error path (git-fixes). - bnxt_en: Increase maximum RX ring size if jumbo ring is not used (git-fixes). - brd: re-enable __GFP_HIGHMEM in brd_insert_page() (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - ceph: check availability of mds cluster on mount after wait timeout (bsc#1205903). - ceph: do not skip updating wanted caps when cap is stale (bsc#1205905). - ceph: fix fscache invalidation (bsc#1205907). - ceph: fix potential race in ceph_check_caps (bsc#1205906). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205908). - ceph: return -EINVAL if given fsc mount option on kernel w/o support (bsc#1205902). - ceph: return -ERANGE if virtual xattr value didn't fit in buffer (bsc#1205901). - ceph: return ceph_mdsc_do_request() errors from __get_parent() (bsc#1205904). - cuse: prevent clone (bsc#1206120). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: remove harmful bio-based optimization (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - floppy: Fix hang in watchdog when disk is ejected (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206119). - fuse: retrieve: cap requested size to negotiated max_write (bsc#1206118). - fuse: use READ_ONCE on congestion_threshold and max_background (bsc#1206117). - gianfar: Disable EEE autoneg by default (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (git-fixes). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Sync offloading features to VF NIC (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - i40e: Fix kernel crash during module removal (git-fixes). - i40e: Fix reset path while removing the driver (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ice: Increase control queue timeout (git-fixes). - igb: Fix position of assignment to *ring (git-fixes). - igc: Fix use-after-free error during reset (git-fixes). - igc: change default return of igc_read_phy_reg() (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - ixgbe: Fix packet corruption due to missing DMA sync (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kprobes/x86/xen: blacklist non-attachable xen interrupt functions (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - macsec: check return value of skb_to_sgvec always (git-fixes). - macsec: fix memory leaks when skb_to_sgvec fails (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mceusb: RX -EPIPE (urb status = -32) lockup failure fix (git-fixes). - media: mceusb: TX -EPIPE (urb status = -32) lockup fix (git-fixes). - media: mceusb: do not read data parameters unless required (git-fixes). - media: mceusb: fix inaccurate debug buffer dumps, and misleading debug messages (git-fixes). - media: mceusb: sanity check for prescaler value (git-fixes). - media: mceusb: sporadic RX truncation corruption fix (git-fixes). - mm, swap, frontswap: fix THP swap if frontswap enabled (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - module: harden ELF info handling (git-fixes). - natsemi: sonic: stop calling netdev_boot_setup_check (git-fixes). - nbd: do not update block size after device is started (git-fixes). - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5e: Fix endianness handling in pedit mask (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net: aquantia: Fix actual speed capabilities reporting (git-fixes). - net: bcmgenet: Ensure all TX/RX queues DMAs are disabled (git-fixes). - net: ethernet: arc: fix error handling in emac_rockchip_probe (git-fixes). - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes). - net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit (git-fixes). - net: hns3: add limit ets dwrr bandwidth cannot be 0 (git-fixes). - net: hns3: check vlan id before using it (git-fixes). - net: hns3: disable sriov before unload hclge layer (git-fixes). - net: hns3: do not allow call hns3_nic_net_open repeatedly (git-fixes). - net: hns3: fix change RSS 'hfunc' ineffective issue (git-fixes). - net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes). - net: hns3: reset DWRR of unused tc to zero (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: ieee802154: adf7242: Fix bug if defined DEBUG (git-fixes). - net: ieee802154: at86rf230: Stop leaking skb's (git-fixes). - net: ieee802154: ca8210: Stop leaking skb's (git-fixes). - net: mdiobus: Fix memory leak in __mdiobus_register (git-fixes). - net: moxa: fix UAF in moxart_mac_probe (git-fixes). - net: natsemi: Fix missing pci_disable_device() in probe and remove (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: nxp: lpc_eth.c: avoid hang when bringing interface down (git-fixes). - net: qcom/emac: fix UAF in emac_remove (git-fixes). - net: smsc911x: Fix unload crash when link is up (git-fixes). - net: ti: fix UAF in tlan_remove_one (git-fixes). - net: xen-netback: fix return type of ndo_start_xmit function (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fix the null_add_dev() error path (git-fixes). - null_blk: fix ida error handling in null_add_dev() (git-fixes). - null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - phy: mdio: fix memory leak (git-fixes). - ptp: dp83640: do not define PAGE0 (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cio: Fix the "type" field in s390_cio_tpi tracepoint (git-fixes). - s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes). - s390/ctcm: fix potential memory leak (git-fixes). - s390/ctcm: fix variable dereferenced before check (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (git-fixes). - s390/lcs: fix variable dereferenced before check (git-fixes). - s390/mcck: fix invalid KVM guest condition check (git-fixes). - s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes). - s390/nmi: handle vector validity failures for KVM guests (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/pkey: fix paes selftest failure with paes and pkey static build (git-fixes). - s390/pv: fix the forcing of the swiotlb (git-fixes). - s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes). - s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (bsc#1206213 LTC#200742). - s390/qeth: Fix error handling during VNICC initialization (git-fixes). - s390/qeth: Fix initialization of vnicc cmd masks during set online (git-fixes). - s390/qeth: Fix vnicc_is_in_use if rx_bcast not set (git-fixes). - s390/qeth: do not defer close_dev work during recovery (bsc#1206213 LTC#200742). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/qeth: fix deadlock during failing recovery (bsc#1206213 LTC#200742). - s390/qeth: fix false reporting of VNIC CHAR config failure (git-fixes). - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes). - s390/qeth: fix notification for pending buffers during teardown (git-fixes). - s390/qeth: remove driver-wide workqueue (bsc#1206213 LTC#200742). - s390/qeth: vnicc Fix EOPNOTSUPP precedence (git-fixes). - s390/qeth: vnicc Fix init to default (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: appldata depends on PROC_SYSCTL (git-fixes). - s390: define get_cycles macro for arch-override (git-fixes). - s390: fix nospec table alignments (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (git-fixes). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - sfp: fix RX_LOS signal handling (git-fixes). - sis900: Fix missing pci_disable_device() in probe and remove (git-fixes). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tulip: windbond-840: Fix missing pci_disable_device() in probe and remove (git-fixes). - usb: chipidea: udc: check request status before setting device address (git-fixes). - usb: musb: Fix suspend with devices connected for a64 (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio: ccw: fix error return in vfio_ccw_sch_event (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_net: move tx vq operation under tx queue lock (git-fixes). - vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: Return from panic notifier (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen-netfront: remove warning when unloading module (git-fixes). - xen/balloon: fix balloon initialization for PVH Dom0 (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/blkback: fix memory leaks (git-fixes). - xen/efi: Set nonblocking callbacks (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Fix off-by-one error when unmapping with holes (git-fixes). - xen/gntdev: Fix partial gntdev_mmap() cleanup (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/grant-table: Use put_page instead of free_page (git-fixes). - xen/pciback: Check dev_data before using it (git-fixes). - xen/pciback: remove set but not used variable 'old_state' (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/scsiback: add error handling for xenbus_printf (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: XEN_ACPI_PROCESSOR is Dom0-only (git-fixes). - xen: add error handling for xenbus_printf (git-fixes). - xen: avoid crash in disable_hotplug_cpu (bsc#1106594). - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (git-fixes). - xen: xenbus: use put_device() instead of kfree() (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-4566=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4566=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4566=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4566=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-4566=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.144.1 kernel-default-debugsource-4.12.14-122.144.1 kernel-default-extra-4.12.14-122.144.1 kernel-default-extra-debuginfo-4.12.14-122.144.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.144.1 kernel-obs-build-debugsource-4.12.14-122.144.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.144.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.144.1 kernel-default-base-4.12.14-122.144.1 kernel-default-base-debuginfo-4.12.14-122.144.1 kernel-default-debuginfo-4.12.14-122.144.1 kernel-default-debugsource-4.12.14-122.144.1 kernel-default-devel-4.12.14-122.144.1 kernel-syms-4.12.14-122.144.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.144.1 kernel-macros-4.12.14-122.144.1 kernel-source-4.12.14-122.144.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.144.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.144.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.144.1 kernel-default-debugsource-4.12.14-122.144.1 kernel-default-kgraft-4.12.14-122.144.1 kernel-default-kgraft-devel-4.12.14-122.144.1 kgraft-patch-4_12_14-122_144-default-1-8.5.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.144.1 cluster-md-kmp-default-debuginfo-4.12.14-122.144.1 dlm-kmp-default-4.12.14-122.144.1 dlm-kmp-default-debuginfo-4.12.14-122.144.1 gfs2-kmp-default-4.12.14-122.144.1 gfs2-kmp-default-debuginfo-4.12.14-122.144.1 kernel-default-debuginfo-4.12.14-122.144.1 kernel-default-debugsource-4.12.14-122.144.1 ocfs2-kmp-default-4.12.14-122.144.1 ocfs2-kmp-default-debuginfo-4.12.14-122.144.1 References: https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1106594 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1164051 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1199365 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203746 https://bugzilla.suse.com/1203860 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1205006 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205234 https://bugzilla.suse.com/1205264 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1205901 https://bugzilla.suse.com/1205902 https://bugzilla.suse.com/1205903 https://bugzilla.suse.com/1205904 https://bugzilla.suse.com/1205905 https://bugzilla.suse.com/1205906 https://bugzilla.suse.com/1205907 https://bugzilla.suse.com/1205908 https://bugzilla.suse.com/1206032 https://bugzilla.suse.com/1206037 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206117 https://bugzilla.suse.com/1206118 https://bugzilla.suse.com/1206119 https://bugzilla.suse.com/1206120 https://bugzilla.suse.com/1206207 https://bugzilla.suse.com/1206213 From sle-updates at lists.suse.com Mon Dec 19 17:30:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 18:30:37 +0100 (CET) Subject: SUSE-SU-2022:4559-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Message-ID: <20221219173037.278FBFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4559-1 Rating: important References: #1203606 #1204424 #1204576 #1204624 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-3640 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3640: Fixed a use-after-free in l2cap_conn_del of the file net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4559=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_21-default-5-150400.2.1 kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-5-150400.2.1 kernel-livepatch-SLE15-SP4_Update_3-debugsource-5-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204624 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Mon Dec 19 17:31:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 18:31:59 +0100 (CET) Subject: SUSE-SU-2022:4569-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP3) Message-ID: <20221219173159.15752FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4569-1 Rating: important References: #1203606 #1204424 #1204486 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3577 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_68 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4565=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4556=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4569=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_22-default-9-150400.4.24.1 kernel-livepatch-5_14_21-150400_22-default-debuginfo-9-150400.4.24.1 kernel-livepatch-SLE15-SP4_Update_0-debugsource-9-150400.4.24.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_63-default-11-150300.2.2 kernel-livepatch-5_3_18-150300_59_68-default-10-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Mon Dec 19 17:33:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 18:33:22 +0100 (CET) Subject: SUSE-RU-2022:4568-1: moderate: Recommended update for OpenIPMI Message-ID: <20221219173322.B396BFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for OpenIPMI ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4568-1 Rating: moderate References: SLE-11203 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update of OpenIPMI fixes the following issues: - rebuild against the new net-snmp (jsc#SLE-11203). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4568=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4568=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): OpenIPMI-2.0.31-150400.3.2.1 OpenIPMI-debuginfo-2.0.31-150400.3.2.1 OpenIPMI-debugsource-2.0.31-150400.3.2.1 OpenIPMI-devel-2.0.31-150400.3.2.1 OpenIPMI-python3-2.0.31-150400.3.2.1 OpenIPMI-python3-debuginfo-2.0.31-150400.3.2.1 libOpenIPMI0-2.0.31-150400.3.2.1 libOpenIPMI0-debuginfo-2.0.31-150400.3.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): OpenIPMI-2.0.31-150400.3.2.1 OpenIPMI-debuginfo-2.0.31-150400.3.2.1 OpenIPMI-debugsource-2.0.31-150400.3.2.1 OpenIPMI-devel-2.0.31-150400.3.2.1 libOpenIPMI0-2.0.31-150400.3.2.1 libOpenIPMI0-debuginfo-2.0.31-150400.3.2.1 References: From sle-updates at lists.suse.com Mon Dec 19 17:34:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 18:34:02 +0100 (CET) Subject: SUSE-SU-2022:4560-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) Message-ID: <20221219173402.310ACFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4560-1 Rating: important References: #1204424 #1204576 #1204624 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-3640 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 5.14.21-150400_24_28 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3640: Fixed a use-after-free in l2cap_conn_del of the file net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4560=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-livepatch-5_14_21-150400_24_28-default-3-150400.2.1 kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-3-150400.2.1 kernel-livepatch-SLE15-SP4_Update_4-debugsource-3-150400.2.1 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204624 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Mon Dec 19 17:35:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 18:35:19 +0100 (CET) Subject: SUSE-RU-2022:4567-1: critical: Recommended update for python-crcmod, python-cryptography, python-cryptography-vectors Message-ID: <20221219173519.C6302FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-crcmod, python-cryptography, python-cryptography-vectors ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4567-1 Rating: critical References: #1177083 ECO-3329 PM-2475 PM-2730 SLE-18312 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has one recommended fix and contains four features can now be installed. Description: This update for python-crcmod, python-cryptography, python-cryptography-vectors contains the following fixes: python-cryptography: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version * Using the Fernet class to symmetrically encrypt multi gigabyte values. (bsc#1182066, CVE-2020-36242) could result in an integer overflow and buffer overflow. - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. Changes in python-cryptography-vectors: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4567=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4567=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4567=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4567=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4567=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4567=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python-bcrypt-debuginfo-3.1.4-150100.6.2.1 python-bcrypt-debugsource-3.1.4-150100.6.2.1 python-cffi-debuginfo-1.15.0-150000.4.11.2 python-cffi-debugsource-1.15.0-150000.4.11.2 python-cryptography-debuginfo-2.9.2-150100.7.8.2 python-cryptography-debugsource-2.9.2-150100.7.8.2 python2-bcrypt-3.1.4-150100.6.2.1 python2-bcrypt-debuginfo-3.1.4-150100.6.2.1 python2-cffi-1.15.0-150000.4.11.2 python2-cffi-debuginfo-1.15.0-150000.4.11.2 python2-cryptography-2.9.2-150100.7.8.2 python2-cryptography-debuginfo-2.9.2-150100.7.8.2 python3-bcrypt-3.1.4-150100.6.2.1 python3-bcrypt-debuginfo-3.1.4-150100.6.2.1 python3-cffi-1.15.0-150000.4.11.2 python3-cffi-debuginfo-1.15.0-150000.4.11.2 python3-cryptography-2.9.2-150100.7.8.2 python3-cryptography-debuginfo-2.9.2-150100.7.8.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python-bcrypt-debuginfo-3.1.4-150100.6.2.1 python-bcrypt-debugsource-3.1.4-150100.6.2.1 python-cffi-debuginfo-1.15.0-150000.4.11.2 python-cffi-debugsource-1.15.0-150000.4.11.2 python-cryptography-debuginfo-2.9.2-150100.7.8.2 python-cryptography-debugsource-2.9.2-150100.7.8.2 python2-bcrypt-3.1.4-150100.6.2.1 python2-bcrypt-debuginfo-3.1.4-150100.6.2.1 python2-cffi-1.15.0-150000.4.11.2 python2-cffi-debuginfo-1.15.0-150000.4.11.2 python2-cryptography-2.9.2-150100.7.8.2 python2-cryptography-debuginfo-2.9.2-150100.7.8.2 python3-bcrypt-3.1.4-150100.6.2.1 python3-bcrypt-debuginfo-3.1.4-150100.6.2.1 python3-cffi-1.15.0-150000.4.11.2 python3-cffi-debuginfo-1.15.0-150000.4.11.2 python3-cryptography-2.9.2-150100.7.8.2 python3-cryptography-debuginfo-2.9.2-150100.7.8.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python-bcrypt-debuginfo-3.1.4-150100.6.2.1 python-bcrypt-debugsource-3.1.4-150100.6.2.1 python-cffi-debuginfo-1.15.0-150000.4.11.2 python-cffi-debugsource-1.15.0-150000.4.11.2 python-cryptography-debuginfo-2.9.2-150100.7.8.2 python-cryptography-debugsource-2.9.2-150100.7.8.2 python2-bcrypt-3.1.4-150100.6.2.1 python2-bcrypt-debuginfo-3.1.4-150100.6.2.1 python2-cffi-1.15.0-150000.4.11.2 python2-cffi-debuginfo-1.15.0-150000.4.11.2 python2-cryptography-2.9.2-150100.7.8.2 python2-cryptography-debuginfo-2.9.2-150100.7.8.2 python3-bcrypt-3.1.4-150100.6.2.1 python3-bcrypt-debuginfo-3.1.4-150100.6.2.1 python3-cffi-1.15.0-150000.4.11.2 python3-cffi-debuginfo-1.15.0-150000.4.11.2 python3-cryptography-2.9.2-150100.7.8.2 python3-cryptography-debuginfo-2.9.2-150100.7.8.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python2-cryptography-vectors-2.9.2-150000.3.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python-bcrypt-debuginfo-3.1.4-150100.6.2.1 python-bcrypt-debugsource-3.1.4-150100.6.2.1 python-cffi-debuginfo-1.15.0-150000.4.11.2 python-cffi-debugsource-1.15.0-150000.4.11.2 python-cryptography-debuginfo-2.9.2-150100.7.8.2 python-cryptography-debugsource-2.9.2-150100.7.8.2 python2-bcrypt-3.1.4-150100.6.2.1 python2-bcrypt-debuginfo-3.1.4-150100.6.2.1 python2-cffi-1.15.0-150000.4.11.2 python2-cffi-debuginfo-1.15.0-150000.4.11.2 python2-cryptography-2.9.2-150100.7.8.2 python2-cryptography-debuginfo-2.9.2-150100.7.8.2 python3-bcrypt-3.1.4-150100.6.2.1 python3-bcrypt-debuginfo-3.1.4-150100.6.2.1 python3-cffi-1.15.0-150000.4.11.2 python3-cffi-debuginfo-1.15.0-150000.4.11.2 python3-cryptography-2.9.2-150100.7.8.2 python3-cryptography-debuginfo-2.9.2-150100.7.8.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): python-bcrypt-debuginfo-3.1.4-150100.6.2.1 python-bcrypt-debugsource-3.1.4-150100.6.2.1 python-cffi-debuginfo-1.15.0-150000.4.11.2 python-cffi-debugsource-1.15.0-150000.4.11.2 python-cryptography-debuginfo-2.9.2-150100.7.8.2 python-cryptography-debugsource-2.9.2-150100.7.8.2 python2-bcrypt-3.1.4-150100.6.2.1 python2-bcrypt-debuginfo-3.1.4-150100.6.2.1 python2-cffi-1.15.0-150000.4.11.2 python2-cffi-debuginfo-1.15.0-150000.4.11.2 python2-cryptography-2.9.2-150100.7.8.2 python2-cryptography-debuginfo-2.9.2-150100.7.8.2 python3-bcrypt-3.1.4-150100.6.2.1 python3-bcrypt-debuginfo-3.1.4-150100.6.2.1 python3-cffi-1.15.0-150000.4.11.2 python3-cffi-debuginfo-1.15.0-150000.4.11.2 python3-cryptography-2.9.2-150100.7.8.2 python3-cryptography-debuginfo-2.9.2-150100.7.8.2 - SUSE CaaS Platform 4.0 (x86_64): python-bcrypt-debuginfo-3.1.4-150100.6.2.1 python-bcrypt-debugsource-3.1.4-150100.6.2.1 python-cffi-debuginfo-1.15.0-150000.4.11.2 python-cffi-debugsource-1.15.0-150000.4.11.2 python-cryptography-debuginfo-2.9.2-150100.7.8.2 python-cryptography-debugsource-2.9.2-150100.7.8.2 python2-bcrypt-3.1.4-150100.6.2.1 python2-bcrypt-debuginfo-3.1.4-150100.6.2.1 python2-cffi-1.15.0-150000.4.11.2 python2-cffi-debuginfo-1.15.0-150000.4.11.2 python2-cryptography-2.9.2-150100.7.8.2 python2-cryptography-debuginfo-2.9.2-150100.7.8.2 python3-bcrypt-3.1.4-150100.6.2.1 python3-bcrypt-debuginfo-3.1.4-150100.6.2.1 python3-cffi-1.15.0-150000.4.11.2 python3-cffi-debuginfo-1.15.0-150000.4.11.2 python3-cryptography-2.9.2-150100.7.8.2 python3-cryptography-debuginfo-2.9.2-150100.7.8.2 References: https://bugzilla.suse.com/1177083 From sle-updates at lists.suse.com Mon Dec 19 20:20:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 21:20:20 +0100 (CET) Subject: SUSE-SU-2022:4550-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15) Message-ID: <20221219202020.24888FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4550-1 Rating: important References: #1203008 #1203606 #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-2964 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_78 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-4552=1 SUSE-SLE-Module-Live-Patching-15-2022-4558=1 SUSE-SLE-Module-Live-Patching-15-2022-4575=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4557=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4549=1 SUSE-SLE-Live-Patching-12-SP4-2022-4550=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_78-default-16-150000.2.2 kernel-livepatch-4_12_14-150_78-default-debuginfo-16-150000.2.2 kernel-livepatch-4_12_14-150_83-default-12-150000.2.2 kernel-livepatch-4_12_14-150_83-default-debuginfo-12-150000.2.2 kernel-livepatch-4_12_14-150_86-default-11-150000.2.2 kernel-livepatch-4_12_14-150_86-default-debuginfo-11-150000.2.2 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_98-default-17-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_83-default-16-2.2 kgraft-patch-4_12_14-95_88-default-12-2.2 References: https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Mon Dec 19 20:21:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 21:21:57 +0100 (CET) Subject: SUSE-SU-2022:4562-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) Message-ID: <20221219202157.6E965FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4562-1 Rating: important References: #1203008 #1203606 #1204424 #1204486 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-2964 CVE-2022-3545 CVE-2022-3577 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_43 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4555=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4562=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4563=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4564=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4570=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-4571=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-17-150300.2.2 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-17-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-17-150300.2.2 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-17-150300.2.2 kernel-livepatch-5_3_18-150300_59_54-default-15-150300.2.2 kernel-livepatch-5_3_18-59_34-default-19-150300.2.2 kernel-livepatch-5_3_18-59_34-default-debuginfo-19-150300.2.2 kernel-livepatch-5_3_18-59_37-default-18-150300.2.2 kernel-livepatch-5_3_18-59_37-default-debuginfo-18-150300.2.2 kernel-livepatch-5_3_18-59_40-default-18-150300.2.2 kernel-livepatch-SLE15-SP3_Update_10-debugsource-18-150300.2.2 kernel-livepatch-SLE15-SP3_Update_9-debugsource-19-150300.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-18-150300.2.2 References: https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Mon Dec 19 20:24:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 21:24:40 +0100 (CET) Subject: SUSE-SU-2022:4574-1: important: Security update for the Linux Kernel Message-ID: <20221219202440.869CCFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4574-1 Rating: important References: #1198702 #1199365 #1200788 #1200845 #1201455 #1202686 #1203008 #1203183 #1203290 #1203322 #1203514 #1203860 #1203960 #1204017 #1204166 #1204170 #1204354 #1204355 #1204402 #1204414 #1204415 #1204424 #1204431 #1204432 #1204439 #1204446 #1204479 #1204574 #1204576 #1204631 #1204635 #1204636 #1204646 #1204647 #1204653 #1204850 #1204868 #1205006 #1205128 #1205220 #1205473 #1205514 #1205617 #1205671 #1205796 #1206113 #1206114 #1206207 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 36 vulnerabilities and has 12 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017, bsc#1205617). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix error handling in netvsc_set_features() (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Sync offloading features to VF NIC (git-fixes). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860, bsc#1205617). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017, bsc#1205617). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (git-fixes). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - Revert "scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback()" (bsc#1204017). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4574=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4574=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4574=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4574=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4574=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4574=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4574=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4574=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-4574=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4574=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-4.12.14-150100.197.131.1 kernel-vanilla-base-4.12.14-150100.197.131.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-debugsource-4.12.14-150100.197.131.1 kernel-vanilla-devel-4.12.14-150100.197.131.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.131.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.131.1 kernel-debug-base-debuginfo-4.12.14-150100.197.131.1 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.131.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.131.1 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.131.1 kernel-zfcpdump-man-4.12.14-150100.197.131.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-4.12.14-150100.197.131.1 kernel-vanilla-base-4.12.14-150100.197.131.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-debugsource-4.12.14-150100.197.131.1 kernel-vanilla-devel-4.12.14-150100.197.131.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.131.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.131.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.131.1 kernel-debug-base-debuginfo-4.12.14-150100.197.131.1 - openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.131.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.131.1 - openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-150100.197.131.1 kernel-zfcpdump-man-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.131.1 kernel-zfcpdump-debuginfo-4.12.14-150100.197.131.1 kernel-zfcpdump-debugsource-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-livepatch-4.12.14-150100.197.131.1 kernel-default-livepatch-devel-4.12.14-150100.197.131.1 kernel-livepatch-4_12_14-150100_197_131-default-1-150100.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.131.1 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.131.1 dlm-kmp-default-4.12.14-150100.197.131.1 dlm-kmp-default-debuginfo-4.12.14-150100.197.131.1 gfs2-kmp-default-4.12.14-150100.197.131.1 gfs2-kmp-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 ocfs2-kmp-default-4.12.14-150100.197.131.1 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.131.1 kernel-default-base-4.12.14-150100.197.131.1 kernel-default-base-debuginfo-4.12.14-150100.197.131.1 kernel-default-debuginfo-4.12.14-150100.197.131.1 kernel-default-debugsource-4.12.14-150100.197.131.1 kernel-default-devel-4.12.14-150100.197.131.1 kernel-default-devel-debuginfo-4.12.14-150100.197.131.1 kernel-obs-build-4.12.14-150100.197.131.1 kernel-obs-build-debugsource-4.12.14-150100.197.131.1 kernel-syms-4.12.14-150100.197.131.1 reiserfs-kmp-default-4.12.14-150100.197.131.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.131.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.131.1 kernel-docs-4.12.14-150100.197.131.1 kernel-macros-4.12.14-150100.197.131.1 kernel-source-4.12.14-150100.197.131.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1199365 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203860 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204432 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1205006 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206207 From sle-updates at lists.suse.com Mon Dec 19 20:30:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 21:30:29 +0100 (CET) Subject: SUSE-SU-2022:4573-1: important: Security update for the Linux Kernel Message-ID: <20221219203029.7A6BDFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4573-1 Rating: important References: #1196018 #1198702 #1200692 #1200788 #1201455 #1202686 #1203008 #1203183 #1203290 #1203322 #1203514 #1203960 #1204166 #1204168 #1204170 #1204354 #1204355 #1204402 #1204414 #1204415 #1204424 #1204431 #1204432 #1204439 #1204479 #1204574 #1204576 #1204631 #1204635 #1204636 #1204646 #1204647 #1204653 #1204868 #1205006 #1205128 #1205130 #1205220 #1205473 #1205514 #1205671 #1205705 #1205709 #1205796 #1206113 #1206114 #1206207 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-33981 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 38 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-33981: Fixed a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function (bsc#1200692). The following non-security bugs were fixed: - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4573=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4573=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-4573=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4573=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4573=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-4573=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150000.150.109.1 kernel-default-base-4.12.14-150000.150.109.1 kernel-default-debuginfo-4.12.14-150000.150.109.1 kernel-default-debugsource-4.12.14-150000.150.109.1 kernel-default-devel-4.12.14-150000.150.109.1 kernel-default-devel-debuginfo-4.12.14-150000.150.109.1 kernel-obs-build-4.12.14-150000.150.109.1 kernel-obs-build-debugsource-4.12.14-150000.150.109.1 kernel-syms-4.12.14-150000.150.109.1 kernel-vanilla-base-4.12.14-150000.150.109.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.109.1 kernel-vanilla-debuginfo-4.12.14-150000.150.109.1 kernel-vanilla-debugsource-4.12.14-150000.150.109.1 reiserfs-kmp-default-4.12.14-150000.150.109.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.109.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150000.150.109.1 kernel-docs-4.12.14-150000.150.109.1 kernel-macros-4.12.14-150000.150.109.1 kernel-source-4.12.14-150000.150.109.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150000.150.109.1 kernel-default-base-4.12.14-150000.150.109.1 kernel-default-debuginfo-4.12.14-150000.150.109.1 kernel-default-debugsource-4.12.14-150000.150.109.1 kernel-default-devel-4.12.14-150000.150.109.1 kernel-default-devel-debuginfo-4.12.14-150000.150.109.1 kernel-obs-build-4.12.14-150000.150.109.1 kernel-obs-build-debugsource-4.12.14-150000.150.109.1 kernel-syms-4.12.14-150000.150.109.1 kernel-vanilla-base-4.12.14-150000.150.109.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.109.1 kernel-vanilla-debuginfo-4.12.14-150000.150.109.1 kernel-vanilla-debugsource-4.12.14-150000.150.109.1 reiserfs-kmp-default-4.12.14-150000.150.109.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.109.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.109.1 kernel-docs-4.12.14-150000.150.109.1 kernel-macros-4.12.14-150000.150.109.1 kernel-source-4.12.14-150000.150.109.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150000.150.109.1 kernel-zfcpdump-debuginfo-4.12.14-150000.150.109.1 kernel-zfcpdump-debugsource-4.12.14-150000.150.109.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150000.150.109.1 kernel-default-debugsource-4.12.14-150000.150.109.1 kernel-default-livepatch-4.12.14-150000.150.109.1 kernel-livepatch-4_12_14-150000_150_109-default-1-150000.1.5.1 kernel-livepatch-4_12_14-150000_150_109-default-debuginfo-1-150000.1.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150000.150.109.1 kernel-default-base-4.12.14-150000.150.109.1 kernel-default-debuginfo-4.12.14-150000.150.109.1 kernel-default-debugsource-4.12.14-150000.150.109.1 kernel-default-devel-4.12.14-150000.150.109.1 kernel-default-devel-debuginfo-4.12.14-150000.150.109.1 kernel-obs-build-4.12.14-150000.150.109.1 kernel-obs-build-debugsource-4.12.14-150000.150.109.1 kernel-syms-4.12.14-150000.150.109.1 kernel-vanilla-base-4.12.14-150000.150.109.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.109.1 kernel-vanilla-debuginfo-4.12.14-150000.150.109.1 kernel-vanilla-debugsource-4.12.14-150000.150.109.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.109.1 kernel-docs-4.12.14-150000.150.109.1 kernel-macros-4.12.14-150000.150.109.1 kernel-source-4.12.14-150000.150.109.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150000.150.109.1 kernel-default-base-4.12.14-150000.150.109.1 kernel-default-debuginfo-4.12.14-150000.150.109.1 kernel-default-debugsource-4.12.14-150000.150.109.1 kernel-default-devel-4.12.14-150000.150.109.1 kernel-default-devel-debuginfo-4.12.14-150000.150.109.1 kernel-obs-build-4.12.14-150000.150.109.1 kernel-obs-build-debugsource-4.12.14-150000.150.109.1 kernel-syms-4.12.14-150000.150.109.1 kernel-vanilla-base-4.12.14-150000.150.109.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.109.1 kernel-vanilla-debuginfo-4.12.14-150000.150.109.1 kernel-vanilla-debugsource-4.12.14-150000.150.109.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150000.150.109.1 kernel-docs-4.12.14-150000.150.109.1 kernel-macros-4.12.14-150000.150.109.1 kernel-source-4.12.14-150000.150.109.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150000.150.109.1 cluster-md-kmp-default-debuginfo-4.12.14-150000.150.109.1 dlm-kmp-default-4.12.14-150000.150.109.1 dlm-kmp-default-debuginfo-4.12.14-150000.150.109.1 gfs2-kmp-default-4.12.14-150000.150.109.1 gfs2-kmp-default-debuginfo-4.12.14-150000.150.109.1 kernel-default-debuginfo-4.12.14-150000.150.109.1 kernel-default-debugsource-4.12.14-150000.150.109.1 ocfs2-kmp-default-4.12.14-150000.150.109.1 ocfs2-kmp-default-debuginfo-4.12.14-150000.150.109.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204432 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1205006 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206207 From sle-updates at lists.suse.com Mon Dec 19 20:35:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Dec 2022 21:35:44 +0100 (CET) Subject: SUSE-SU-2022:4572-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) Message-ID: <20221219203544.521FCFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4572-1 Rating: important References: #1205130 #1205815 #1206228 Cross-References: CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_101 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4572=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_101-default-2-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Mon Dec 19 23:20:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 00:20:23 +0100 (CET) Subject: SUSE-SU-2022:4577-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15) Message-ID: <20221219232023.2F438FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4577-1 Rating: important References: #1203606 #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150000_150_95 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-4553=1 SUSE-SLE-Module-Live-Patching-15-2022-4554=1 SUSE-SLE-Module-Live-Patching-15-2022-4576=1 SUSE-SLE-Module-Live-Patching-15-2022-4577=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4578=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4548=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150000_150_89-default-10-150000.2.2 kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-10-150000.2.2 kernel-livepatch-4_12_14-150000_150_92-default-7-150000.2.1 kernel-livepatch-4_12_14-150000_150_92-default-debuginfo-7-150000.2.1 kernel-livepatch-4_12_14-150000_150_95-default-5-150000.2.1 kernel-livepatch-4_12_14-150000_150_95-default-debuginfo-5-150000.2.1 kernel-livepatch-4_12_14-150000_150_98-default-5-150000.2.1 kernel-livepatch-4_12_14-150000_150_98-default-debuginfo-5-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_116-default-10-2.2 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_96-default-10-2.2 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Tue Dec 20 08:46:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 09:46:38 +0100 (CET) Subject: SUSE-CU-2022:3392-1: Recommended update of suse/sle15 Message-ID: <20221220084638.52163FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3392-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.719 Container Release : 6.2.719 Severity : moderate Type : recommended References : 1186827 1204706 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) The following package changes have been done: - container-suseconnect-2.4.0-150000.4.22.1 updated - suse-build-key-12.0-150000.8.28.1 updated From sle-updates at lists.suse.com Tue Dec 20 09:06:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:06:07 +0100 (CET) Subject: SUSE-CU-2022:3395-1: Recommended update of bci/nodejs Message-ID: <20221220090607.5C7E9FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3395-1 Container Tags : bci/node:12 , bci/node:12-17.104 , bci/nodejs:12 , bci/nodejs:12-17.104 Container Release : 17.104 Severity : moderate Type : recommended References : 1179465 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - container:sles15-image-15.0.0-17.20.84 updated From sle-updates at lists.suse.com Tue Dec 20 09:14:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:14:04 +0100 (CET) Subject: SUSE-CU-2022:3396-1: Recommended update of bci/python Message-ID: <20221220091404.20F3AFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3396-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-22.17 Container Release : 22.17 Severity : moderate Type : recommended References : 1179465 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - container:sles15-image-15.0.0-17.20.84 updated From sle-updates at lists.suse.com Tue Dec 20 09:34:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:34:27 +0100 (CET) Subject: SUSE-CU-2022:3406-1: Recommended update of bci/golang Message-ID: <20221220093427.AA0BDFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3406-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.108 Container Release : 29.108 Severity : moderate Type : recommended References : 1179465 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated - container:sles15-image-15.0.0-27.14.23 updated From sle-updates at lists.suse.com Tue Dec 20 09:37:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:37:37 +0100 (CET) Subject: SUSE-CU-2022:3407-1: Recommended update of bci/golang Message-ID: <20221220093737.68826FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3407-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.2 Container Release : 19.2 Severity : moderate Type : recommended References : 1179465 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated From sle-updates at lists.suse.com Tue Dec 20 09:39:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:39:41 +0100 (CET) Subject: SUSE-CU-2022:3408-1: Recommended update of bci/nodejs Message-ID: <20221220093941.351ACFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3408-1 Container Tags : bci/node:14 , bci/node:14-36.2 , bci/nodejs:14 , bci/nodejs:14-36.2 Container Release : 36.2 Severity : moderate Type : recommended References : 1179465 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated From sle-updates at lists.suse.com Tue Dec 20 09:41:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:41:04 +0100 (CET) Subject: SUSE-CU-2022:3409-1: Recommended update of bci/nodejs Message-ID: <20221220094104.D3A42FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3409-1 Container Tags : bci/node:16 , bci/node:16-12.2 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-12.2 , bci/nodejs:latest Container Release : 12.2 Severity : moderate Type : recommended References : 1179465 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated From sle-updates at lists.suse.com Tue Dec 20 09:44:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:44:56 +0100 (CET) Subject: SUSE-CU-2022:3410-1: Recommended update of bci/openjdk-devel Message-ID: <20221220094456.540FCFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3410-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.5 Container Release : 38.5 Severity : moderate Type : recommended References : 1179465 1191546 1198980 1201298 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4492-1 Released: Wed Dec 14 13:52:39 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298 This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - libfreebl3-3.79.2-150400.3.18.1 updated - libfreebl3-hmac-3.79.2-150400.3.18.1 updated - mozilla-nss-certs-3.79.2-150400.3.18.1 updated - libsoftokn3-3.79.2-150400.3.18.1 updated - mozilla-nss-3.79.2-150400.3.18.1 updated - libsoftokn3-hmac-3.79.2-150400.3.18.1 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated - container:bci-openjdk-11-15.4.11-34.2 updated From sle-updates at lists.suse.com Tue Dec 20 09:45:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:45:14 +0100 (CET) Subject: SUSE-CU-2022:3411-1: Recommended update of bci/openjdk-devel Message-ID: <20221220094514.7E2D1FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3411-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.5 , bci/openjdk-devel:latest Container Release : 12.5 Severity : moderate Type : recommended References : 1179465 1191546 1198980 1201298 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4492-1 Released: Wed Dec 14 13:52:39 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298 This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - libfreebl3-3.79.2-150400.3.18.1 updated - libfreebl3-hmac-3.79.2-150400.3.18.1 updated - mozilla-nss-certs-3.79.2-150400.3.18.1 updated - libsoftokn3-3.79.2-150400.3.18.1 updated - mozilla-nss-3.79.2-150400.3.18.1 updated - libsoftokn3-hmac-3.79.2-150400.3.18.1 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated - container:bci-openjdk-17-15.4.17-11.2 updated From sle-updates at lists.suse.com Tue Dec 20 09:45:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:45:31 +0100 (CET) Subject: SUSE-CU-2022:3412-1: Recommended update of bci/openjdk Message-ID: <20221220094531.9BC28FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3412-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-11.2 , bci/openjdk:latest Container Release : 11.2 Severity : moderate Type : recommended References : 1191546 1198980 1201298 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4492-1 Released: Wed Dec 14 13:52:39 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298 This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). The following package changes have been done: - libfreebl3-3.79.2-150400.3.18.1 updated - libfreebl3-hmac-3.79.2-150400.3.18.1 updated - mozilla-nss-certs-3.79.2-150400.3.18.1 updated - libsoftokn3-3.79.2-150400.3.18.1 updated - mozilla-nss-3.79.2-150400.3.18.1 updated - libsoftokn3-hmac-3.79.2-150400.3.18.1 updated From sle-updates at lists.suse.com Tue Dec 20 09:48:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:48:16 +0100 (CET) Subject: SUSE-CU-2022:3413-1: Recommended update of suse/pcp Message-ID: <20221220094816.25AD0FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3413-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.109 , suse/pcp:latest Container Release : 11.109 Severity : moderate Type : recommended References : 1191546 1198980 1201298 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4492-1 Released: Wed Dec 14 13:52:39 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298 This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). The following package changes have been done: - libfreebl3-3.79.2-150400.3.18.1 updated - libfreebl3-hmac-3.79.2-150400.3.18.1 updated - mozilla-nss-certs-3.79.2-150400.3.18.1 updated - libsoftokn3-3.79.2-150400.3.18.1 updated - mozilla-nss-3.79.2-150400.3.18.1 updated - libsoftokn3-hmac-3.79.2-150400.3.18.1 updated - container:bci-bci-init-15.4-15.4-24.53 updated From sle-updates at lists.suse.com Tue Dec 20 09:49:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:49:48 +0100 (CET) Subject: SUSE-CU-2022:3414-1: Recommended update of bci/python Message-ID: <20221220094948.0984BFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3414-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-10.2 , bci/python:latest Container Release : 10.2 Severity : moderate Type : recommended References : 1179465 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated From sle-updates at lists.suse.com Tue Dec 20 09:51:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:51:34 +0100 (CET) Subject: SUSE-CU-2022:3415-1: Recommended update of bci/python Message-ID: <20221220095134.5E8F6FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3415-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-33.2 Container Release : 33.2 Severity : moderate Type : recommended References : 1179465 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated From sle-updates at lists.suse.com Tue Dec 20 09:54:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 10:54:41 +0100 (CET) Subject: SUSE-CU-2022:3416-1: Recommended update of bci/ruby Message-ID: <20221220095441.DD426FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3416-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-32.2 , bci/ruby:latest Container Release : 32.2 Severity : moderate Type : recommended References : 1179465 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated From sle-updates at lists.suse.com Tue Dec 20 10:25:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 11:25:26 +0100 (CET) Subject: SUSE-IU-2022:1143-1: Security update of suse-sles-15-sp3-chost-byos-v20221215-x86_64-gen2 Message-ID: <20221220102526.18994FD2D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20221215-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1143-1 Image Tags : suse-sles-15-sp3-chost-byos-v20221215-x86_64-gen2:20221215 Image Release : Severity : important Type : security References : 1163683 1179465 1181429 1184124 1184689 1186787 1187654 1187655 1188086 1188607 1189560 1192252 1192478 1192508 1192648 1194392 1195618 1197284 1197428 1197998 1198523 1198894 1199074 1200102 1200330 1200505 1200657 1200901 1201053 1201490 1201492 1201493 1201495 1201496 1201689 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203924 1204254 1204511 1204577 1204706 1204720 1204779 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-2031 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3437 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20221215-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4163-1 Released: Tue Nov 22 10:57:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1187654,1195618,1203267,1203749 This update for dracut fixes the following issues: - systemd: add missing modprobe at .service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) - drm: consider also drm_dev_register when looking for gpu driver (bsc#1195618) - integrity: do not display any error if there is no IMA certificate (bsc#1187654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4219-1 Released: Fri Nov 25 09:39:49 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4341-1 Released: Wed Dec 7 12:55:26 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1181429,1184124,1186787,1187655,1189560,1192508,1194392,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - auto6: Fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - compat-suse: Match read order of sysctl.d '/etc' vs. '/run' with systemd-sysctl and remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: Fix reading of sysctl variable 'addr_gen_mode' - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - redfish: Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) (jsc#SLE-24286, jsc#SLE-17762) - Removed obsolete patch included in the main sources (bsc#1194392) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Fix to not expect colons in 64byte long wpa-psk hex hash string - wireless: Remove libiw dependencies - xml-schema: Reference counting fix to not crash at exit on schema errors ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4358-1 Released: Thu Dec 8 10:55:10 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1205275 This update for rsyslog fixes the following issue: - Parsing of legacy config syntax (bsc#1205275) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4388-1 Released: Fri Dec 9 04:07:21 2022 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1204511 This update for gnutls fixes the following issues: - Fix potential to free an invalid pointer (bsc#1204511) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4389-1 Released: Fri Dec 9 07:59:16 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1163683 This update for avahi fixes the following issues: - Do not cache responses generated locally (bsc#1163683) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4395-1 Released: Fri Dec 9 11:02:36 2022 Summary: Security update for samba Type: security Severity: important References: 1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-42898 This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496). - CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493). - CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492). - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - CVE-2022-42898: Fixed Samba buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). Bug fixes: - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory (bsc#1201689). - Possible use after free of connection_struct when iterating smbd_server_connection->connections (bsc#1200102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4470-1 Released: Wed Dec 14 06:05:48 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-049.1+suse.247.gfb7df05c-150200.3.63.1 updated - grub2-i386-pc-2.04-150300.22.25.1 updated - grub2-x86_64-efi-2.04-150300.22.25.1 updated - grub2-2.04-150300.22.25.1 updated - krb5-1.19.2-150300.7.7.1 updated - libavahi-client3-0.7-150100.3.21.4 updated - libavahi-common3-0.7-150100.3.21.4 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libgnutls30-3.6.7-150200.14.22.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150200.4.35.1 updated - samba-client-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 updated - sudo-1.9.5p2-150300.3.16.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150300.4.8.1 updated - wicked-0.6.70-150300.4.8.1 updated From sle-updates at lists.suse.com Tue Dec 20 10:29:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 11:29:06 +0100 (CET) Subject: SUSE-IU-2022:1144-1: Security update of suse-sles-15-sp3-chost-byos-v20221215-hvm-ssd-x86_64 Message-ID: <20221220102906.764C1FD2D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20221215-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1144-1 Image Tags : suse-sles-15-sp3-chost-byos-v20221215-hvm-ssd-x86_64:20221215 Image Release : Severity : important Type : security References : 1163683 1179465 1181429 1184124 1184689 1186787 1187654 1187655 1188086 1188607 1189560 1192252 1192478 1192508 1192648 1194392 1195618 1197284 1197428 1197998 1198523 1198894 1199074 1200102 1200330 1200505 1200657 1200901 1201053 1201490 1201492 1201493 1201495 1201496 1201689 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203924 1204254 1204511 1204577 1204706 1204720 1204779 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-2031 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3437 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20221215-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4163-1 Released: Tue Nov 22 10:57:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1187654,1195618,1203267,1203749 This update for dracut fixes the following issues: - systemd: add missing modprobe at .service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) - drm: consider also drm_dev_register when looking for gpu driver (bsc#1195618) - integrity: do not display any error if there is no IMA certificate (bsc#1187654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4219-1 Released: Fri Nov 25 09:39:49 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4341-1 Released: Wed Dec 7 12:55:26 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1181429,1184124,1186787,1187655,1189560,1192508,1194392,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - auto6: Fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - compat-suse: Match read order of sysctl.d '/etc' vs. '/run' with systemd-sysctl and remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: Fix reading of sysctl variable 'addr_gen_mode' - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - redfish: Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) (jsc#SLE-24286, jsc#SLE-17762) - Removed obsolete patch included in the main sources (bsc#1194392) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Fix to not expect colons in 64byte long wpa-psk hex hash string - wireless: Remove libiw dependencies - xml-schema: Reference counting fix to not crash at exit on schema errors ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4358-1 Released: Thu Dec 8 10:55:10 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1205275 This update for rsyslog fixes the following issue: - Parsing of legacy config syntax (bsc#1205275) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4388-1 Released: Fri Dec 9 04:07:21 2022 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1204511 This update for gnutls fixes the following issues: - Fix potential to free an invalid pointer (bsc#1204511) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4389-1 Released: Fri Dec 9 07:59:16 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1163683 This update for avahi fixes the following issues: - Do not cache responses generated locally (bsc#1163683) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4395-1 Released: Fri Dec 9 11:02:36 2022 Summary: Security update for samba Type: security Severity: important References: 1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-42898 This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496). - CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493). - CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492). - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - CVE-2022-42898: Fixed Samba buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). Bug fixes: - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory (bsc#1201689). - Possible use after free of connection_struct when iterating smbd_server_connection->connections (bsc#1200102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4470-1 Released: Wed Dec 14 06:05:48 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-049.1+suse.247.gfb7df05c-150200.3.63.1 updated - grub2-i386-pc-2.04-150300.22.25.1 updated - grub2-x86_64-efi-2.04-150300.22.25.1 updated - grub2-x86_64-xen-2.04-150300.22.25.1 updated - grub2-2.04-150300.22.25.1 updated - krb5-1.19.2-150300.7.7.1 updated - libavahi-client3-0.7-150100.3.21.4 updated - libavahi-common3-0.7-150100.3.21.4 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libgnutls30-3.6.7-150200.14.22.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150200.4.35.1 updated - samba-client-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 updated - sudo-1.9.5p2-150300.3.16.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150300.4.8.1 updated - wicked-0.6.70-150300.4.8.1 updated From sle-updates at lists.suse.com Tue Dec 20 10:32:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 11:32:12 +0100 (CET) Subject: SUSE-IU-2022:1145-1: Security update of sles-15-sp3-chost-byos-v20221215-x86-64 Message-ID: <20221220103212.DFF0CFD2D@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20221215-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1145-1 Image Tags : sles-15-sp3-chost-byos-v20221215-x86-64:20221215 Image Release : Severity : important Type : security References : 1163683 1179465 1179825 1181429 1182591 1182591 1184123 1184124 1184689 1186399 1186719 1186787 1187287 1187654 1187655 1187858 1187860 1187890 1188086 1188607 1189046 1189195 1189560 1191935 1192252 1192348 1192478 1192508 1192648 1192761 1192761 1193540 1194392 1195618 1197284 1197428 1197998 1198158 1198523 1198894 1199074 1199670 1199865 1199865 1200102 1200330 1200505 1200644 1200657 1200901 1201053 1201490 1201492 1201493 1201495 1201496 1201689 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203924 1204068 1204091 1204254 1204511 1204577 1204706 1204720 1204779 1204827 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-2031 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3437 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20221215-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1478-1 Released: Tue May 4 14:05:38 2021 Summary: Recommended update for libhugetlbfs Type: recommended Severity: moderate References: 1184123 This update for libhugetlbfs fixes the following issues: - Hardening: Link as PIE (bsc#1184123) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1920-1 Released: Wed Jun 9 17:02:54 2021 Summary: Recommended update for nvme-cli Type: recommended Severity: moderate References: 1179825,1182591 This update for nvme-cli fixes the following issues: - Add KATO fixes for NVMEoF (bsc#1182591) - Lookup existing persistent controllers (bsc#1179825) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3043-1 Released: Wed Sep 15 10:09:30 2021 Summary: Recommended update for nvme-cli Type: recommended Severity: moderate References: 1186719,1187287,1187858,1187860,1187890,1189046,1189195 nvme-cli was updated to fix the following issues: - Do not print error message when opening controller (bsc#1186719) - Fix failures during 'nvme list' (bsc#1186719) - Only connect to matching controllers (bsc#1186719) - Skip connect if transport type doesn't match (bsc#1187287 bsc#1187860) - Ignore non live controllers when scanning subsystems (bsc#1186719 bsc#1187287) - Remove UUID validation heuristic (bsc#1187890) - Do not segfault when controller is not available (bsc#1189046) - Use correct default port for discovery (bsc#1189195 bsc#1187858) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3953-1 Released: Mon Dec 6 17:44:20 2021 Summary: Recommended update for nvme-cli Type: recommended Severity: moderate References: 1182591,1191935,1192348 This update for nvme-cli fixes the following issues: - Allow -1 as ctrl_loss_tmo value (bsc#1192348) - Fix segfauls while discovering (bsc#1191935) - Adding missing hunk (bsc#1182591) - Use pkg-config for libuuid dependency setup ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:780-1 Released: Wed Mar 9 14:46:12 2022 Summary: Recommended update for nvme-cli Type: recommended Severity: moderate References: 1193540 This update for nvme-cli fixes the following issues: - fabrics: fix 'nvme connect' segfault if transport type is omitted (bsc#1193540) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2528-1 Released: Fri Jul 22 12:09:44 2022 Summary: Recommended update for nvme-cli Type: recommended Severity: low References: 1192761,1198158,1199670,1199865 This update for nvme-cli fixes the following issues: - Don't print error on failed to open in nvme-topology.c (bsc#1198158) - Allow selecting the network interface for connections (bsc#1199670) - Support unique discovery subsystem NQN (bsc#1199865 bsc#1192761) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4048-1 Released: Thu Nov 17 14:03:36 2022 Summary: Recommended update for nvme-cli Type: recommended Severity: moderate References: 1186399,1200644 This update for nvme-cli fixes the following issues: - Fix infinite loop on invalid parameters (bsc#1200644) - Support auto discovery, add %systemd_ordering to spec file (bsc#1186399) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4163-1 Released: Tue Nov 22 10:57:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1187654,1195618,1203267,1203749 This update for dracut fixes the following issues: - systemd: add missing modprobe at .service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) - drm: consider also drm_dev_register when looking for gpu driver (bsc#1195618) - integrity: do not display any error if there is no IMA certificate (bsc#1187654) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4219-1 Released: Fri Nov 25 09:39:49 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4230-1 Released: Fri Nov 25 18:18:26 2022 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1204068,1204091 This update for google-guest-configs fixes the following issues: - Add nvme-cli to Requires (bsc#1204068, bsc#1204091) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4270-1 Released: Tue Nov 29 13:20:45 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1198523,1199074,1203216 This update for lvm2 fixes the following issues: - Design changes to avoid kernel panic (bsc#1198523) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - killed lvmlockd doesn't clear/adopt locks leading to inability to start volume group (bsc#1203216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4341-1 Released: Wed Dec 7 12:55:26 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1181429,1184124,1186787,1187655,1189560,1192508,1194392,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - auto6: Fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429) - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - compat-suse: Match read order of sysctl.d '/etc' vs. '/run' with systemd-sysctl and remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5. - compat-suse: Fix reading of sysctl variable 'addr_gen_mode' - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - redfish: Add initial support to decode the SMBIOS Management Controller Host Interface (Type 42) (jsc#SLE-24286, jsc#SLE-17762) - Removed obsolete patch included in the main sources (bsc#1194392) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Fix to not expect colons in 64byte long wpa-psk hex hash string - wireless: Remove libiw dependencies - xml-schema: Reference counting fix to not crash at exit on schema errors ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4358-1 Released: Thu Dec 8 10:55:10 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1205275 This update for rsyslog fixes the following issue: - Parsing of legacy config syntax (bsc#1205275) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4381-1 Released: Fri Dec 9 03:59:58 2022 Summary: Recommended update for nvme-cli Type: recommended Severity: important References: 1192761,1199865,1204827 This update for nvme-cli fixes the following issues: - Drop support for unique discovery subsystem NQN (bsc#1199865 bsc#1192761 bsc#1204827) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4388-1 Released: Fri Dec 9 04:07:21 2022 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1204511 This update for gnutls fixes the following issues: - Fix potential to free an invalid pointer (bsc#1204511) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4389-1 Released: Fri Dec 9 07:59:16 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1163683 This update for avahi fixes the following issues: - Do not cache responses generated locally (bsc#1163683) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4395-1 Released: Fri Dec 9 11:02:36 2022 Summary: Security update for samba Type: security Severity: important References: 1200102,1201490,1201492,1201493,1201495,1201496,1201689,1204254,1205126,CVE-2022-2031,CVE-2022-32742,CVE-2022-32744,CVE-2022-32745,CVE-2022-32746,CVE-2022-3437,CVE-2022-42898 This update for samba fixes the following issues: Version update to 4.15.12. Security issues fixed: - CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496). - CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493). - CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492). - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - CVE-2022-42898: Fixed Samba buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). Bug fixes: - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory (bsc#1201689). - Possible use after free of connection_struct when iterating smbd_server_connection->connections (bsc#1200102). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4470-1 Released: Wed Dec 14 06:05:48 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-049.1+suse.247.gfb7df05c-150200.3.63.1 updated - google-guest-configs-20220211.00-150000.1.22.1 updated - grub2-i386-pc-2.04-150300.22.25.1 updated - grub2-x86_64-efi-2.04-150300.22.25.1 updated - grub2-2.04-150300.22.25.1 updated - krb5-1.19.2-150300.7.7.1 updated - libavahi-client3-0.7-150100.3.21.4 updated - libavahi-common3-0.7-150100.3.21.4 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.49.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libgnutls30-3.6.7-150200.14.22.1 updated - libhugetlbfs-2.20-3.3.1 added - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nfsidmap-0.26-150000.3.7.1 updated - nvme-cli-1.13-150300.3.23.2 added - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150200.4.35.1 updated - samba-client-libs-4.15.12+git.535.7750e5c95ef-150300.3.43.1 updated - sudo-1.9.5p2-150300.3.16.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150300.4.8.1 updated - wicked-0.6.70-150300.4.8.1 updated From sle-updates at lists.suse.com Tue Dec 20 10:33:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 11:33:17 +0100 (CET) Subject: SUSE-IU-2022:1146-1: Security update of suse-sles-15-sp4-chost-byos-v20221215-x86_64-gen2 Message-ID: <20221220103317.332C5FD2D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20221215-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1146-1 Image Tags : suse-sles-15-sp4-chost-byos-v20221215-x86_64-gen2:20221215 Image Release : Severity : important Type : security References : 1179465 1184124 1184689 1186787 1187655 1188086 1188607 1189560 1190651 1191833 1192252 1192478 1192508 1192648 1196076 1197284 1197428 1197998 1198165 1198625 1198894 1199074 1200330 1200505 1200657 1200803 1200901 1200994 1201053 1202014 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203341 1203368 1203482 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203894 1203924 1203957 1204440 1204577 1204706 1204720 1204779 1204821 1204844 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20221215-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4141-1 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4162-1 Released: Tue Nov 22 10:56:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1202014,1203267,1203368,1203749,1203894 This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe at .service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4226-1 Released: Fri Nov 25 18:16:59 2022 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1196076,1198625,1200803,1200994,1203341,1204821 This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4227-1 Released: Fri Nov 25 18:17:31 2022 Summary: Recommended update for release-notes-sle-micro Type: recommended Severity: low References: 1204440 This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4328-1 Released: Tue Dec 6 12:25:12 2022 Summary: Recommended update for audit-secondary Type: recommended Severity: moderate References: 1204844 This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4340-1 Released: Wed Dec 7 12:54:47 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4370-1 Released: Thu Dec 8 17:19:14 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1191833,1205275 This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - audit-3.0.6-150400.4.6.1 updated - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 updated - dracut-055+suse.323.gca0e74f0-150400.3.13.1 updated - grub2-i386-pc-2.06-150400.11.17.1 updated - grub2-x86_64-efi-2.06-150400.11.17.1 updated - grub2-2.06-150400.11.17.1 updated - iputils-20211215-150400.3.3.2 updated - krb5-1.19.2-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150400.5.11.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 updated - sudo-1.9.9-150400.4.9.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - system-group-audit-3.0.6-150400.4.6.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150400.3.3.1 updated - wicked-0.6.70-150400.3.3.1 updated From sle-updates at lists.suse.com Tue Dec 20 10:34:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 11:34:26 +0100 (CET) Subject: SUSE-IU-2022:1147-1: Security update of suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64 Message-ID: <20221220103426.EFB98FD2D@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1147-1 Image Tags : suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64:20221215 Image Release : Severity : important Type : security References : 1179465 1184124 1184689 1186787 1187655 1188086 1188607 1189560 1190651 1191833 1192252 1192478 1192508 1192648 1196076 1197284 1197428 1197998 1198165 1198625 1198894 1199074 1200330 1200505 1200657 1200803 1200901 1200994 1201053 1202014 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203341 1203368 1203482 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203894 1203924 1203957 1204440 1204577 1204706 1204720 1204779 1204821 1204844 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20221215-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4141-1 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4162-1 Released: Tue Nov 22 10:56:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1202014,1203267,1203368,1203749,1203894 This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe at .service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4226-1 Released: Fri Nov 25 18:16:59 2022 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1196076,1198625,1200803,1200994,1203341,1204821 This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4227-1 Released: Fri Nov 25 18:17:31 2022 Summary: Recommended update for release-notes-sle-micro Type: recommended Severity: low References: 1204440 This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4328-1 Released: Tue Dec 6 12:25:12 2022 Summary: Recommended update for audit-secondary Type: recommended Severity: moderate References: 1204844 This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4340-1 Released: Wed Dec 7 12:54:47 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4370-1 Released: Thu Dec 8 17:19:14 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1191833,1205275 This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - audit-3.0.6-150400.4.6.1 updated - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 updated - dracut-055+suse.323.gca0e74f0-150400.3.13.1 updated - grub2-i386-pc-2.06-150400.11.17.1 updated - grub2-x86_64-efi-2.06-150400.11.17.1 updated - grub2-x86_64-xen-2.06-150400.11.17.1 updated - grub2-2.06-150400.11.17.1 updated - iputils-20211215-150400.3.3.2 updated - krb5-1.19.2-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150400.5.11.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 updated - sudo-1.9.9-150400.4.9.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - system-group-audit-3.0.6-150400.4.6.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150400.3.3.1 updated - wicked-0.6.70-150400.3.3.1 updated From sle-updates at lists.suse.com Tue Dec 20 10:35:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 11:35:08 +0100 (CET) Subject: SUSE-IU-2022:1148-1: Security update of sles-15-sp4-chost-byos-v20221118-arm64 Message-ID: <20221220103508.0BF28FD2D@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20221118-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1148-1 Image Tags : sles-15-sp4-chost-byos-v20221118-arm64:20221118 Image Release : Severity : critical Type : security References : 1027519 1027519 1065729 1071995 1087072 1121365 1152472 1152489 1167608 1177460 1177578 1180995 1185032 1187312 1188238 1190497 1190651 1190651 1190653 1190888 1192439 1193859 1193923 1194023 1194047 1194530 1194869 1194869 1195917 1196018 1196444 1196632 1196668 1196869 1197659 1198189 1198471 1198472 1199062 1199856 1199904 1199944 1200022 1200288 1200567 1200622 1200692 1200788 1201051 1201293 1201309 1201310 1201361 1201590 1201631 1201689 1201959 1201987 1201994 1202021 1202095 1202146 1202148 1202148 1202187 1202324 1202344 1202627 1202686 1202700 1202821 1202914 1202960 1202981 1203039 1203046 1203066 1203069 1203098 1203101 1203197 1203229 1203250 1203263 1203290 1203299 1203338 1203360 1203361 1203389 1203410 1203435 1203505 1203514 1203552 1203614 1203618 1203619 1203620 1203652 1203664 1203681 1203693 1203699 1203699 1203767 1203767 1203769 1203770 1203779 1203794 1203798 1203802 1203806 1203806 1203807 1203807 1203893 1203902 1203906 1203908 1203911 1203922 1203935 1203939 1203987 1203992 1204017 1204051 1204059 1204060 1204111 1204112 1204113 1204125 1204142 1204166 1204168 1204171 1204179 1204211 1204241 1204244 1204256 1204353 1204354 1204355 1204357 1204366 1204367 1204383 1204386 1204402 1204413 1204415 1204417 1204428 1204431 1204439 1204470 1204479 1204482 1204483 1204485 1204487 1204488 1204489 1204490 1204494 1204496 1204498 1204533 1204569 1204574 1204575 1204619 1204635 1204637 1204646 1204647 1204649 1204650 1204653 1204690 1204693 1204705 1204708 1204719 1204728 1204753 1204868 1204926 1204933 1204934 1204947 1204957 1204963 1204968 1204970 1204986 1205156 CVE-2021-22569 CVE-2021-46848 CVE-2022-1263 CVE-2022-1664 CVE-2022-1882 CVE-2022-1941 CVE-2022-2153 CVE-2022-2586 CVE-2022-2795 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3080 CVE-2022-3169 CVE-2022-3171 CVE-2022-3202 CVE-2022-32221 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-33746 CVE-2022-33746 CVE-2022-33747 CVE-2022-33748 CVE-2022-33748 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3515 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3640 CVE-2022-3646 CVE-2022-3649 CVE-2022-38177 CVE-2022-38178 CVE-2022-3821 CVE-2022-39189 CVE-2022-40303 CVE-2022-40304 CVE-2022-40476 CVE-2022-40768 CVE-2022-41218 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-42309 CVE-2022-42310 CVE-2022-42311 CVE-2022-42312 CVE-2022-42313 CVE-2022-42314 CVE-2022-42315 CVE-2022-42316 CVE-2022-42317 CVE-2022-42318 CVE-2022-42319 CVE-2022-42320 CVE-2022-42321 CVE-2022-42322 CVE-2022-42323 CVE-2022-42325 CVE-2022-42326 CVE-2022-42327 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-42916 CVE-2022-43680 CVE-2022-43750 CVE-2022-43995 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20221118-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3663-1 Released: Wed Oct 19 19:05:21 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069 This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC-7919 groups for genparam and dhparam - FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472] - FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069] - FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call. - FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046] - FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library. - FIPS: OpenSSL Provide a service-level indicator [bsc#1190651] - FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3670-1 Released: Thu Oct 20 10:44:13 2022 Summary: Recommended update for zchunk Type: recommended Severity: moderate References: 1204244 This update for zchunk fixes the following issues: - Make sure to ship libzck1 to Micro 5.3 (bsc#1204244) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3678-1 Released: Thu Oct 20 14:38:19 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1187312,1201051,1202981 This update for kdump fixes the following issues: - Fix broken URL in manpage (bsc#1187312) - Fix network-related dracut options handling for fadump case (bsc#1201051) - use inst_binary to install kdump-save (bsc#1202981) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical References: 1204357,CVE-2022-3515 This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3692-1 Released: Fri Oct 21 16:15:07 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1204366,1204367,CVE-2022-40303,CVE-2022-40304 This update for libxml2 fixes the following issues: - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3727-1 Released: Tue Oct 25 15:38:34 2022 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1167608,1201631,1201994,1203806,1203807,CVE-2022-33746,CVE-2022-33748 This update for xen fixes the following issues: Updated to version 4.16.2 (bsc#1027519): - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). Bugfixes: - Fixed Xen DomU unable to emulate audio device (bsc#1201994). - Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3767-1 Released: Wed Oct 26 11:49:43 2022 Summary: Recommended update for bind Type: security Severity: important References: 1201689,1203250,1203614,1203618,1203619,1203620,CVE-2022-2795,CVE-2022-3080,CVE-2022-38177,CVE-2022-38178 This update for bind fixes the following issues: Update to release 9.16.33: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations (bsc#1203614). - CVE-2022-3080: Fixed assertion failure when there was a stale CNAME in the cache for the incoming query and the stale-answer-client-timeout option is set to 0 (bsc#1203618). - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code for the ECDSA algorithm (bsc#1203619). - CVE-2022-38178: Fixed memory leaks that could be externally triggered in the DNSSEC verification code for the EdDSA algorithm (bsc#1203620). - Add systemd drop-in directory for named service (bsc#1201689). - Add modified createNamedConfInclude script and README-bind.chrootenv (bsc#1203250). - Feature Changes: - Response Rate Limiting (RRL) code now treats all QNAMEs that are subject to wildcard processing within a given zone as the same name, to prevent circumventing the limits enforced by RRL. - Zones using dnssec-policy now require dynamic DNS or inline-signing to be configured explicitly. - A backward-compatible approach was implemented for encoding internationalized domain names (IDN) in dig and converting the domain to IDNA2008 form; if that fails, BIND tries an IDNA2003 conversion. - The DNSSEC algorithms RSASHA1 and NSEC3RSASHA1 are now automatically disabled on systems where they are disallowed by the security policy. Primary zones using those algorithms need to be migrated to new algorithms prior to running on these systems, as graceful migration to different DNSSEC algorithms is not possible when RSASHA1 is disallowed by the operating system. - Log messages related to fetch limiting have been improved to provide more complete information. Specifically, the final counts of allowed and spilled fetches are now logged before the counter object is destroyed. - Non-dynamic zones that inherit dnssec-policy from the view or options blocks were not marked as inline-signed and therefore never scheduled to be re-signed. This has been fixed. - The old max-zone-ttl zone option was meant to be superseded by the max-zone-ttl option in dnssec-policy; however, the latter option was not fully effective. This has been corrected: zones no longer load if they contain TTLs greater than the limit configured in dnssec-policy. For zones with both the old max-zone-ttl option and dnssec-policy configured, the old option is ignored, and a warning is generated. - rndc dumpdb -expired was fixed to include expired RRsets, even if stale-cache-enable is set to no and the cache-cleaning time window has passed. (jsc#SLE-24600) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3785-1 Released: Wed Oct 26 20:20:19 2022 Summary: Security update for curl Type: security Severity: important References: 1204383,1204386,CVE-2022-32221,CVE-2022-42916 This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3787-1 Released: Thu Oct 27 04:41:09 2022 Summary: Recommended update for permissions Type: recommended Severity: important References: 1194047,1203911 This update for permissions fixes the following issues: - Fix regression introduced by backport of security fix (bsc#1203911) - Add permissions for enlightenment helper on 32bit arches (bsc#1194047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3799-1 Released: Thu Oct 27 14:59:06 2022 Summary: Recommended update for gnutls Type: recommended Severity: important References: 1202146,1203779 This update for gnutls fixes the following issues: - FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146) - FIPS: Make XTS key check failure not fatal (bsc#1203779) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3812-1 Released: Mon Oct 31 09:44:26 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1177578 This update for sudo fixes the following issues: - Removed redundant and confusing 'secure_path' settings in sudo-sudoers file (bsc#1177578). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3844-1 Released: Tue Nov 1 18:20:11 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1185032,1190497,1194023,1194869,1195917,1196444,1196869,1197659,1198189,1200288,1200622,1201309,1201310,1201987,1202095,1202960,1203039,1203066,1203101,1203197,1203263,1203338,1203360,1203361,1203389,1203410,1203505,1203552,1203664,1203693,1203699,1203767,1203769,1203770,1203794,1203798,1203893,1203902,1203906,1203908,1203935,1203939,1203987,1203992,1204051,1204059,1204060,1204125,CVE-2022-1263,CVE-2022-2586,CVE-2022-3202,CVE-2022-32296,CVE-2022-3239,CVE-2022-3303,CVE-2022-39189,CVE-2022-41218,CVE-2022-41674,CVE-2022-41848,CVE-2022-41849,CVE-2022-42719,CVE-2022-42720,CVE-2022-42721,CVE-2022-42722 The SUSE Linux Enterprise 15 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189). - CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389). - CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051) - CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060) - CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059) The following non-security bugs were fixed: - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - lockd: detect and reject lock arguments that overflow (git-fixes). - md-raid10: fix KASAN warning (git-fixes). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: rkvdec: Disable H.264 error detection (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mlxsw: i2c: Fix initialization error flow (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFS: fix problems with __nfs42_ssc_open (git-fixes). - NFS: Fix races in the legacy idmapper upcall (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Report RDMA connection errors to the server (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - regulator: core: Clean up on enable failure (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix spelling mistake 'definiton' 'definition' (bsc#1203935). - scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: fix expiry of auth creds (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - USB: add quirks for Lenovo OneLink+ Dock (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: Drop commas after SoC match table sentinels (git-fixes). - USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - USB: dwc3: disable USB core PHY management (git-fixes). - USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - USB: dwc3: gadget: Refactor pullup() (git-fixes). - USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Fix memory leak in usbnet_disconnect() (git-fixes). - USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - USB: hub: avoid warm port reset during USB3 disconnect (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes). - USB: struct usb_device: hide new member (git-fixes). - USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - USB: typec: tipd: Add an additional overflow check (git-fixes). - USB: typec: tipd: Do not read/write more bytes than required (git-fixes). - USB: typec: ucsi: Remove incorrect warning (git-fixes). - USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:3845-1 Released: Wed Nov 2 07:22:59 2022 Summary: Feature update for grub2 Type: feature Severity: important References: 1196668,1201361 This feature update for grub2 fixes the following issues: - Include loopback into signed grub2 image (jsc#PED-2151, jsc#PED-2150) - Enable 'Automatic TPM Disk Unlock' mechanism (jsc#PED-1423, jsc#PED-1091, bsc#1196668) - Fix installation failure due to unavailable nvram device on ppc64le (bsc#1201361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3870-1 Released: Fri Nov 4 11:12:08 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651,1202148 This update for openssl-1_1 fixes the following issues: - FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148) - FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3885-1 Released: Mon Nov 7 11:32:04 2022 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1203299 This update for gnutls fixes the following issues: - Fix AVX CPU feature detection for OSXSAVE (bsc#1203299) This fixes a SIGILL termination at the verzoupper instruction when trying to run GnuTLS on a Linux kernel with the noxsave command line parameter set. Relevant mostly for virtual systems. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3900-1 Released: Tue Nov 8 10:47:55 2022 Summary: Recommended update for docker Type: recommended Severity: moderate References: 1200022 This update for docker fixes the following issues: - Fix a crash-on-start issue with dockerd (bsc#1200022) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3904-1 Released: Tue Nov 8 10:52:13 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1192439 This update for openssh fixes the following issue: - Prevent empty messages from being sent. (bsc#1192439) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3922-1 Released: Wed Nov 9 09:03:33 2022 Summary: Security update for protobuf Type: security Severity: important References: 1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171 This update for protobuf fixes the following issues: - CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530). - CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681) - CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3927-1 Released: Wed Nov 9 14:55:47 2022 Summary: Recommended update for runc Type: recommended Severity: moderate References: 1202021,1202821 This update for runc fixes the following issues: - Update to runc v1.1.4 (bsc#1202021) - Fix failed exec after systemctl daemon-reload (bsc#1202821) - Fix mounting via wrong proc - Fix 'permission denied' error from runc run on noexec filesystem ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3974-1 Released: Mon Nov 14 15:39:20 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1201959,1204211 This update for util-linux fixes the following issues: - Fix file conflict during upgrade (bsc#1204211) - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3999-1 Released: Tue Nov 15 17:08:04 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1204179,1204968,CVE-2022-3821 This update for systemd fixes the following issues: - CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968). - Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string - Document udev naming scheme (bsc#1204179) - Make 'sle15-sp3' net naming scheme still available for backward compatibility reason ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4001-1 Released: Tue Nov 15 17:08:52 2022 Summary: Security update for sudo Type: security Severity: important References: 1204986,CVE-2022-43995 This update for sudo fixes the following issues: - CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4007-1 Released: Wed Nov 16 09:12:44 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1193923,1203806,1203807,1204482,1204483,1204485,1204487,1204488,1204489,1204490,1204494,1204496,CVE-2022-33746,CVE-2022-33747,CVE-2022-33748,CVE-2022-42309,CVE-2022-42310,CVE-2022-42311,CVE-2022-42312,CVE-2022-42313,CVE-2022-42314,CVE-2022-42315,CVE-2022-42316,CVE-2022-42317,CVE-2022-42318,CVE-2022-42319,CVE-2022-42320,CVE-2022-42321,CVE-2022-42322,CVE-2022-42323,CVE-2022-42325,CVE-2022-42326,CVE-2022-42327 This update for xen fixes the following issues: - CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806). - CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807). - CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482) - CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485) - CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487) - CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488) - CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489) - CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490) - CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494) - CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496) - xen: Frontends vulnerable to backends (bsc#1193923). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4019-1 Released: Wed Nov 16 15:44:20 2022 Summary: Recommended update for apparmor Type: recommended Severity: low References: 1202344 This update for apparmor fixes the following issues: - profiles: permit php-fpm pid files directly under run/ (bsc#1202344) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4020-1 Released: Wed Nov 16 15:45:13 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1199856,1202627 This update for nfs-utils fixes the following issues: - Fix nfsdcltrack bug that affected non-x86 archs (bsc#1202627) - Ensure sysctl setting work (bsc#1199856) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4041-1 Released: Thu Nov 17 04:55:47 2022 Summary: Recommended update for libuv Type: recommended Severity: moderate References: 1199062 This update for libuv fixes the following issues: - Remove epoll syscall wrappers. (bsc#1199062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4066-1 Released: Fri Nov 18 10:43:00 2022 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1202324,1204649,1205156 This update for timezone fixes the following issues: Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156): - Mexico will no longer observe DST except near the US border - Chihuahua moves to year-round -06 on 2022-10-30 - Fiji no longer observes DST - In vanguard form, GMT is now a Zone and Etc/GMT a link - zic now supports links to links, and vanguard form uses this - Simplify four Ontario zones - Fix a Y2438 bug when reading TZif data - Enable 64-bit time_t on 32-bit glibc platforms - Omit large-file support when no longer needed - Jordan and Syria switch from +02/+03 with DST to year-round +03 - Palestine transitions are now Saturdays at 02:00 - Simplify three Ukraine zones into one - Improve tzselect on intercontinental Zones - Chile's DST is delayed by a week in September 2022 (bsc#1202324) - Iran no longer observes DST after 2022 - Rename Europe/Kiev to Europe/Kyiv - New `zic -R` command option - Vanguard form now uses %z ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4072-1 Released: Fri Nov 18 13:36:05 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1071995,1152472,1152489,1188238,1194869,1196018,1196632,1199904,1200567,1200692,1200788,1202187,1202686,1202700,1202914,1203098,1203229,1203290,1203435,1203514,1203699,1203767,1203802,1203922,1204017,1204142,1204166,1204168,1204171,1204241,1204353,1204354,1204355,1204402,1204413,1204415,1204417,1204428,1204431,1204439,1204470,1204479,1204498,1204533,1204569,1204574,1204575,1204619,1204635,1204637,1204646,1204647,1204650,1204653,1204693,1204705,1204719,1204728,1204753,1204868,1204926,1204933,1204934,1204947,1204957,1204963,1204970,CVE-2022-1882,CVE-2022-2153,CVE-2022-28748,CVE-2022-2964,CVE-2022-2978,CVE-2022-3169,CVE-2022-33981,CVE-2022-3424,CVE-2022-3435,CVE-2022-3521,CVE-2022-3524,CVE-2022-3526,CVE-2022-3535,CVE-2022-3542,CVE-2022-3545,CVE-2022-3565,CVE-2022-3577,CVE-2022-3586,CVE-2022-3594,CVE-2022-3619,CVE-2022-3621,CVE-2022-3625,CVE-2022-3628,CVE-2022-3629,CVE-2022-3633,CVE-2022-3640,CVE-2022-3646,CVE-2022-3649,CVE-2022-40476,CVE-2022-40768,CVE-2022-42703,CV E-2022-43750 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353). - CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574). - CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435). - CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653). The following non-security bugs were fixed: - acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - acpi: extlog: Handle multiple records (git-fixes). - acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - acpi: video: Make backlight class device registration a separate step (v2) (git-fixes). - acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - alsa: Use del_timer_sync() before freeing timer (git-fixes). - alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - alsa: aoa: Fix I2S device accounting (git-fixes). - alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - alsa: au88x0: use explicitly signed char (git-fixes). - alsa: dmaengine: increment buffer pointer atomically (git-fixes). - alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes). - alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - alsa: hda: Fix position reporting on Poulsbo (git-fixes). - alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - alsa: hda: cs35l41: Support System Suspend (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - alsa: hiface: fix repeated words in comments (git-fixes). - alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes). - alsa: line6: remove line6_set_raw declaration (git-fixes). - alsa: oss: Fix potential deadlock at unregistration (git-fixes). - alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - alsa: rme9652: use explicitly signed char (git-fixes). - alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - alsa: scarlett2: Add support for the internal 'standalone' switch (git-fixes). - alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - alsa: usb-audio: Fix NULL dererence at error path (git-fixes). - alsa: usb-audio: Fix last interface check for registration (git-fixes). - alsa: usb-audio: Fix potential memory leaks (git-fixes). - alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - alsa: usb-audio: Register card at the last interface (git-fixes). - alsa: usb-audio: make read-only array marker static const (git-fixes). - alsa: usb-audio: remove redundant assignment to variable c (git-fixes). - alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - alsa: usb/6fire: fix repeated words in comments (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - arm: Drop CMDLINE_* dependency on ATAGS (git-fixes). - arm: decompressor: Include .data.rel.ro.local (git-fixes). - arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - arm: dts: imx6dl: add missing properties for sram (git-fixes). - arm: dts: imx6q: add missing properties for sram (git-fixes). - arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - arm: dts: imx6qp: add missing properties for sram (git-fixes). - arm: dts: imx6sl: add missing properties for sram (git-fixes). - arm: dts: imx6sll: add missing properties for sram (git-fixes). - arm: dts: imx6sx: add missing properties for sram (git-fixes). - arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - arm: dts: integrator: Tag PCI host with device_type (git-fixes). - arm: dts: kirkwood: lsxl: fix serial line (git-fixes). - arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - arm: dts: turris-omnia: Add label for wan port (git-fixes). - arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - asoc: codecs: tx-macro: fix kcontrol put (git-fixes). - asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes). - asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes). - asoc: tas2764: Allow mono streams (git-fixes). - asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - asoc: tas2764: Fix mute/unmute (git-fixes). - asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - asoc: wm_adsp: Handle optional legacy support (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - bluetooth: L2CAP: Fix user-after-free (git-fixes). - bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - drop Dell Dock regression fix patch again (bsc#1204719) - drop verbose nvme logging feature (bsc#1200567) - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - gcov: support GCC 12.1 and newer compilers (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: hidraw: fix memory leak in hidraw_release() (git-fixes). - hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - hid: multitouch: Add memory barriers (git-fixes). - hid: roccat: Fix use-after-free in roccat_read() (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ib/core: Fix a nested dead lock as part of ODP flow (git-fixes) - ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - ice: Fix switchdev rules book keeping (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - input: i8042 - fix refount leak on sparc (git-fixes). - input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - input: xpad - add supported devices as contributed on github (git-fixes). - input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes). - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - kvm: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes). - kvm: fix avic_set_running for preemptable kernels (git-fixes). - kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - kvm: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes). - kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - kvm: s390x: fix SCK locking (git-fixes). - kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - kvm: x86: Always set kvm_run->if_flag (git-fixes). - kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - kvm: x86: Update vPMCs when retiring branch instructions (git-fixes). - kvm: x86: Update vPMCs when retiring instructions (git-fixes). - kvm: x86: do not report preemption if the steal time cache is stale (git-fixes). - kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac802154: Fix LQI recording (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - move upstreamed BT fixes into sorted section - move upstreamed patches into sorted section - move upstreamed sound patches into sorted section - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfs: Fix another fsync() issue after a server reboot (git-fixes). - nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes). - pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - plip: avoid rcu debug splat (git-fixes). - pm: domains: Fix handling of unavailable/disabled idle states (git-fixes). - pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - rdma/cma: Fix arguments order in net device validation (git-fixes) - rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - rdma/irdma: Add support for address handle re-use (git-fixes) - rdma/irdma: Align AE id codes to correct flush code and event (git-fixes) - rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes) - rdma/irdma: Fix VLAN connection with wildcard address (git-fixes) - rdma/irdma: Fix a window for use-after-free (git-fixes) - rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - rdma/irdma: Fix sleep from invalid context BUG (git-fixes) - rdma/irdma: Move union irdma_sockaddr to header file (git-fixes) - rdma/irdma: Remove the unnecessary variable saddr (git-fixes) - rdma/irdma: Report RNR NAK generation in device caps (git-fixes) - rdma/irdma: Report the correct max cqes from query device (git-fixes) - rdma/irdma: Return correct WC error for bind operation failure (git-fixes) - rdma/irdma: Return error on MR deregister CQP failure (git-fixes) - rdma/irdma: Use net_type to check network type (git-fixes) - rdma/irdma: Validate udata inlen and outlen (git-fixes) - rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes) - rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - rdma/qedr: Fix reporting QP timeout attribute (git-fixes) - rdma/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes) - rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - rdma/rxe: Fix rnr retry behavior (git-fixes) - rdma/rxe: Fix the error caused by qp->sk (git-fixes) - rdma/rxe: For invalidate compare according to set keys in mr (git-fixes) - rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - rdma/siw: Pass a pointer to virt_to_page() (git-fixes) - rdma/srp: Fix srp_abort() (git-fixes) - rdma/srp: Handle dev_set_name() failure (git-fixes) - rdma/srp: Rework the srp_add_port() error path (git-fixes) - rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - rdma/srp: Support more than 255 rdma ports (git-fixes) - rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - rdma/srpt: Duplicate port name members (git-fixes) - rdma/srpt: Fix a use-after-free (git-fixes) - rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes) - rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - rdma: remove useless condition in siw_create_cq() (git-fixes) - regulator: core: Prevent integer underflow (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - revert 'SUNRPC: Remove unreachable error condition' (git-fixes). - revert 'crypto: qat - reduce size of mapped region' (git-fixes). - revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes). - revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes). - revert 'workqueue: remove unused cancel_work()' (bsc#1204933). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: use 'grep -E' instead of 'egrep' (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing: Add '(fault)' name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: <RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1 - update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - virt: vbox: convert to use dev_groups (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - xen/gntdev: Prevent leaking grants (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). The following package changes have been done: - apparmor-abstractions-3.0.4-150400.5.3.1 updated - apparmor-parser-3.0.4-150400.5.3.1 updated - bind-utils-9.16.33-150400.5.11.1 updated - curl-7.79.1-150400.5.9.1 updated - dbus-1-1.12.2-150400.18.5.1 updated - docker-20.10.17_ce-150000.169.1 updated - grub2-i386-pc-2.06-150400.11.12.1 updated - grub2-x86_64-efi-2.06-150400.11.12.1 updated - grub2-2.06-150400.11.12.1 updated - kdump-1.0.2+git14.gb49d4a3-150400.3.5.1 updated - kernel-default-5.14.21-150400.24.33.2 updated - libapparmor1-3.0.4-150400.5.3.1 updated - libblkid1-2.37.2-150400.8.8.1 updated - libcurl4-7.79.1-150400.5.9.1 updated - libdbus-1-3-1.12.2-150400.18.5.1 updated - libexpat1-2.4.4-150400.3.12.1 updated - libfdisk1-2.37.2-150400.8.8.1 updated - libgnutls30-3.7.3-150400.4.19.1 updated - libksba8-1.3.5-150000.4.3.1 updated - libmount1-2.37.2-150400.8.8.1 updated - libopenssl1_1-1.1.1l-150400.7.13.1 updated - libprotobuf-lite20-3.9.2-150200.4.19.2 updated - libsmartcols1-2.37.2-150400.8.8.1 updated - libsystemd0-249.12-150400.8.13.1 updated - libtasn1-6-4.13-150000.4.8.1 updated - libtasn1-4.13-150000.4.8.1 updated - libudev1-249.12-150400.8.13.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.8.1 updated - libuv1-1.18.0-150400.11.3.1 updated - libxml2-2-2.9.14-150400.5.10.1 updated - libz1-1.2.11-150000.3.36.1 updated - libzck1-1.1.16-150400.3.2.1 updated - nfs-client-2.1.1-150100.10.27.1 updated - openssh-clients-8.4p1-150300.3.12.2 updated - openssh-common-8.4p1-150300.3.12.2 updated - openssh-server-8.4p1-150300.3.12.2 updated - openssh-8.4p1-150300.3.12.2 updated - openssl-1_1-1.1.1l-150400.7.13.1 updated - pam-1.3.0-150000.6.61.1 updated - permissions-20201225-150400.5.16.1 updated - python3-bind-9.16.33-150400.5.11.1 updated - runc-1.1.4-150000.36.1 updated - sudo-1.9.9-150400.4.6.1 updated - systemd-sysvinit-249.12-150400.8.13.1 updated - systemd-249.12-150400.8.13.1 updated - timezone-2022f-150000.75.15.1 updated - udev-249.12-150400.8.13.1 updated - update-alternatives-1.19.0.4-150000.4.4.1 updated - util-linux-systemd-2.37.2-150400.8.8.1 updated - util-linux-2.37.2-150400.8.8.1 updated - xen-libs-4.16.2_08-150400.4.16.1 updated From sle-updates at lists.suse.com Tue Dec 20 10:35:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 11:35:23 +0100 (CET) Subject: SUSE-IU-2022:1149-1: Security update of sles-15-sp4-chost-byos-v20221215-arm64 Message-ID: <20221220103523.D1708FD2D@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20221215-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1149-1 Image Tags : sles-15-sp4-chost-byos-v20221215-arm64:20221215 Image Release : Severity : important Type : security References : 1179465 1184124 1184689 1186787 1187655 1188086 1188607 1189560 1190651 1191833 1192252 1192478 1192508 1192648 1196076 1197284 1197428 1197998 1198165 1198625 1198894 1199074 1200330 1200505 1200657 1200803 1200901 1200994 1201053 1202014 1202269 1202337 1202417 1202750 1202962 1203110 1203125 1203152 1203155 1203194 1203216 1203267 1203272 1203341 1203368 1203482 1203508 1203509 1203600 1203749 1203796 1203797 1203799 1203818 1203820 1203894 1203924 1203957 1204440 1204577 1204706 1204720 1204779 1204821 1204844 1205126 1205178 1205182 1205275 1206065 1206235 876845 877776 885007 896188 988954 CVE-2019-18348 CVE-2020-10735 CVE-2020-8492 CVE-2021-3928 CVE-2022-23471 CVE-2022-2601 CVE-2022-27191 CVE-2022-2980 CVE-2022-2982 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVE-2022-37454 CVE-2022-3775 CVE-2022-42898 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20221215-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4135-1 Released: Mon Nov 21 00:13:40 2022 Summary: Recommended update for libeconf Type: recommended Severity: moderate References: 1198165 This update for libeconf fixes the following issues: - Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165) - Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters' ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4141-1 Released: Mon Nov 21 09:28:07 2022 Summary: Security update for grub2 Type: security Severity: important References: 1205178,1205182,CVE-2022-2601,CVE-2022-3775 This update for grub2 fixes the following issues: - CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178). - CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182). Other: - Bump upstream SBAT generation to 3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4153-1 Released: Mon Nov 21 14:34:09 2022 Summary: Security update for krb5 Type: security Severity: important References: 1205126,CVE-2022-42898 This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4160-1 Released: Tue Nov 22 10:10:37 2022 Summary: Recommended update for nfsidmap Type: recommended Severity: moderate References: 1200901 This update for nfsidmap fixes the following issues: - Various bugfixes and improvemes from upstream In particular, fixed a crash that can happen when a 'static' mapping is configured. (bsc#1200901) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4162-1 Released: Tue Nov 22 10:56:10 2022 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1202014,1203267,1203368,1203749,1203894 This update for dracut fixes the following issues: - A series of fixes for NVMeoF boot to resolve wrong information that is added by dracut (bsc#1203368) - network-manager: always install the library plugins directory (bsc#1202014) - dmsquash-live: correct regression introduced with shellcheck changes (bsc#1203894) - systemd: add missing modprobe at .service (bsc#1203749) - i18n: do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4198-1 Released: Wed Nov 23 13:15:04 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1202750 This update for rpm fixes the following issues: - Strip critical bit in signature subpackage parsing - No longer deadlock DNF after pubkey import (bsc#1202750) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4212-1 Released: Thu Nov 24 15:53:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1190651 This update for openssl-1_1 fixes the following issues: - FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651) - FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651) - FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4217-1 Released: Fri Nov 25 07:23:35 2022 Summary: Recommended update for wget Type: recommended Severity: moderate References: 1204720 This update for wget fixes the following issues: - Truncate long file names to prevent wget failures (bsc#1204720) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4226-1 Released: Fri Nov 25 18:16:59 2022 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1196076,1198625,1200803,1200994,1203341,1204821 This update for suseconnect-ng fixes the following issues: - Fix System-Token support in ruby binding (bsc#1203341) - Use system-wide proxy settings (bsc#1200994) - Add timer for SUSEConnect --keepalive (bsc#1196076) - Added support for the System-Token header - Add Keepalive command line option - Print nested zypper errors (bsc#1200803) - Fix migration json error with SMT (bsc#1198625) - Packaging adjustments (bsc#1204821) - Add option to run local scc tests ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4227-1 Released: Fri Nov 25 18:17:31 2022 Summary: Recommended update for release-notes-sle-micro Type: recommended Severity: low References: 1204440 This update for samba fixes the following issue: - Make samba-tool available in the basesystem (bsc#1204440) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4262-1 Released: Tue Nov 29 05:45:23 2022 Summary: Recommended update for lvm2 Type: recommended Severity: important References: 1199074,1203216,1203482 This update for lvm2 fixes the following issues: - Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216) - Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074) - Fix lvmlockd to support sanlock (bsc#1203482) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4278-1 Released: Tue Nov 29 15:43:49 2022 Summary: Security update for supportutils Type: security Severity: moderate References: 1184689,1188086,1192252,1192648,1197428,1200330,1202269,1202337,1202417,1203818 This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important References: 1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454 This update for python3 fixes the following issues: - CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577) - CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125) The following non-security bug was fixed: - Fixed a crash in the garbage collection (bsc#1188607). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4282-1 Released: Tue Nov 29 15:50:15 2022 Summary: Security update for vim Type: security Severity: important References: 1192478,1202962,1203110,1203152,1203155,1203194,1203272,1203508,1203509,1203796,1203797,1203799,1203820,1203924,1204779,CVE-2021-3928,CVE-2022-2980,CVE-2022-2982,CVE-2022-3037,CVE-2022-3099,CVE-2022-3134,CVE-2022-3153,CVE-2022-3234,CVE-2022-3235,CVE-2022-3278,CVE-2022-3296,CVE-2022-3297,CVE-2022-3324,CVE-2022-3352,CVE-2022-3705 This update for vim fixes the following issues: Updated to version 9.0 with patch level 0814: - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508). - CVE-2022-3235: Fixed use-after-free (bsc#1203509). - CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820). - CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779). - CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152). - CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796). - CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797). - CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110). - CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194). - CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272). - CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799). - CVE-2022-3352: Fixed use-after-free (bsc#1203924). - CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155). - CVE-2022-3037: Fixed use-after-free (bsc#1202962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4328-1 Released: Tue Dec 6 12:25:12 2022 Summary: Recommended update for audit-secondary Type: recommended Severity: moderate References: 1204844 This update for audit-secondary fixes the following issues: - Fix rules not loaded when restarting auditd.service (bsc#1204844) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4340-1 Released: Wed Dec 7 12:54:47 2022 Summary: Feature update for wicked Type: feature Severity: moderate References: 1184124,1186787,1187655,1189560,1192508,1198894,1200505,1201053,876845,877776,885007,896188,988954 This update for wicked fixes the following issues: - build: Ensure binaries are Position Independent Executable (PIE) (bsc#1184124) - client: Add release options to ifdown/ifreload (jsc#SLE-25048, jsc#SLE-10249) - client: Fix memory access violation (SEGV) on empty xpath results - dbus: Clear string array before append - dhcp4: Fix issues in reuse of last lease (bsc#1187655) - dhcp6: Add option to refresh lease (jsc#SLE-24310, jsc#SLE-9492, jsc#SLE-24307) - dhcp6: Consider ppp interfaces supported - dhcp6: Ignore lease release status - dhcp6: Remove address before release - firewall-ext: No config change on ifdown (bsc#1201053, bsc#1189560) - socket: Fix memory access violation (SEGV) on heavy socket restart errors (bsc#1192508) - systemd: Remove systemd-udev-settle dependency (bsc#1186787) - team: Fix to configure port priority in teamd (bsc#1200505) - wireless: Add support for WPA3 and PMF (bsc#1198894) - wireless: Fix memory access violation (SEGV) on supplicant restart - wireless: Remove libiw dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4370-1 Released: Thu Dec 8 17:19:14 2022 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1191833,1205275 This update for rsyslog fixes the following issues: - Parsing of legacy config syntax (bsc#1205275) - Remove $klogConsoleLogLevel setting from rsyslog.conf as this legacy setting from pre-systemd times is obsolete and can block important systemd messages (bsc#1191833) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4383-1 Released: Fri Dec 9 04:01:50 2022 Summary: Recommended update for iputils Type: recommended Severity: important References: 1203957 This update for iputils fixes the following issues: - Fix occasional memory access violation when using `ping` (bsc#1203957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4463-1 Released: Tue Dec 13 17:04:31 2022 Summary: Security update for containerd Type: security Severity: important References: 1197284,1206065,1206235,CVE-2022-23471,CVE-2022-27191 This update for containerd fixes the following issues: Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065). Also includes the following fix: - CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4469-1 Released: Wed Dec 14 06:05:13 2022 Summary: Recommended update for sudo Type: recommended Severity: important References: 1197998 This update for sudo fixes the following issues: - Change sudo-ldap schema from ASCII to UTF8 to fix a regression introduced in a previous maintenance update (bsc#1197998) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish The following package changes have been done: - audit-3.0.6-150400.4.6.1 updated - containerd-ctr-1.6.12-150000.79.1 updated - containerd-1.6.12-150000.79.1 updated - dracut-mkinitrd-deprecated-055+suse.323.gca0e74f0-150400.3.13.1 updated - dracut-055+suse.323.gca0e74f0-150400.3.13.1 updated - grub2-i386-pc-2.06-150400.11.17.1 updated - grub2-x86_64-efi-2.06-150400.11.17.1 updated - grub2-2.06-150400.11.17.1 updated - iputils-20211215-150400.3.3.2 updated - krb5-1.19.2-150400.3.3.1 updated - libdevmapper1_03-2.03.05_1.02.163-150400.185.1 updated - libeconf0-0.4.6+git20220427.3016f4e-150400.3.3.1 updated - libgcc_s1-12.2.1+git416-150000.1.5.1 updated - libopenssl1_1-1.1.1l-150400.7.16.1 updated - libpython3_6m1_0-3.6.15-150300.10.37.2 updated - libstdc++6-12.2.1+git416-150000.1.5.1 updated - nfsidmap-0.26-150000.3.7.1 updated - openssh-clients-8.4p1-150300.3.15.4 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-server-8.4p1-150300.3.15.4 updated - openssh-8.4p1-150300.3.15.4 updated - openssl-1_1-1.1.1l-150400.7.16.1 updated - python3-base-3.6.15-150300.10.37.2 updated - python3-3.6.15-150300.10.37.2 updated - rpm-ndb-4.14.3-150300.52.1 updated - rsyslog-8.2106.0-150400.5.11.1 updated - samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.16.11 updated - sudo-1.9.9-150400.4.9.1 updated - supportutils-3.1.21-150300.7.35.15.1 updated - suse-build-key-12.0-150000.8.28.1 updated - suseconnect-ng-1.0.0~git0.faee7c196dc1-150400.3.7.3 updated - system-group-audit-3.0.6-150400.4.6.1 updated - tar-1.34-150000.3.22.3 updated - vim-data-common-9.0.0814-150000.5.28.1 updated - vim-9.0.0814-150000.5.28.1 updated - wget-1.20.3-150000.3.15.1 updated - wicked-service-0.6.70-150400.3.3.1 updated - wicked-0.6.70-150400.3.3.1 updated From sle-updates at lists.suse.com Tue Dec 20 11:21:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 12:21:16 +0100 (CET) Subject: SUSE-SU-2022:4579-1: important: Security update for MozillaThunderbird Message-ID: <20221220112116.B9D67FD89@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4579-1 Rating: important References: #1206242 Cross-References: CVE-2022-46872 CVE-2022-46874 CVE-2022-46875 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: Update to version 102.6 (bsc#1206242): - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions - CVE-2022-46875: Download Protections were bypassed by .atloc and .ftploc files on Mac OS - CVE-2022-46882: Use-after-free in WebGL - CVE-2022-46878: Memory safety bugs fixed in Thunderbird 102.6 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4579=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4579=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4579=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4579=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.6.0-150200.8.96.1 MozillaThunderbird-debuginfo-102.6.0-150200.8.96.1 MozillaThunderbird-debugsource-102.6.0-150200.8.96.1 MozillaThunderbird-translations-common-102.6.0-150200.8.96.1 MozillaThunderbird-translations-other-102.6.0-150200.8.96.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.6.0-150200.8.96.1 MozillaThunderbird-debuginfo-102.6.0-150200.8.96.1 MozillaThunderbird-debugsource-102.6.0-150200.8.96.1 MozillaThunderbird-translations-common-102.6.0-150200.8.96.1 MozillaThunderbird-translations-other-102.6.0-150200.8.96.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-102.6.0-150200.8.96.1 MozillaThunderbird-debuginfo-102.6.0-150200.8.96.1 MozillaThunderbird-debugsource-102.6.0-150200.8.96.1 MozillaThunderbird-translations-common-102.6.0-150200.8.96.1 MozillaThunderbird-translations-other-102.6.0-150200.8.96.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-102.6.0-150200.8.96.1 MozillaThunderbird-debuginfo-102.6.0-150200.8.96.1 MozillaThunderbird-debugsource-102.6.0-150200.8.96.1 MozillaThunderbird-translations-common-102.6.0-150200.8.96.1 MozillaThunderbird-translations-other-102.6.0-150200.8.96.1 References: https://www.suse.com/security/cve/CVE-2022-46872.html https://www.suse.com/security/cve/CVE-2022-46874.html https://www.suse.com/security/cve/CVE-2022-46875.html https://www.suse.com/security/cve/CVE-2022-46878.html https://www.suse.com/security/cve/CVE-2022-46880.html https://www.suse.com/security/cve/CVE-2022-46881.html https://www.suse.com/security/cve/CVE-2022-46882.html https://bugzilla.suse.com/1206242 From sle-updates at lists.suse.com Tue Dec 20 14:20:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 15:20:19 +0100 (CET) Subject: SUSE-SU-2022:4580-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) Message-ID: <20221220142019.7F217FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4580-1 Rating: important References: #1203606 #1204424 #1204486 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-3545 CVE-2022-3577 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150200_24_112 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4580=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150200_24_112-default-11-150200.2.2 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-11-150200.2.2 kernel-livepatch-SLE15-SP2_Update_26-debugsource-11-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Tue Dec 20 14:22:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 15:22:19 +0100 (CET) Subject: SUSE-RU-2022:4581-1: important: Recommended update for cpuset Message-ID: <20221220142219.2BD4EFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for cpuset ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4581-1 Rating: important References: MSC-488 Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for cpuset fixes the following issues: - Change to Python 2 on SUSE Linux Enterprise 12 Service Pack 5 because the required python3-future is not available Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-4581=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cpuset-1.6-3.6.2 References: From sle-updates at lists.suse.com Tue Dec 20 17:23:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 18:23:22 +0100 (CET) Subject: SUSE-RU-2022:4583-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <20221220172322.26859FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4583-1 Rating: critical References: #1206428 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client contains the following fix: - Update to version 10.0.8 (bsc#1206428) - Fix regression introduced by 10.0.7. When the hosts file was modified such that there is no empty line at the end of the file the content after removing the registration data does not match the content prior to registration. The update fixes the issue triggered by an index logic error. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-4583=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-4583=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-10.0.8-52.90.1 cloud-regionsrv-client-addon-azure-1.0.5-52.90.1 cloud-regionsrv-client-generic-config-1.0.0-52.90.1 cloud-regionsrv-client-plugin-azure-2.0.0-52.90.1 cloud-regionsrv-client-plugin-ec2-1.0.2-52.90.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.90.1 References: https://bugzilla.suse.com/1206428 From sle-updates at lists.suse.com Tue Dec 20 17:24:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 18:24:12 +0100 (CET) Subject: SUSE-SU-2022:4587-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP2) Message-ID: <20221220172412.239CCFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4587-1 Rating: important References: #1203008 #1203606 #1204424 #1204486 #1204576 #1205130 #1205815 #1206228 Cross-References: CVE-2022-2964 CVE-2022-3545 CVE-2022-3577 CVE-2022-3586 CVE-2022-41218 CVE-2022-4139 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_102 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4582=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-4587=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-4588=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_102-default-16-150200.2.2 kernel-livepatch-5_3_18-24_102-default-debuginfo-16-150200.2.2 kernel-livepatch-5_3_18-24_107-default-15-150200.2.2 kernel-livepatch-5_3_18-24_107-default-debuginfo-15-150200.2.2 kernel-livepatch-5_3_18-24_99-default-17-150200.2.2 kernel-livepatch-5_3_18-24_99-default-debuginfo-17-150200.2.2 kernel-livepatch-SLE15-SP2_Update_23-debugsource-17-150200.2.2 kernel-livepatch-SLE15-SP2_Update_24-debugsource-16-150200.2.2 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-15-150200.2.2 References: https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205815 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Tue Dec 20 17:25:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 18:25:49 +0100 (CET) Subject: SUSE-SU-2022:4586-1: important: Security update for openssl-3 Message-ID: <20221220172549.F2458FD84@maintenance.suse.de> SUSE Security Update: Security update for openssl-3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4586-1 Rating: important References: #1206374 Cross-References: CVE-2022-3786 CVE-2022-3996 CVSS scores: CVE-2022-3786 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3786 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3996 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openssl-3 fixes the following issues: - CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking (bsc#1206374) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4586=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4586=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.14.1 libopenssl3-3.0.1-150400.4.14.1 libopenssl3-debuginfo-3.0.1-150400.4.14.1 openssl-3-3.0.1-150400.4.14.1 openssl-3-debuginfo-3.0.1-150400.4.14.1 openssl-3-debugsource-3.0.1-150400.4.14.1 - openSUSE Leap 15.4 (noarch): openssl-3-doc-3.0.1-150400.4.14.1 - openSUSE Leap 15.4 (x86_64): libopenssl-3-devel-32bit-3.0.1-150400.4.14.1 libopenssl3-32bit-3.0.1-150400.4.14.1 libopenssl3-32bit-debuginfo-3.0.1-150400.4.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenssl-3-devel-3.0.1-150400.4.14.1 libopenssl3-3.0.1-150400.4.14.1 libopenssl3-debuginfo-3.0.1-150400.4.14.1 openssl-3-3.0.1-150400.4.14.1 openssl-3-debuginfo-3.0.1-150400.4.14.1 openssl-3-debugsource-3.0.1-150400.4.14.1 References: https://www.suse.com/security/cve/CVE-2022-3786.html https://www.suse.com/security/cve/CVE-2022-3996.html https://bugzilla.suse.com/1206374 From sle-updates at lists.suse.com Tue Dec 20 17:26:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 18:26:46 +0100 (CET) Subject: SUSE-RU-2022:4584-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <20221220172646.E455BFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4584-1 Rating: critical References: #1206428 Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.8 (bsc#1206428) - Fix regression introduced by 10.0.7. When the hosts file was modified such that there is no empty line at the end of the file the content after removing the registration data does not match the content prior to registration. The update fixes the issue triggered by an index logic error. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4584=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4584=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4584=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-4584=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-4584=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4584=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4584=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-4584=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4584=1 Package List: - openSUSE Leap Micro 5.3 (noarch): cloud-regionsrv-client-10.0.8-150000.6.86.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.86.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.86.1 - openSUSE Leap 15.4 (noarch): cloud-regionsrv-client-10.0.8-150000.6.86.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.86.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.86.1 - openSUSE Leap 15.3 (noarch): cloud-regionsrv-client-10.0.8-150000.6.86.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.86.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): cloud-regionsrv-client-10.0.8-150000.6.86.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.86.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.86.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-10.0.8-150000.6.86.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.86.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.86.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-10.0.8-150000.6.86.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.86.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.86.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-10.0.8-150000.6.86.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.86.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.86.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-10.0.8-150000.6.86.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.86.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 - SUSE Linux Enterprise Micro 5.3 (noarch): cloud-regionsrv-client-10.0.8-150000.6.86.1 cloud-regionsrv-client-addon-azure-1.0.5-150000.6.86.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.86.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.86.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.86.1 References: https://bugzilla.suse.com/1206428 From sle-updates at lists.suse.com Tue Dec 20 17:28:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 18:28:29 +0100 (CET) Subject: SUSE-SU-2022:4589-1: important: Security update for the Linux Kernel Message-ID: <20221220172829.9A69AFD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4589-1 Rating: important References: #1196018 #1198702 #1199365 #1200788 #1200845 #1201455 #1201725 #1202686 #1202700 #1203008 #1203066 #1203067 #1203290 #1203322 #1203391 #1203496 #1203511 #1203514 #1203860 #1203960 #1204017 #1204053 #1204166 #1204168 #1204170 #1204228 #1204354 #1204355 #1204402 #1204414 #1204415 #1204417 #1204424 #1204431 #1204432 #1204439 #1204446 #1204470 #1204479 #1204486 #1204574 #1204575 #1204576 #1204631 #1204635 #1204636 #1204637 #1204646 #1204647 #1204653 #1204745 #1204780 #1204850 #1204868 #1205128 #1205130 #1205220 #1205473 #1205514 #1205617 #1205671 #1205700 #1205705 #1205709 #1205711 #1205796 #1206207 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-2602 CVE-2022-28693 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-3176 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3646 CVE-2022-3649 CVE-2022-3707 CVE-2022-3903 CVE-2022-39189 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 44 vulnerabilities and has 23 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-3625: Fixed a user-after-free vulnerability in devlink_param_set/devlink_param_get of the file net/core/devlink.c (bsc#1204637). - CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-39189: Fixed an issue were an unprivileged guest users can compromise the guest kernel because TLB flush operations were mishandled in certain KVM_VCPU_PREEMPTED situations (bsc#1203066). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-2978: Fixed a use-after-free in the NILFS file system (bsc#1202700). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (bsc#1204017). - Drivers: hv: vmbus: Always handle the VMBus messages on CPU0 (bsc#1204017). - Drivers: hv: vmbus: Do not bind the offer&rescind works to a specific CPU (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1204017). - Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels (bsc#1204017). - Drivers: hv: vmbus: Use a spin lock for synchronizing channel scheduling vs. channel removal (bsc#1204017). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add hibernation support (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hibernation in case interrupts are not re-created (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Prepare hv_compose_msi_msg() for the VMBus-channel-interrupt-to-vCPU reassignment functionality (bsc#1204017). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add the support of hibernation (bsc#1204017). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix hibernation for mlx5 VF driver (bsc#1204850). - hv_netvsc: Fix potential dereference of NULL pointer (bsc#1204017). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Switch the data path at the right time during hibernation (bsc#1204850). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: netvsc: remove break after return (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4589=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4589=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4589=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4589=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4589=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4589=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4589=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4589=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4589=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-4589=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4589=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.139.1 kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-devel-5.3.18-150200.24.139.1 kernel-default-devel-debuginfo-5.3.18-150200.24.139.1 kernel-obs-build-5.3.18-150200.24.139.1 kernel-obs-build-debugsource-5.3.18-150200.24.139.1 kernel-syms-5.3.18-150200.24.139.1 reiserfs-kmp-default-5.3.18-150200.24.139.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.139.1 - SUSE Manager Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.139.1 kernel-docs-5.3.18-150200.24.139.1 kernel-macros-5.3.18-150200.24.139.1 kernel-source-5.3.18-150200.24.139.1 - SUSE Manager Server 4.1 (x86_64): kernel-preempt-5.3.18-150200.24.139.1 kernel-preempt-debuginfo-5.3.18-150200.24.139.1 kernel-preempt-debugsource-5.3.18-150200.24.139.1 kernel-preempt-devel-5.3.18-150200.24.139.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.139.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kernel-default-5.3.18-150200.24.139.1 kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-devel-5.3.18-150200.24.139.1 kernel-default-devel-debuginfo-5.3.18-150200.24.139.1 kernel-obs-build-5.3.18-150200.24.139.1 kernel-obs-build-debugsource-5.3.18-150200.24.139.1 kernel-preempt-5.3.18-150200.24.139.1 kernel-preempt-debuginfo-5.3.18-150200.24.139.1 kernel-preempt-debugsource-5.3.18-150200.24.139.1 kernel-preempt-devel-5.3.18-150200.24.139.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.139.1 kernel-syms-5.3.18-150200.24.139.1 reiserfs-kmp-default-5.3.18-150200.24.139.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.139.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.139.1 kernel-docs-5.3.18-150200.24.139.1 kernel-macros-5.3.18-150200.24.139.1 kernel-source-5.3.18-150200.24.139.1 - SUSE Manager Proxy 4.1 (x86_64): kernel-default-5.3.18-150200.24.139.1 kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-devel-5.3.18-150200.24.139.1 kernel-default-devel-debuginfo-5.3.18-150200.24.139.1 kernel-obs-build-5.3.18-150200.24.139.1 kernel-obs-build-debugsource-5.3.18-150200.24.139.1 kernel-preempt-5.3.18-150200.24.139.1 kernel-preempt-debuginfo-5.3.18-150200.24.139.1 kernel-preempt-debugsource-5.3.18-150200.24.139.1 kernel-preempt-devel-5.3.18-150200.24.139.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.139.1 kernel-syms-5.3.18-150200.24.139.1 reiserfs-kmp-default-5.3.18-150200.24.139.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.139.1 - SUSE Manager Proxy 4.1 (noarch): kernel-devel-5.3.18-150200.24.139.1 kernel-docs-5.3.18-150200.24.139.1 kernel-macros-5.3.18-150200.24.139.1 kernel-source-5.3.18-150200.24.139.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-150200.24.139.1 kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-devel-5.3.18-150200.24.139.1 kernel-default-devel-debuginfo-5.3.18-150200.24.139.1 kernel-obs-build-5.3.18-150200.24.139.1 kernel-obs-build-debugsource-5.3.18-150200.24.139.1 kernel-syms-5.3.18-150200.24.139.1 reiserfs-kmp-default-5.3.18-150200.24.139.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.139.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-150200.24.139.1 kernel-preempt-debuginfo-5.3.18-150200.24.139.1 kernel-preempt-debugsource-5.3.18-150200.24.139.1 kernel-preempt-devel-5.3.18-150200.24.139.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.139.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-150200.24.139.1 kernel-docs-5.3.18-150200.24.139.1 kernel-macros-5.3.18-150200.24.139.1 kernel-source-5.3.18-150200.24.139.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.139.1 kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-devel-5.3.18-150200.24.139.1 kernel-default-devel-debuginfo-5.3.18-150200.24.139.1 kernel-obs-build-5.3.18-150200.24.139.1 kernel-obs-build-debugsource-5.3.18-150200.24.139.1 kernel-syms-5.3.18-150200.24.139.1 reiserfs-kmp-default-5.3.18-150200.24.139.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.139.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150200.24.139.1 kernel-preempt-debuginfo-5.3.18-150200.24.139.1 kernel-preempt-debugsource-5.3.18-150200.24.139.1 kernel-preempt-devel-5.3.18-150200.24.139.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.139.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.139.1 kernel-docs-5.3.18-150200.24.139.1 kernel-macros-5.3.18-150200.24.139.1 kernel-source-5.3.18-150200.24.139.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kernel-default-5.3.18-150200.24.139.1 kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-devel-5.3.18-150200.24.139.1 kernel-default-devel-debuginfo-5.3.18-150200.24.139.1 kernel-obs-build-5.3.18-150200.24.139.1 kernel-obs-build-debugsource-5.3.18-150200.24.139.1 kernel-preempt-5.3.18-150200.24.139.1 kernel-preempt-debuginfo-5.3.18-150200.24.139.1 kernel-preempt-debugsource-5.3.18-150200.24.139.1 kernel-preempt-devel-5.3.18-150200.24.139.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.139.1 kernel-syms-5.3.18-150200.24.139.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-devel-5.3.18-150200.24.139.1 kernel-docs-5.3.18-150200.24.139.1 kernel-macros-5.3.18-150200.24.139.1 kernel-source-5.3.18-150200.24.139.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-livepatch-5.3.18-150200.24.139.1 kernel-default-livepatch-devel-5.3.18-150200.24.139.1 kernel-livepatch-5_3_18-150200_24_139-default-1-150200.5.5.1 kernel-livepatch-5_3_18-150200_24_139-default-debuginfo-1-150200.5.5.1 kernel-livepatch-SLE15-SP2_Update_32-debugsource-1-150200.5.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-150200.24.139.1 kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-devel-5.3.18-150200.24.139.1 kernel-default-devel-debuginfo-5.3.18-150200.24.139.1 kernel-obs-build-5.3.18-150200.24.139.1 kernel-obs-build-debugsource-5.3.18-150200.24.139.1 kernel-preempt-5.3.18-150200.24.139.1 kernel-preempt-debuginfo-5.3.18-150200.24.139.1 kernel-preempt-debugsource-5.3.18-150200.24.139.1 kernel-preempt-devel-5.3.18-150200.24.139.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.139.1 kernel-syms-5.3.18-150200.24.139.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.139.1 kernel-docs-5.3.18-150200.24.139.1 kernel-macros-5.3.18-150200.24.139.1 kernel-source-5.3.18-150200.24.139.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150200.24.139.1 kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-devel-5.3.18-150200.24.139.1 kernel-default-devel-debuginfo-5.3.18-150200.24.139.1 kernel-obs-build-5.3.18-150200.24.139.1 kernel-obs-build-debugsource-5.3.18-150200.24.139.1 kernel-preempt-5.3.18-150200.24.139.1 kernel-preempt-debuginfo-5.3.18-150200.24.139.1 kernel-preempt-debugsource-5.3.18-150200.24.139.1 kernel-preempt-devel-5.3.18-150200.24.139.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.139.1 kernel-syms-5.3.18-150200.24.139.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-devel-5.3.18-150200.24.139.1 kernel-docs-5.3.18-150200.24.139.1 kernel-macros-5.3.18-150200.24.139.1 kernel-source-5.3.18-150200.24.139.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150200.24.139.1 cluster-md-kmp-default-debuginfo-5.3.18-150200.24.139.1 dlm-kmp-default-5.3.18-150200.24.139.1 dlm-kmp-default-debuginfo-5.3.18-150200.24.139.1 gfs2-kmp-default-5.3.18-150200.24.139.1 gfs2-kmp-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 ocfs2-kmp-default-5.3.18-150200.24.139.1 ocfs2-kmp-default-debuginfo-5.3.18-150200.24.139.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-150200.24.139.1 kernel-default-base-5.3.18-150200.24.139.1.150200.9.65.2 kernel-default-debuginfo-5.3.18-150200.24.139.1 kernel-default-debugsource-5.3.18-150200.24.139.1 kernel-default-devel-5.3.18-150200.24.139.1 kernel-default-devel-debuginfo-5.3.18-150200.24.139.1 kernel-obs-build-5.3.18-150200.24.139.1 kernel-obs-build-debugsource-5.3.18-150200.24.139.1 kernel-preempt-5.3.18-150200.24.139.1 kernel-preempt-debuginfo-5.3.18-150200.24.139.1 kernel-preempt-debugsource-5.3.18-150200.24.139.1 kernel-preempt-devel-5.3.18-150200.24.139.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.139.1 kernel-syms-5.3.18-150200.24.139.1 reiserfs-kmp-default-5.3.18-150200.24.139.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.139.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-150200.24.139.1 kernel-docs-5.3.18-150200.24.139.1 kernel-macros-5.3.18-150200.24.139.1 kernel-source-5.3.18-150200.24.139.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1199365 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1201725 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203496 https://bugzilla.suse.com/1203511 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203860 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204053 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204228 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204432 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204745 https://bugzilla.suse.com/1204780 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205700 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205711 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1206207 From sle-updates at lists.suse.com Tue Dec 20 17:36:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 18:36:20 +0100 (CET) Subject: SUSE-SU-2022:4591-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20221220173620.A647DFD84@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4591-1 Rating: moderate References: #1204703 #1205302 Cross-References: CVE-2022-3676 CVSS scores: CVE-2022-3676 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-3676 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for java-1_7_1-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 7.1.5.15, adding the reference here. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4591=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4591=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4591=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4591=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4591=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4591=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4591=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.77.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.77.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr5.15-38.77.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.77.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.77.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.77.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.77.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.77.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.77.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-alsa-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-devel-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.15-38.77.1 java-1_7_1-ibm-plugin-1.7.1_sr5.15-38.77.1 References: https://www.suse.com/security/cve/CVE-2022-3676.html https://bugzilla.suse.com/1204703 https://bugzilla.suse.com/1205302 From sle-updates at lists.suse.com Tue Dec 20 17:38:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 18:38:03 +0100 (CET) Subject: SUSE-SU-2022:4585-1: important: Security update for the Linux Kernel Message-ID: <20221220173803.087B7FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4585-1 Rating: important References: #1065729 #1156395 #1164051 #1184350 #1189297 #1190256 #1193629 #1194869 #1202341 #1203183 #1203391 #1203511 #1203960 #1204228 #1204405 #1204414 #1204631 #1204636 #1204693 #1204780 #1204810 #1204850 #1205007 #1205100 #1205111 #1205113 #1205128 #1205130 #1205149 #1205153 #1205220 #1205264 #1205282 #1205331 #1205332 #1205427 #1205428 #1205473 #1205507 #1205514 #1205521 #1205567 #1205616 #1205617 #1205653 #1205671 #1205679 #1205683 #1205700 #1205705 #1205709 #1205711 #1205744 #1205764 #1205796 #1205882 #1205993 #1206035 #1206036 #1206037 #1206045 #1206046 #1206047 #1206048 #1206049 #1206050 #1206051 #1206056 #1206057 #1206113 #1206114 #1206147 #1206149 #1206207 PED-1573 PED-1706 PED-1936 PED-2684 PED-611 PED-824 PED-849 Cross-References: CVE-2022-2602 CVE-2022-3176 CVE-2022-3566 CVE-2022-3567 CVE-2022-3635 CVE-2022-3643 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45869 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-45869 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45888 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-45888 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves 22 vulnerabilities, contains 7 features and has 52 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after "KVM: x86/pmu: Use different raw event masks for AMD and Intel" (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in "direct IRQ" mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous "to" in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous "the" (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4585=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4585=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4585=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4585=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4585=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4585=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4585=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4585=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4585=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): kernel-default-5.14.21-150400.24.38.1 kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.38.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.38.1 dlm-kmp-default-5.14.21-150400.24.38.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.38.1 gfs2-kmp-default-5.14.21-150400.24.38.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-5.14.21-150400.24.38.1 kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-base-rebuild-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 kernel-default-devel-5.14.21-150400.24.38.1 kernel-default-devel-debuginfo-5.14.21-150400.24.38.1 kernel-default-extra-5.14.21-150400.24.38.1 kernel-default-extra-debuginfo-5.14.21-150400.24.38.1 kernel-default-livepatch-5.14.21-150400.24.38.1 kernel-default-livepatch-devel-5.14.21-150400.24.38.1 kernel-default-optional-5.14.21-150400.24.38.1 kernel-default-optional-debuginfo-5.14.21-150400.24.38.1 kernel-obs-build-5.14.21-150400.24.38.1 kernel-obs-build-debugsource-5.14.21-150400.24.38.1 kernel-obs-qa-5.14.21-150400.24.38.1 kernel-syms-5.14.21-150400.24.38.1 kselftests-kmp-default-5.14.21-150400.24.38.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.38.1 ocfs2-kmp-default-5.14.21-150400.24.38.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.38.1 reiserfs-kmp-default-5.14.21-150400.24.38.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.38.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.38.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.38.1 kernel-kvmsmall-devel-5.14.21-150400.24.38.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.38.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.38.1 kernel-debug-debuginfo-5.14.21-150400.24.38.1 kernel-debug-debugsource-5.14.21-150400.24.38.1 kernel-debug-devel-5.14.21-150400.24.38.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.38.1 kernel-debug-livepatch-devel-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.38.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 dlm-kmp-64kb-5.14.21-150400.24.38.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 dtb-allwinner-5.14.21-150400.24.38.1 dtb-altera-5.14.21-150400.24.38.1 dtb-amazon-5.14.21-150400.24.38.1 dtb-amd-5.14.21-150400.24.38.1 dtb-amlogic-5.14.21-150400.24.38.1 dtb-apm-5.14.21-150400.24.38.1 dtb-apple-5.14.21-150400.24.38.1 dtb-arm-5.14.21-150400.24.38.1 dtb-broadcom-5.14.21-150400.24.38.1 dtb-cavium-5.14.21-150400.24.38.1 dtb-exynos-5.14.21-150400.24.38.1 dtb-freescale-5.14.21-150400.24.38.1 dtb-hisilicon-5.14.21-150400.24.38.1 dtb-lg-5.14.21-150400.24.38.1 dtb-marvell-5.14.21-150400.24.38.1 dtb-mediatek-5.14.21-150400.24.38.1 dtb-nvidia-5.14.21-150400.24.38.1 dtb-qcom-5.14.21-150400.24.38.1 dtb-renesas-5.14.21-150400.24.38.1 dtb-rockchip-5.14.21-150400.24.38.1 dtb-socionext-5.14.21-150400.24.38.1 dtb-sprd-5.14.21-150400.24.38.1 dtb-xilinx-5.14.21-150400.24.38.1 gfs2-kmp-64kb-5.14.21-150400.24.38.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-5.14.21-150400.24.38.1 kernel-64kb-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-debugsource-5.14.21-150400.24.38.1 kernel-64kb-devel-5.14.21-150400.24.38.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-extra-5.14.21-150400.24.38.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.38.1 kernel-64kb-optional-5.14.21-150400.24.38.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.38.1 kselftests-kmp-64kb-5.14.21-150400.24.38.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 ocfs2-kmp-64kb-5.14.21-150400.24.38.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 reiserfs-kmp-64kb-5.14.21-150400.24.38.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.38.1 kernel-docs-5.14.21-150400.24.38.1 kernel-docs-html-5.14.21-150400.24.38.1 kernel-macros-5.14.21-150400.24.38.1 kernel-source-5.14.21-150400.24.38.1 kernel-source-vanilla-5.14.21-150400.24.38.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.38.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.38.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 kernel-default-extra-5.14.21-150400.24.38.1 kernel-default-extra-debuginfo-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 kernel-default-livepatch-5.14.21-150400.24.38.1 kernel-default-livepatch-devel-5.14.21-150400.24.38.1 kernel-livepatch-5_14_21-150400_24_38-default-1-150400.9.3.2 kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-1-150400.9.3.2 kernel-livepatch-SLE15-SP4_Update_6-debugsource-1-150400.9.3.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 reiserfs-kmp-default-5.14.21-150400.24.38.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.38.1 kernel-obs-build-debugsource-5.14.21-150400.24.38.1 kernel-syms-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.38.1 kernel-source-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.38.1 kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 kernel-default-devel-5.14.21-150400.24.38.1 kernel-default-devel-debuginfo-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.38.1 kernel-64kb-debuginfo-5.14.21-150400.24.38.1 kernel-64kb-debugsource-5.14.21-150400.24.38.1 kernel-64kb-devel-5.14.21-150400.24.38.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.38.1 kernel-macros-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.38.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.38.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.38.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kernel-default-5.14.21-150400.24.38.1 kernel-default-base-5.14.21-150400.24.38.1.150400.24.13.2 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.38.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.38.1 dlm-kmp-default-5.14.21-150400.24.38.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.38.1 gfs2-kmp-default-5.14.21-150400.24.38.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debuginfo-5.14.21-150400.24.38.1 kernel-default-debugsource-5.14.21-150400.24.38.1 ocfs2-kmp-default-5.14.21-150400.24.38.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.38.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3566.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45869.html https://www.suse.com/security/cve/CVE-2022-45888.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1164051 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1189297 https://bugzilla.suse.com/1190256 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203511 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204228 https://bugzilla.suse.com/1204405 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204780 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1205007 https://bugzilla.suse.com/1205100 https://bugzilla.suse.com/1205111 https://bugzilla.suse.com/1205113 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1205153 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205264 https://bugzilla.suse.com/1205282 https://bugzilla.suse.com/1205331 https://bugzilla.suse.com/1205332 https://bugzilla.suse.com/1205427 https://bugzilla.suse.com/1205428 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205507 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205521 https://bugzilla.suse.com/1205567 https://bugzilla.suse.com/1205616 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205653 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205679 https://bugzilla.suse.com/1205683 https://bugzilla.suse.com/1205700 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205711 https://bugzilla.suse.com/1205744 https://bugzilla.suse.com/1205764 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1205882 https://bugzilla.suse.com/1205993 https://bugzilla.suse.com/1206035 https://bugzilla.suse.com/1206036 https://bugzilla.suse.com/1206037 https://bugzilla.suse.com/1206045 https://bugzilla.suse.com/1206046 https://bugzilla.suse.com/1206047 https://bugzilla.suse.com/1206048 https://bugzilla.suse.com/1206049 https://bugzilla.suse.com/1206050 https://bugzilla.suse.com/1206051 https://bugzilla.suse.com/1206056 https://bugzilla.suse.com/1206057 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206147 https://bugzilla.suse.com/1206149 https://bugzilla.suse.com/1206207 From sle-updates at lists.suse.com Tue Dec 20 17:45:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 18:45:04 +0100 (CET) Subject: SUSE-RU-2022:4590-1: moderate: Recommended update for openscap Message-ID: <20221220174504.5448CFD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for openscap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4590-1 Rating: moderate References: #1197599 #1203408 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for openscap fixes the following issues: Added openSUSE Leap 15.4 and 15.5 dictionary entries. (bsc#1203408 bsc#1197599) openscap was updated to 1.3.6 * New features - Select and exclude groups of rules on the command line - The boot-time remediation service for systemd's Offline Update mode - Memory limit control using OSCAP_PROBE_MEMORY_USAGE_RATIO environment variable - Allow disablement of SHA-1 and MD5 - Allow providing pre-downloaded components - Introduce OSBuild Blueprint fix type * Maintenance, bug fixes - Fix coverity issues - Patch the `segfault` in dpkginfo_fini() - Add an alternative source of hostname - Fail download on HTTP errors - Compile "environmentvariable_probe" on Windows - FreeBSD build and test fixes - Add offline mode for password probe - Initialize crypto API only once - Fix UBI 9 scan - oval/yamlfilecontent: Add 'null' values handling - Do not set Rpath - Do not split `XCCDF:requires` with multiple `idrefs` - Allow empty /proc in offline mode - oscap-remediate is shipped via /usr/bin. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4590=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4590=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenscap25-1.3.6-150400.11.3.1 libopenscap25-debuginfo-1.3.6-150400.11.3.1 libopenscap_sce25-1.3.6-150400.11.3.1 libopenscap_sce25-debuginfo-1.3.6-150400.11.3.1 openscap-1.3.6-150400.11.3.1 openscap-containers-1.3.6-150400.11.3.1 openscap-content-1.3.6-150400.11.3.1 openscap-debuginfo-1.3.6-150400.11.3.1 openscap-debugsource-1.3.6-150400.11.3.1 openscap-devel-1.3.6-150400.11.3.1 openscap-utils-1.3.6-150400.11.3.1 openscap-utils-debuginfo-1.3.6-150400.11.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenscap25-1.3.6-150400.11.3.1 libopenscap25-debuginfo-1.3.6-150400.11.3.1 openscap-1.3.6-150400.11.3.1 openscap-containers-1.3.6-150400.11.3.1 openscap-content-1.3.6-150400.11.3.1 openscap-debuginfo-1.3.6-150400.11.3.1 openscap-debugsource-1.3.6-150400.11.3.1 openscap-devel-1.3.6-150400.11.3.1 openscap-utils-1.3.6-150400.11.3.1 openscap-utils-debuginfo-1.3.6-150400.11.3.1 References: https://bugzilla.suse.com/1197599 https://bugzilla.suse.com/1203408 From sle-updates at lists.suse.com Tue Dec 20 20:22:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 21:22:34 +0100 (CET) Subject: SUSE-SU-2022:4593-1: important: Security update for cni-plugins Message-ID: <20221220202234.A191AFD84@maintenance.suse.de> SUSE Security Update: Security update for cni-plugins ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4593-1 Rating: important References: #1181961 Cross-References: CVE-2021-20206 CVSS scores: CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cni-plugins fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4593=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4593=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4593=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4593=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4593=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4593=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4593=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4593=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4593=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4593=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4593=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4593=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4593=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4593=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4593=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4593=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4593=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4593=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4593=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4593=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4593=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4593=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4593=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4593=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Manager Proxy 4.1 (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cni-plugins-0.8.6-150100.3.11.1 - SUSE CaaS Platform 4.0 (x86_64): cni-plugins-0.8.6-150100.3.11.1 References: https://www.suse.com/security/cve/CVE-2021-20206.html https://bugzilla.suse.com/1181961 From sle-updates at lists.suse.com Tue Dec 20 20:24:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 21:24:08 +0100 (CET) Subject: SUSE-SU-2022:4595-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) Message-ID: <20221220202408.45048FD84@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4595-1 Rating: important References: #1203008 #1203606 #1204424 #1204576 #1205130 #1206228 Cross-References: CVE-2022-2964 CVE-2022-3545 CVE-2022-3586 CVE-2022-41218 CVE-2022-4378 CVE-2022-43945 CVSS scores: CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_93 fixes several issues. The following security issues were fixed: - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-41218: Fixed a use-after-free caused by refcount races, affecting dvb_demux_open() and dvb_dmxdev_release() in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4595=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_93-default-11-2.2 References: https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Tue Dec 20 20:26:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 21:26:11 +0100 (CET) Subject: SUSE-SU-2022:4592-1: important: Security update for cni Message-ID: <20221220202611.03709FD84@maintenance.suse.de> SUSE Security Update: Security update for cni ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4592-1 Rating: important References: #1181961 Cross-References: CVE-2021-20206 CVSS scores: CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cni fixes the following issues: - CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4592=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4592=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4592=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4592=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4592=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4592=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4592=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4592=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4592=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4592=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4592=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4592=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4592=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4592=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4592=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4592=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4592=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4592=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4592=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4592=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4592=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4592=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4592=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4592=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4592=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4592=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4592=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): cni-0.7.1-150100.3.8.1 - SUSE Manager Proxy 4.1 (x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cni-0.7.1-150100.3.8.1 - SUSE CaaS Platform 4.0 (x86_64): cni-0.7.1-150100.3.8.1 References: https://www.suse.com/security/cve/CVE-2021-20206.html https://bugzilla.suse.com/1181961 From sle-updates at lists.suse.com Tue Dec 20 20:28:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Dec 2022 21:28:10 +0100 (CET) Subject: SUSE-SU-2022:4594-1: moderate: Security update for supportutils Message-ID: <20221220202810.E3885FD84@maintenance.suse.de> SUSE Security Update: Security update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4594-1 Rating: moderate References: #1184689 #1188086 #1192252 #1192648 #1197428 #1200330 #1202269 #1202337 #1202417 #1203818 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for supportutils fixes the following issues: Security issues fixed: - Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818) Bug fixes: - Added lifecycle information - Fixed KVM virtualization detection on bare metal (bsc#1184689) - Added logging using journalctl (bsc#1200330) - Get current sar data before collecting files (bsc#1192648) - Collects everything in /etc/multipath/ (bsc#1192252) - Collects power management information in hardware.txt (bsc#1197428) - Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337) - Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269) - Update to nvme_info and block_info (bsc#1202417) - Added includedir directories from /etc/sudoers (bsc#1188086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4594=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4594=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4594=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4594=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4594=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4594=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4594=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4594=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4594=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4594=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4594=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4594=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4594=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4594=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4594=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4594=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4594=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4594=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4594=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Manager Retail Branch Server 4.1 (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Manager Proxy 4.1 (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Enterprise Storage 7 (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE Enterprise Storage 6 (noarch): supportutils-3.1.21-150000.5.44.1 - SUSE CaaS Platform 4.0 (noarch): supportutils-3.1.21-150000.5.44.1 References: https://bugzilla.suse.com/1184689 https://bugzilla.suse.com/1188086 https://bugzilla.suse.com/1192252 https://bugzilla.suse.com/1192648 https://bugzilla.suse.com/1197428 https://bugzilla.suse.com/1200330 https://bugzilla.suse.com/1202269 https://bugzilla.suse.com/1202337 https://bugzilla.suse.com/1202417 https://bugzilla.suse.com/1203818 From sle-updates at lists.suse.com Wed Dec 21 08:31:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2022 09:31:26 +0100 (CET) Subject: SUSE-CU-2022:3418-1: Recommended update of suse/389-ds Message-ID: <20221221083126.56E2CFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3418-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-18.7 , suse/389-ds:latest Container Release : 18.7 Severity : moderate Type : recommended References : 1191546 1198980 1201298 1205974 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4455-1 Released: Tue Dec 13 11:53:31 2022 Summary: Recommended update for 389-ds Type: recommended Severity: moderate References: 1205974 This update for 389-ds fixes the following issues: - support pam_saslauthd for authentication pass through requirements. (jsc#PED-2701 bsc#1205974) Update to version 2.0.17~git7.959d36e: * RFE - split pass through auth cli * BUG - Pam PTA multiple issues * Increase default task TTL Update to version 2.0.17~git4.9447f5f: * Fix typo in `lib389.cli_conf.backend._get_backend` (#5542) * Make logger's parameter name unified (#5540) * Bump VERSION.sh to 2.0.17 * Fix a rebase typo (#5537) * Bump version ot 2.0.17 * Add copyright text to the repository files * Make db compaction TOD day more robust. * UI - Fix npm vulnerability in loader-utils * UI - fix audit issue with npm loader-utils (#5514) * Fix dsctl tls ca-certfiicate add-cert arg requirement * RFE - CLI allow adding CA certificate bundles * memberof is slow on update/fixup if there are several 'groupattr' (#5455) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4492-1 Released: Wed Dec 14 13:52:39 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298 This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). The following package changes have been done: - libfreebl3-3.79.2-150400.3.18.1 updated - libfreebl3-hmac-3.79.2-150400.3.18.1 updated - mozilla-nss-certs-3.79.2-150400.3.18.1 updated - libsoftokn3-3.79.2-150400.3.18.1 updated - mozilla-nss-3.79.2-150400.3.18.1 updated - mozilla-nss-tools-3.79.2-150400.3.18.1 updated - libsvrcore0-2.0.17~git7.959d36e-150400.3.20.1 updated - libsoftokn3-hmac-3.79.2-150400.3.18.1 updated - lib389-2.0.17~git7.959d36e-150400.3.20.1 updated - 389-ds-2.0.17~git7.959d36e-150400.3.20.1 updated - container:sles15-image-15.0.0-27.14.23 updated From sle-updates at lists.suse.com Wed Dec 21 08:35:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2022 09:35:21 +0100 (CET) Subject: SUSE-CU-2022:3419-1: Recommended update of bci/openjdk Message-ID: <20221221083521.AF19FFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3419-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.2 Container Release : 34.2 Severity : moderate Type : recommended References : 1191546 1198980 1201298 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4492-1 Released: Wed Dec 14 13:52:39 2022 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1191546,1198980,1201298 This update for mozilla-nss fixes the following issues: - FIPS: Disapprove the creation of DSA keys, i.e. mark them as not-fips (bsc#1201298) - FIPS: Allow the use SHA keygen mechs (bsc#1191546). - FIPS: ensure abort() is called when the repeat integrity check fails (bsc#1198980). The following package changes have been done: - libfreebl3-3.79.2-150400.3.18.1 updated - libfreebl3-hmac-3.79.2-150400.3.18.1 updated - mozilla-nss-certs-3.79.2-150400.3.18.1 updated - libsoftokn3-3.79.2-150400.3.18.1 updated - mozilla-nss-3.79.2-150400.3.18.1 updated - libsoftokn3-hmac-3.79.2-150400.3.18.1 updated - container:sles15-image-15.0.0-27.14.23 updated From sle-updates at lists.suse.com Wed Dec 21 14:20:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2022 15:20:46 +0100 (CET) Subject: SUSE-SU-2022:4598-1: moderate: Security update for curl Message-ID: <20221221142046.EF454FD2D@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4598-1 Rating: moderate References: #1206309 Cross-References: CVE-2022-43552 CVSS scores: CVE-2022-43552 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4598=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4598=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): curl-debuginfo-7.60.0-11.52.1 curl-debugsource-7.60.0-11.52.1 libcurl-devel-7.60.0-11.52.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): curl-7.60.0-11.52.1 curl-debuginfo-7.60.0-11.52.1 curl-debugsource-7.60.0-11.52.1 libcurl4-7.60.0-11.52.1 libcurl4-debuginfo-7.60.0-11.52.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libcurl4-32bit-7.60.0-11.52.1 libcurl4-debuginfo-32bit-7.60.0-11.52.1 References: https://www.suse.com/security/cve/CVE-2022-43552.html https://bugzilla.suse.com/1206309 From sle-updates at lists.suse.com Wed Dec 21 14:21:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2022 15:21:34 +0100 (CET) Subject: SUSE-SU-2022:4597-1: important: Security update for curl Message-ID: <20221221142134.21B46FD2D@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4597-1 Rating: important References: #1206308 #1206309 Cross-References: CVE-2022-43551 CVE-2022-43552 CVSS scores: CVE-2022-43551 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-43552 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4597=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4597=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4597=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4597=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): curl-7.79.1-150400.5.12.1 curl-debuginfo-7.79.1-150400.5.12.1 curl-debugsource-7.79.1-150400.5.12.1 libcurl4-7.79.1-150400.5.12.1 libcurl4-debuginfo-7.79.1-150400.5.12.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.12.1 curl-debuginfo-7.79.1-150400.5.12.1 curl-debugsource-7.79.1-150400.5.12.1 libcurl-devel-7.79.1-150400.5.12.1 libcurl4-7.79.1-150400.5.12.1 libcurl4-debuginfo-7.79.1-150400.5.12.1 - openSUSE Leap 15.4 (x86_64): libcurl-devel-32bit-7.79.1-150400.5.12.1 libcurl4-32bit-7.79.1-150400.5.12.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): curl-7.79.1-150400.5.12.1 curl-debuginfo-7.79.1-150400.5.12.1 curl-debugsource-7.79.1-150400.5.12.1 libcurl-devel-7.79.1-150400.5.12.1 libcurl4-7.79.1-150400.5.12.1 libcurl4-debuginfo-7.79.1-150400.5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libcurl4-32bit-7.79.1-150400.5.12.1 libcurl4-32bit-debuginfo-7.79.1-150400.5.12.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): curl-7.79.1-150400.5.12.1 curl-debuginfo-7.79.1-150400.5.12.1 curl-debugsource-7.79.1-150400.5.12.1 libcurl4-7.79.1-150400.5.12.1 libcurl4-debuginfo-7.79.1-150400.5.12.1 References: https://www.suse.com/security/cve/CVE-2022-43551.html https://www.suse.com/security/cve/CVE-2022-43552.html https://bugzilla.suse.com/1206308 https://bugzilla.suse.com/1206309 From sle-updates at lists.suse.com Wed Dec 21 17:20:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2022 18:20:30 +0100 (CET) Subject: SUSE-FU-2022:4601-1: moderate: Feature update for GNOME 41 Message-ID: <20221221172030.595BBFD2D@maintenance.suse.de> SUSE Feature Update: Feature update for GNOME 41 ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:4601-1 Rating: moderate References: #1175622 #1179584 #1188882 #1196205 #1200581 #1203274 #1204867 #944832 PED-2235 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has 8 feature fixes and contains one feature can now be installed. Description: This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing "Device Name" by pressing "Enter" * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for "copy_/free_function" metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our "trap" jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy "fields" * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4601=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4601=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4601=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4601=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4601=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-4601=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4601=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4601=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4601=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4601=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-4601=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4601=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4601=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4601=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.52.9-150400.3.3.1 glib2-debugsource-2.70.5-150400.3.3.1 glib2-tools-2.70.5-150400.3.3.1 glib2-tools-debuginfo-2.70.5-150400.3.3.1 libgio-2_0-0-2.70.5-150400.3.3.1 libgio-2_0-0-debuginfo-2.70.5-150400.3.3.1 libglib-2_0-0-2.70.5-150400.3.3.1 libglib-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgmodule-2_0-0-2.70.5-150400.3.3.1 libgmodule-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgobject-2_0-0-2.70.5-150400.3.3.1 libgobject-2_0-0-debuginfo-2.70.5-150400.3.3.1 librsvg-2-2-2.52.9-150400.3.3.1 librsvg-2-2-debuginfo-2.52.9-150400.3.3.1 librsvg-debugsource-2.52.9-150400.3.3.1 python-gobject-debuginfo-3.42.2-150400.3.3.2 python-gobject-debugsource-3.42.2-150400.3.3.2 python3-gobject-3.42.2-150400.3.3.2 python3-gobject-Gdk-3.42.2-150400.3.3.2 python3-gobject-cairo-3.42.2-150400.3.3.2 python3-gobject-cairo-debuginfo-3.42.2-150400.3.3.2 python3-gobject-debuginfo-3.42.2-150400.3.3.2 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): atkmm1_6-debugsource-2.28.3-150400.4.3.1 atkmm1_6-devel-2.28.3-150400.4.3.1 eog-41.2-150400.3.3.2 eog-debuginfo-41.2-150400.3.3.2 eog-debugsource-41.2-150400.3.3.2 eog-devel-41.2-150400.3.3.2 evince-41.4-150400.3.3.3 evince-debuginfo-41.4-150400.3.3.3 evince-debugsource-41.4-150400.3.3.3 evince-devel-41.4-150400.3.3.3 evince-plugin-comicsdocument-41.4-150400.3.3.3 evince-plugin-comicsdocument-debuginfo-41.4-150400.3.3.3 evince-plugin-djvudocument-41.4-150400.3.3.3 evince-plugin-djvudocument-debuginfo-41.4-150400.3.3.3 evince-plugin-dvidocument-41.4-150400.3.3.3 evince-plugin-dvidocument-debuginfo-41.4-150400.3.3.3 evince-plugin-pdfdocument-41.4-150400.3.3.3 evince-plugin-pdfdocument-debuginfo-41.4-150400.3.3.3 evince-plugin-psdocument-41.4-150400.3.3.3 evince-plugin-psdocument-debuginfo-41.4-150400.3.3.3 evince-plugin-tiffdocument-41.4-150400.3.3.3 evince-plugin-tiffdocument-debuginfo-41.4-150400.3.3.3 evince-plugin-xpsdocument-41.4-150400.3.3.3 evince-plugin-xpsdocument-debuginfo-41.4-150400.3.3.3 evolution-3.42.4-150400.3.3.1 evolution-data-server-3.42.5-150400.3.3.2 evolution-data-server-debuginfo-3.42.5-150400.3.3.2 evolution-data-server-debugsource-3.42.5-150400.3.3.2 evolution-data-server-devel-3.42.5-150400.3.3.2 evolution-debuginfo-3.42.4-150400.3.3.1 evolution-debugsource-3.42.4-150400.3.3.1 evolution-devel-3.42.4-150400.3.3.1 evolution-plugin-bogofilter-3.42.4-150400.3.3.1 evolution-plugin-bogofilter-debuginfo-3.42.4-150400.3.3.1 evolution-plugin-pst-import-3.42.4-150400.3.3.1 evolution-plugin-pst-import-debuginfo-3.42.4-150400.3.3.1 evolution-plugin-spamassassin-3.42.4-150400.3.3.1 evolution-plugin-spamassassin-debuginfo-3.42.4-150400.3.3.1 evolution-plugin-text-highlight-3.42.4-150400.3.3.1 evolution-plugin-text-highlight-debuginfo-3.42.4-150400.3.3.1 folks-data-0.15.5-150400.5.3.2 folks-debuginfo-0.15.5-150400.5.3.2 folks-debugsource-0.15.5-150400.5.3.2 folks-devel-0.15.5-150400.5.3.2 folks-tools-0.15.5-150400.5.3.2 folks-tools-debuginfo-0.15.5-150400.5.3.2 gcr-data-3.41.1-150400.3.3.1 gcr-debugsource-3.41.1-150400.3.3.1 gcr-prompter-3.41.1-150400.3.3.1 gcr-prompter-debuginfo-3.41.1-150400.3.3.1 gcr-ssh-agent-3.41.1-150400.3.3.1 gcr-ssh-agent-debuginfo-3.41.1-150400.3.3.1 gcr-ssh-askpass-3.41.1-150400.3.3.1 gcr-ssh-askpass-debuginfo-3.41.1-150400.3.3.1 gcr-viewer-3.41.1-150400.3.3.1 gcr-viewer-debuginfo-3.41.1-150400.3.3.1 gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.52.9-150400.3.3.1 geocode-glib-3.26.4-150400.3.3.2 geocode-glib-debugsource-3.26.4-150400.3.3.2 geocode-glib-devel-3.26.4-150400.3.3.2 gjs-1.70.2-150400.3.3.1 gjs-debuginfo-1.70.2-150400.3.3.1 gjs-debugsource-1.70.2-150400.3.3.1 glade-catalog-evolution-3.42.4-150400.3.3.1 glade-catalog-evolution-debuginfo-3.42.4-150400.3.3.1 glade-catalog-libpeas-1.32.0-150400.4.3.2 glib2-debugsource-2.70.5-150400.3.3.1 glib2-devel-2.70.5-150400.3.3.1 glib2-devel-debuginfo-2.70.5-150400.3.3.1 glib2-devel-static-2.70.5-150400.3.3.1 glib2-tests-devel-2.70.5-150400.3.3.1 glib2-tests-devel-debuginfo-2.70.5-150400.3.3.1 glib2-tools-2.70.5-150400.3.3.1 glib2-tools-debuginfo-2.70.5-150400.3.3.1 gnome-control-center-41.7-150400.3.3.1 gnome-control-center-color-41.7-150400.3.3.1 gnome-control-center-debuginfo-41.7-150400.3.3.1 gnome-control-center-debugsource-41.7-150400.3.3.1 gnome-control-center-devel-41.7-150400.3.3.1 gnome-control-center-goa-41.7-150400.3.3.1 gnome-control-center-user-faces-41.7-150400.3.3.1 gnome-desktop-debuginfo-41.8-150400.3.3.1 gnome-desktop-debugsource-41.8-150400.3.3.1 gnome-extensions-41.9-150400.3.3.2 gnome-extensions-debuginfo-41.9-150400.3.3.2 gnome-music-41.1-150400.3.3.1 gnome-music-debuginfo-41.1-150400.3.3.1 gnome-music-debugsource-41.1-150400.3.3.1 gnome-remote-desktop-41.3-150400.3.3.1 gnome-remote-desktop-debuginfo-41.3-150400.3.3.1 gnome-remote-desktop-debugsource-41.3-150400.3.3.1 gnome-session-41.3-150400.3.3.1 gnome-session-core-41.3-150400.3.3.1 gnome-session-core-debuginfo-41.3-150400.3.3.1 gnome-session-debugsource-41.3-150400.3.3.1 gnome-session-default-session-41.3-150400.3.3.1 gnome-shell-41.9-150400.3.3.2 gnome-shell-calendar-41.9-150400.3.3.2 gnome-shell-calendar-debuginfo-41.9-150400.3.3.2 gnome-shell-debuginfo-41.9-150400.3.3.2 gnome-shell-debugsource-41.9-150400.3.3.2 gnome-shell-devel-41.9-150400.3.3.2 gnome-shell-search-provider-gnome-terminal-3.42.3-150400.3.3.1 gnome-shell-search-provider-nautilus-41.5-150400.3.3.1 gnome-software-41.5-150400.3.3.2 gnome-software-debuginfo-41.5-150400.3.3.2 gnome-software-debugsource-41.5-150400.3.3.2 gnome-software-devel-41.5-150400.3.3.2 gnome-terminal-3.42.3-150400.3.3.1 gnome-terminal-debuginfo-3.42.3-150400.3.3.1 gnome-terminal-debugsource-3.42.3-150400.3.3.1 gnome-version-41.8-150400.3.3.1 gsf-office-thumbnailer-1.14.50-150400.3.3.1 gsf-office-thumbnailer-debuginfo-1.14.50-150400.3.3.1 gspell-1.10.0-150400.3.3.1 gspell-debuginfo-1.10.0-150400.3.3.1 gspell-debugsource-1.10.0-150400.3.3.1 gspell-devel-1.10.0-150400.3.3.1 gtk-vnc-debuginfo-1.3.1-150400.3.3.1 gtk-vnc-debugsource-1.3.1-150400.3.3.1 gtk-vnc-devel-1.3.1-150400.3.3.1 gtk-vnc-tools-1.3.1-150400.3.3.1 gtk-vnc-tools-debuginfo-1.3.1-150400.3.3.1 gtkmm3-debugsource-3.24.6-150400.3.3.1 gtkmm3-devel-3.24.6-150400.3.3.1 gupnp-av-0.14.1-150400.7.3.1 gupnp-av-debugsource-0.14.1-150400.7.3.1 gvfs-1.48.2-150400.4.6.1 gvfs-backend-afc-1.48.2-150400.4.6.1 gvfs-backend-afc-debuginfo-1.48.2-150400.4.6.1 gvfs-backend-samba-1.48.2-150400.4.6.1 gvfs-backend-samba-debuginfo-1.48.2-150400.4.6.1 gvfs-backends-1.48.2-150400.4.6.1 gvfs-backends-debuginfo-1.48.2-150400.4.6.1 gvfs-debuginfo-1.48.2-150400.4.6.1 gvfs-debugsource-1.48.2-150400.4.6.1 gvfs-devel-1.48.2-150400.4.6.1 gvfs-fuse-1.48.2-150400.4.6.1 gvfs-fuse-debuginfo-1.48.2-150400.4.6.1 libatkmm-1_6-1-2.28.3-150400.4.3.1 libatkmm-1_6-1-debuginfo-2.28.3-150400.4.3.1 libcamel-1_2-63-3.42.5-150400.3.3.2 libcamel-1_2-63-debuginfo-3.42.5-150400.3.3.2 libebackend-1_2-10-3.42.5-150400.3.3.2 libebackend-1_2-10-debuginfo-3.42.5-150400.3.3.2 libebook-1_2-20-3.42.5-150400.3.3.2 libebook-1_2-20-debuginfo-3.42.5-150400.3.3.2 libebook-contacts-1_2-3-3.42.5-150400.3.3.2 libebook-contacts-1_2-3-debuginfo-3.42.5-150400.3.3.2 libecal-2_0-1-3.42.5-150400.3.3.2 libecal-2_0-1-debuginfo-3.42.5-150400.3.3.2 libedata-book-1_2-26-3.42.5-150400.3.3.2 libedata-book-1_2-26-debuginfo-3.42.5-150400.3.3.2 libedata-cal-2_0-1-3.42.5-150400.3.3.2 libedata-cal-2_0-1-debuginfo-3.42.5-150400.3.3.2 libedataserver-1_2-26-3.42.5-150400.3.3.2 libedataserver-1_2-26-debuginfo-3.42.5-150400.3.3.2 libedataserverui-1_2-3-3.42.5-150400.3.3.2 libedataserverui-1_2-3-debuginfo-3.42.5-150400.3.3.2 libevdocument3-4-41.4-150400.3.3.3 libevdocument3-4-debuginfo-41.4-150400.3.3.3 libevview3-3-41.4-150400.3.3.3 libevview3-3-debuginfo-41.4-150400.3.3.3 libfolks-eds26-0.15.5-150400.5.3.2 libfolks-eds26-debuginfo-0.15.5-150400.5.3.2 libfolks-telepathy26-0.15.5-150400.5.3.2 libfolks-telepathy26-debuginfo-0.15.5-150400.5.3.2 libfolks26-0.15.5-150400.5.3.2 libfolks26-debuginfo-0.15.5-150400.5.3.2 libgck-1-0-3.41.1-150400.3.3.1 libgck-1-0-debuginfo-3.41.1-150400.3.3.1 libgck-devel-3.41.1-150400.3.3.1 libgcr-3-1-3.41.1-150400.3.3.1 libgcr-3-1-debuginfo-3.41.1-150400.3.3.1 libgcr-devel-3.41.1-150400.3.3.1 libgeocode-glib0-3.26.4-150400.3.3.2 libgeocode-glib0-debuginfo-3.26.4-150400.3.3.2 libgio-2_0-0-2.70.5-150400.3.3.1 libgio-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgjs-devel-1.70.2-150400.3.3.1 libgjs0-1.70.2-150400.3.3.1 libgjs0-debuginfo-1.70.2-150400.3.3.1 libglib-2_0-0-2.70.5-150400.3.3.1 libglib-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgmodule-2_0-0-2.70.5-150400.3.3.1 libgmodule-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgnome-desktop-3-19-41.8-150400.3.3.1 libgnome-desktop-3-19-debuginfo-41.8-150400.3.3.1 libgnome-desktop-3-devel-41.8-150400.3.3.1 libgnome-desktop-3_0-common-41.8-150400.3.3.1 libgnome-desktop-3_0-common-debuginfo-41.8-150400.3.3.1 libgobject-2_0-0-2.70.5-150400.3.3.1 libgobject-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgsf-1-114-1.14.50-150400.3.3.1 libgsf-1-114-debuginfo-1.14.50-150400.3.3.1 libgsf-debugsource-1.14.50-150400.3.3.1 libgsf-devel-1.14.50-150400.3.3.1 libgsf-tools-1.14.50-150400.3.3.1 libgsf-tools-debuginfo-1.14.50-150400.3.3.1 libgspell-1-2-1.10.0-150400.3.3.1 libgspell-1-2-debuginfo-1.10.0-150400.3.3.1 libgthread-2_0-0-2.70.5-150400.3.3.1 libgthread-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgtk-vnc-2_0-0-1.3.1-150400.3.3.1 libgtk-vnc-2_0-0-debuginfo-1.3.1-150400.3.3.1 libgtkmm-3_0-1-3.24.6-150400.3.3.1 libgtkmm-3_0-1-debuginfo-3.24.6-150400.3.3.1 libgupnp-av-devel-0.14.1-150400.7.3.1 libgvnc-1_0-0-1.3.1-150400.3.3.1 libgvnc-1_0-0-debuginfo-1.3.1-150400.3.3.1 libgvncpulse-1_0-0-1.3.1-150400.3.3.1 libgvncpulse-1_0-0-debuginfo-1.3.1-150400.3.3.1 libmediaart-2_0-0-1.9.6-150400.3.3.1 libmediaart-2_0-0-debuginfo-1.9.6-150400.3.3.1 libmediaart-debugsource-1.9.6-150400.3.3.1 libmediaart-devel-1.9.6-150400.3.3.1 libnautilus-extension1-41.5-150400.3.3.1 libnautilus-extension1-debuginfo-41.5-150400.3.3.1 libnma-debugsource-1.8.40-150400.3.3.1 libnma-devel-1.8.40-150400.3.3.1 libnma0-1.8.40-150400.3.3.1 libnma0-debuginfo-1.8.40-150400.3.3.1 libnotify-debugsource-0.7.12-150400.3.3.1 libnotify-devel-0.7.12-150400.3.3.1 libnotify-tools-0.7.12-150400.3.3.1 libnotify-tools-debuginfo-0.7.12-150400.3.3.1 libnotify4-0.7.12-150400.3.3.1 libnotify4-debuginfo-0.7.12-150400.3.3.1 libpeas-1_0-0-1.32.0-150400.4.3.2 libpeas-1_0-0-debuginfo-1.32.0-150400.4.3.2 libpeas-debuginfo-1.32.0-150400.4.3.2 libpeas-debugsource-1.32.0-150400.4.3.2 libpeas-devel-1.32.0-150400.4.3.2 libpeas-gtk-1_0-0-1.32.0-150400.4.3.2 libpeas-gtk-1_0-0-debuginfo-1.32.0-150400.4.3.2 libpeas-loader-python3-1.32.0-150400.4.3.2 libpeas-loader-python3-debuginfo-1.32.0-150400.4.3.2 librsvg-2-2-2.52.9-150400.3.3.1 librsvg-2-2-debuginfo-2.52.9-150400.3.3.1 librsvg-debugsource-2.52.9-150400.3.3.1 librsvg-devel-2.52.9-150400.3.3.1 libsecret-1-0-0.20.5-150400.4.3.1 libsecret-1-0-debuginfo-0.20.5-150400.4.3.1 libsecret-debugsource-0.20.5-150400.4.3.1 libsecret-devel-0.20.5-150400.4.3.1 libvala-0_54-0-0.54.8-150400.3.3.1 libvala-0_54-0-debuginfo-0.54.8-150400.3.3.1 libvala-0_54-devel-0.54.8-150400.3.3.1 libvaladoc-0_54-0-0.54.8-150400.3.3.1 libvaladoc-0_54-0-debuginfo-0.54.8-150400.3.3.1 libvaladoc-0_54-devel-0.54.8-150400.3.3.1 mutter-41.9-150400.3.6.1 mutter-debuginfo-41.9-150400.3.6.1 mutter-debugsource-41.9-150400.3.6.1 mutter-devel-41.9-150400.3.6.1 nautilus-41.5-150400.3.3.1 nautilus-debuginfo-41.5-150400.3.3.1 nautilus-debugsource-41.5-150400.3.3.1 nautilus-devel-41.5-150400.3.3.1 nautilus-evince-41.4-150400.3.3.3 nautilus-evince-debuginfo-41.4-150400.3.3.3 nautilus-extension-terminal-3.42.3-150400.3.3.1 nautilus-extension-terminal-debuginfo-3.42.3-150400.3.3.1 python-cairo-common-devel-1.15.1-150000.3.6.1 python-cairo-debuginfo-1.15.1-150000.3.6.1 python-cairo-debugsource-1.15.1-150000.3.6.1 python-gobject-common-devel-3.42.2-150400.3.3.2 python-gobject-debuginfo-3.42.2-150400.3.3.2 python-gobject-debugsource-3.42.2-150400.3.3.2 python3-cairo-1.15.1-150000.3.6.1 python3-cairo-debuginfo-1.15.1-150000.3.6.1 python3-cairo-devel-1.15.1-150000.3.6.1 python3-gobject-3.42.2-150400.3.3.2 python3-gobject-Gdk-3.42.2-150400.3.3.2 python3-gobject-cairo-3.42.2-150400.3.3.2 python3-gobject-cairo-debuginfo-3.42.2-150400.3.3.2 python3-gobject-debuginfo-3.42.2-150400.3.3.2 python3-gobject-devel-3.42.2-150400.3.3.2 rsvg-convert-2.52.9-150400.3.3.1 rsvg-convert-debuginfo-2.52.9-150400.3.3.1 secret-tool-0.20.5-150400.4.3.1 secret-tool-debuginfo-0.20.5-150400.4.3.1 tracker-miner-files-3.2.2-150400.3.3.1 tracker-miner-files-debuginfo-3.2.2-150400.3.3.1 tracker-miners-3.2.2-150400.3.3.1 tracker-miners-debuginfo-3.2.2-150400.3.3.1 tracker-miners-debugsource-3.2.2-150400.3.3.1 typelib-1_0-Camel-1_2-3.42.5-150400.3.3.2 typelib-1_0-EBackend-1_2-3.42.5-150400.3.3.2 typelib-1_0-EBook-1_2-3.42.5-150400.3.3.2 typelib-1_0-EBookContacts-1_2-3.42.5-150400.3.3.2 typelib-1_0-ECal-2_0-3.42.5-150400.3.3.2 typelib-1_0-EDataBook-1_2-3.42.5-150400.3.3.2 typelib-1_0-EDataCal-2_0-3.42.5-150400.3.3.2 typelib-1_0-EDataServer-1_2-3.42.5-150400.3.3.2 typelib-1_0-EDataServerUI-1_2-3.42.5-150400.3.3.2 typelib-1_0-EvinceDocument-3_0-41.4-150400.3.3.3 typelib-1_0-EvinceView-3_0-41.4-150400.3.3.3 typelib-1_0-Folks-0_7-0.15.5-150400.5.3.2 typelib-1_0-FolksEds-0_7-0.15.5-150400.5.3.2 typelib-1_0-FolksTelepathy-0_7-0.15.5-150400.5.3.2 typelib-1_0-GUPnPAV-1_0-0.14.1-150400.7.3.1 typelib-1_0-GVnc-1_0-1.3.1-150400.3.3.1 typelib-1_0-GVncPulse-1_0-1.3.1-150400.3.3.1 typelib-1_0-Gck-1-3.41.1-150400.3.3.1 typelib-1_0-Gcr-3-3.41.1-150400.3.3.1 typelib-1_0-GcrUi-3-3.41.1-150400.3.3.1 typelib-1_0-GeocodeGlib-1_0-3.26.4-150400.3.3.2 typelib-1_0-GjsPrivate-1_0-1.70.2-150400.3.3.1 typelib-1_0-GnomeDesktop-3_0-41.8-150400.3.3.1 typelib-1_0-Gsf-1-1.14.50-150400.3.3.1 typelib-1_0-Gspell-1-1.10.0-150400.3.3.1 typelib-1_0-GtkVnc-2_0-1.3.1-150400.3.3.1 typelib-1_0-MediaArt-2_0-1.9.6-150400.3.3.1 typelib-1_0-NMA-1_0-1.8.40-150400.3.3.1 typelib-1_0-Nautilus-3_0-41.5-150400.3.3.1 typelib-1_0-Notify-0_7-0.7.12-150400.3.3.1 typelib-1_0-Peas-1_0-1.32.0-150400.4.3.2 typelib-1_0-PeasGtk-1_0-1.32.0-150400.4.3.2 typelib-1_0-Rsvg-2_0-2.52.9-150400.3.3.1 typelib-1_0-Secret-1-0.20.5-150400.4.3.1 vala-0.54.8-150400.3.3.1 vala-debuginfo-0.54.8-150400.3.3.1 vala-debugsource-0.54.8-150400.3.3.1 valadoc-0.54.8-150400.3.3.1 valadoc-debuginfo-0.54.8-150400.3.3.1 valadoc-doclet-devhelp-0.54.8-150400.3.3.1 valadoc-doclet-devhelp-debuginfo-0.54.8-150400.3.3.1 valadoc-doclet-gtkdoc-0.54.8-150400.3.3.1 valadoc-doclet-gtkdoc-debuginfo-0.54.8-150400.3.3.1 valadoc-doclet-html-0.54.8-150400.3.3.1 valadoc-doclet-html-debuginfo-0.54.8-150400.3.3.1 xdg-desktop-portal-gnome-41.2-150400.3.3.1 xdg-desktop-portal-gnome-debuginfo-41.2-150400.3.3.1 xdg-desktop-portal-gnome-debugsource-41.2-150400.3.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): gnome-session-wayland-41.3-150400.3.3.1 - openSUSE Leap 15.4 (x86_64): atkmm1_6-devel-32bit-2.28.3-150400.4.3.1 gdk-pixbuf-loader-rsvg-32bit-2.52.9-150400.3.3.1 gdk-pixbuf-loader-rsvg-32bit-debuginfo-2.52.9-150400.3.3.1 glib2-devel-32bit-2.70.5-150400.3.3.1 glib2-devel-32bit-debuginfo-2.70.5-150400.3.3.1 glib2-tools-32bit-2.70.5-150400.3.3.1 glib2-tools-32bit-debuginfo-2.70.5-150400.3.3.1 gvfs-32bit-1.48.2-150400.4.6.1 gvfs-32bit-debuginfo-1.48.2-150400.4.6.1 libatkmm-1_6-1-32bit-2.28.3-150400.4.3.1 libatkmm-1_6-1-32bit-debuginfo-2.28.3-150400.4.3.1 libgck-1-0-32bit-3.41.1-150400.3.3.1 libgck-1-0-32bit-debuginfo-3.41.1-150400.3.3.1 libgck-devel-32bit-3.41.1-150400.3.3.1 libgcr-3-1-32bit-3.41.1-150400.3.3.1 libgcr-3-1-32bit-debuginfo-3.41.1-150400.3.3.1 libgcr-devel-32bit-3.41.1-150400.3.3.1 libgeocode-glib0-32bit-3.26.4-150400.3.3.2 libgeocode-glib0-32bit-debuginfo-3.26.4-150400.3.3.2 libgio-2_0-0-32bit-2.70.5-150400.3.3.1 libgio-2_0-0-32bit-debuginfo-2.70.5-150400.3.3.1 libglib-2_0-0-32bit-2.70.5-150400.3.3.1 libglib-2_0-0-32bit-debuginfo-2.70.5-150400.3.3.1 libgmodule-2_0-0-32bit-2.70.5-150400.3.3.1 libgmodule-2_0-0-32bit-debuginfo-2.70.5-150400.3.3.1 libgobject-2_0-0-32bit-2.70.5-150400.3.3.1 libgobject-2_0-0-32bit-debuginfo-2.70.5-150400.3.3.1 libgsf-1-114-32bit-1.14.50-150400.3.3.1 libgsf-1-114-32bit-debuginfo-1.14.50-150400.3.3.1 libgthread-2_0-0-32bit-2.70.5-150400.3.3.1 libgthread-2_0-0-32bit-debuginfo-2.70.5-150400.3.3.1 libgtkmm-3_0-1-32bit-3.24.6-150400.3.3.1 libgtkmm-3_0-1-32bit-debuginfo-3.24.6-150400.3.3.1 libnotify-devel-32bit-0.7.12-150400.3.3.1 libnotify4-32bit-0.7.12-150400.3.3.1 libnotify4-32bit-debuginfo-0.7.12-150400.3.3.1 librsvg-2-2-32bit-2.52.9-150400.3.3.1 librsvg-2-2-32bit-debuginfo-2.52.9-150400.3.3.1 libsecret-1-0-32bit-0.20.5-150400.4.3.1 libsecret-1-0-32bit-debuginfo-0.20.5-150400.4.3.1 - openSUSE Leap 15.4 (noarch): eog-lang-41.2-150400.3.3.2 evince-lang-41.4-150400.3.3.3 evolution-data-server-lang-3.42.5-150400.3.3.2 evolution-lang-3.42.4-150400.3.3.1 folks-lang-0.15.5-150400.5.3.2 gcr-lang-3.41.1-150400.3.3.1 gio-branding-SLE-15-150400.27.2.1 gio-branding-upstream-2.70.5-150400.3.3.1 glib2-lang-2.70.5-150400.3.3.1 gnome-control-center-lang-41.7-150400.3.3.1 gnome-desktop-lang-41.8-150400.3.3.1 gnome-music-lang-41.1-150400.3.3.1 gnome-remote-desktop-lang-41.3-150400.3.3.1 gnome-session-lang-41.3-150400.3.3.1 gnome-shell-lang-41.9-150400.3.3.2 gnome-software-lang-41.5-150400.3.3.2 gnome-terminal-lang-3.42.3-150400.3.3.1 gnome-user-docs-41.5-150400.3.3.1 gnome-user-docs-lang-41.5-150400.3.3.1 gspell-lang-1.10.0-150400.3.3.1 gtk-vnc-lang-1.3.1-150400.3.3.1 gtkmm3-doc-3.24.6-150400.3.3.1 gvfs-lang-1.48.2-150400.4.6.1 libgsf-lang-1.14.50-150400.3.3.1 libnma-lang-1.8.40-150400.3.3.1 libpeas-lang-1.32.0-150400.4.3.2 libsecret-lang-0.20.5-150400.4.3.1 mutter-lang-41.9-150400.3.6.1 nautilus-lang-41.5-150400.3.3.1 orca-41.3-150400.3.3.1 orca-lang-41.3-150400.3.3.1 rsvg-thumbnailer-2.52.9-150400.3.3.1 tracker-miners-lang-3.2.2-150400.3.3.1 xdg-desktop-portal-gnome-lang-41.2-150400.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-cairo-common-devel-1.15.1-150000.3.6.1 python-cairo-debuginfo-1.15.1-150000.3.6.1 python-cairo-debugsource-1.15.1-150000.3.6.1 python2-cairo-1.15.1-150000.3.6.1 python2-cairo-debuginfo-1.15.1-150000.3.6.1 python2-cairo-devel-1.15.1-150000.3.6.1 python3-cairo-1.15.1-150000.3.6.1 python3-cairo-debuginfo-1.15.1-150000.3.6.1 python3-cairo-devel-1.15.1-150000.3.6.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): evolution-3.42.4-150400.3.3.1 evolution-data-server-3.42.5-150400.3.3.2 evolution-data-server-debuginfo-3.42.5-150400.3.3.2 evolution-data-server-debugsource-3.42.5-150400.3.3.2 evolution-data-server-devel-3.42.5-150400.3.3.2 evolution-debuginfo-3.42.4-150400.3.3.1 evolution-debugsource-3.42.4-150400.3.3.1 evolution-devel-3.42.4-150400.3.3.1 evolution-plugin-bogofilter-3.42.4-150400.3.3.1 evolution-plugin-bogofilter-debuginfo-3.42.4-150400.3.3.1 evolution-plugin-pst-import-3.42.4-150400.3.3.1 evolution-plugin-pst-import-debuginfo-3.42.4-150400.3.3.1 evolution-plugin-spamassassin-3.42.4-150400.3.3.1 evolution-plugin-spamassassin-debuginfo-3.42.4-150400.3.3.1 evolution-plugin-text-highlight-3.42.4-150400.3.3.1 evolution-plugin-text-highlight-debuginfo-3.42.4-150400.3.3.1 folks-data-0.15.5-150400.5.3.2 folks-debuginfo-0.15.5-150400.5.3.2 folks-debugsource-0.15.5-150400.5.3.2 folks-devel-0.15.5-150400.5.3.2 gnome-control-center-color-41.7-150400.3.3.1 gnome-control-center-debuginfo-41.7-150400.3.3.1 gnome-control-center-debugsource-41.7-150400.3.3.1 gnome-control-center-goa-41.7-150400.3.3.1 gnome-control-center-user-faces-41.7-150400.3.3.1 gnome-music-41.1-150400.3.3.1 gnome-music-debuginfo-41.1-150400.3.3.1 gnome-music-debugsource-41.1-150400.3.3.1 gnome-remote-desktop-41.3-150400.3.3.1 gnome-remote-desktop-debuginfo-41.3-150400.3.3.1 gnome-remote-desktop-debugsource-41.3-150400.3.3.1 gnome-session-debugsource-41.3-150400.3.3.1 gnome-session-wayland-41.3-150400.3.3.1 gnome-shell-calendar-41.9-150400.3.3.2 gnome-shell-calendar-debuginfo-41.9-150400.3.3.2 gnome-shell-debuginfo-41.9-150400.3.3.2 gnome-shell-debugsource-41.9-150400.3.3.2 libcamel-1_2-63-3.42.5-150400.3.3.2 libcamel-1_2-63-debuginfo-3.42.5-150400.3.3.2 libebackend-1_2-10-3.42.5-150400.3.3.2 libebackend-1_2-10-debuginfo-3.42.5-150400.3.3.2 libebook-1_2-20-3.42.5-150400.3.3.2 libebook-1_2-20-debuginfo-3.42.5-150400.3.3.2 libebook-contacts-1_2-3-3.42.5-150400.3.3.2 libebook-contacts-1_2-3-debuginfo-3.42.5-150400.3.3.2 libecal-2_0-1-3.42.5-150400.3.3.2 libecal-2_0-1-debuginfo-3.42.5-150400.3.3.2 libedata-book-1_2-26-3.42.5-150400.3.3.2 libedata-book-1_2-26-debuginfo-3.42.5-150400.3.3.2 libedata-cal-2_0-1-3.42.5-150400.3.3.2 libedata-cal-2_0-1-debuginfo-3.42.5-150400.3.3.2 libedataserver-1_2-26-3.42.5-150400.3.3.2 libedataserver-1_2-26-debuginfo-3.42.5-150400.3.3.2 libedataserverui-1_2-3-3.42.5-150400.3.3.2 libedataserverui-1_2-3-debuginfo-3.42.5-150400.3.3.2 libfolks-eds26-0.15.5-150400.5.3.2 libfolks-eds26-debuginfo-0.15.5-150400.5.3.2 libfolks-telepathy26-0.15.5-150400.5.3.2 libfolks-telepathy26-debuginfo-0.15.5-150400.5.3.2 libfolks26-0.15.5-150400.5.3.2 libfolks26-debuginfo-0.15.5-150400.5.3.2 libgsf-debugsource-1.14.50-150400.3.3.1 libgsf-devel-1.14.50-150400.3.3.1 libmediaart-2_0-0-1.9.6-150400.3.3.1 libmediaart-2_0-0-debuginfo-1.9.6-150400.3.3.1 libmediaart-debugsource-1.9.6-150400.3.3.1 libnma-debugsource-1.8.40-150400.3.3.1 libnma-devel-1.8.40-150400.3.3.1 typelib-1_0-Camel-1_2-3.42.5-150400.3.3.2 typelib-1_0-EBook-1_2-3.42.5-150400.3.3.2 typelib-1_0-EBookContacts-1_2-3.42.5-150400.3.3.2 typelib-1_0-ECal-2_0-3.42.5-150400.3.3.2 typelib-1_0-EDataServer-1_2-3.42.5-150400.3.3.2 typelib-1_0-EDataServerUI-1_2-3.42.5-150400.3.3.2 typelib-1_0-Folks-0_7-0.15.5-150400.5.3.2 typelib-1_0-FolksEds-0_7-0.15.5-150400.5.3.2 typelib-1_0-FolksTelepathy-0_7-0.15.5-150400.5.3.2 typelib-1_0-Gsf-1-1.14.50-150400.3.3.1 typelib-1_0-MediaArt-2_0-1.9.6-150400.3.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch): evolution-data-server-lang-3.42.5-150400.3.3.2 evolution-lang-3.42.4-150400.3.3.1 folks-lang-0.15.5-150400.5.3.2 gnome-music-lang-41.1-150400.3.3.1 gnome-remote-desktop-lang-41.3-150400.3.3.1 libgsf-lang-1.14.50-150400.3.3.1 libnma-lang-1.8.40-150400.3.3.1 tracker-miners-lang-3.2.2-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gtk-vnc-debuginfo-1.3.1-150400.3.3.1 gtk-vnc-debugsource-1.3.1-150400.3.3.1 gtk-vnc-devel-1.3.1-150400.3.3.1 libgvncpulse-1_0-0-1.3.1-150400.3.3.1 libgvncpulse-1_0-0-debuginfo-1.3.1-150400.3.3.1 typelib-1_0-GVnc-1_0-1.3.1-150400.3.3.1 typelib-1_0-GVncPulse-1_0-1.3.1-150400.3.3.1 typelib-1_0-GtkVnc-2_0-1.3.1-150400.3.3.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-150000.3.6.1 python-cairo-debugsource-1.15.1-150000.3.6.1 python2-cairo-1.15.1-150000.3.6.1 python2-cairo-debuginfo-1.15.1-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-150000.3.6.1 python-cairo-debugsource-1.15.1-150000.3.6.1 python2-cairo-devel-1.15.1-150000.3.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): evolution-3.42.4-150400.3.3.1 evolution-data-server-debuginfo-3.42.5-150400.3.3.2 evolution-data-server-debugsource-3.42.5-150400.3.3.2 evolution-debuginfo-3.42.4-150400.3.3.1 evolution-debugsource-3.42.4-150400.3.3.1 evolution-devel-3.42.4-150400.3.3.1 evolution-plugin-bogofilter-3.42.4-150400.3.3.1 evolution-plugin-bogofilter-debuginfo-3.42.4-150400.3.3.1 evolution-plugin-pst-import-3.42.4-150400.3.3.1 evolution-plugin-pst-import-debuginfo-3.42.4-150400.3.3.1 evolution-plugin-spamassassin-3.42.4-150400.3.3.1 evolution-plugin-spamassassin-debuginfo-3.42.4-150400.3.3.1 evolution-plugin-text-highlight-3.42.4-150400.3.3.1 evolution-plugin-text-highlight-debuginfo-3.42.4-150400.3.3.1 folks-debuginfo-0.15.5-150400.5.3.2 folks-debugsource-0.15.5-150400.5.3.2 folks-devel-0.15.5-150400.5.3.2 folks-tools-0.15.5-150400.5.3.2 folks-tools-debuginfo-0.15.5-150400.5.3.2 glade-catalog-evolution-3.42.4-150400.3.3.1 glade-catalog-evolution-debuginfo-3.42.4-150400.3.3.1 gnome-music-41.1-150400.3.3.1 gnome-music-debuginfo-41.1-150400.3.3.1 gnome-music-debugsource-41.1-150400.3.3.1 gnome-remote-desktop-41.3-150400.3.3.1 gnome-remote-desktop-debuginfo-41.3-150400.3.3.1 gnome-remote-desktop-debugsource-41.3-150400.3.3.1 libebackend-1_2-10-3.42.5-150400.3.3.2 libebackend-1_2-10-debuginfo-3.42.5-150400.3.3.2 libebook-1_2-20-3.42.5-150400.3.3.2 libebook-1_2-20-debuginfo-3.42.5-150400.3.3.2 libebook-contacts-1_2-3-3.42.5-150400.3.3.2 libebook-contacts-1_2-3-debuginfo-3.42.5-150400.3.3.2 libecal-2_0-1-3.42.5-150400.3.3.2 libecal-2_0-1-debuginfo-3.42.5-150400.3.3.2 libedata-book-1_2-26-3.42.5-150400.3.3.2 libedata-book-1_2-26-debuginfo-3.42.5-150400.3.3.2 libedata-cal-2_0-1-3.42.5-150400.3.3.2 libedata-cal-2_0-1-debuginfo-3.42.5-150400.3.3.2 libmediaart-2_0-0-1.9.6-150400.3.3.1 libmediaart-2_0-0-debuginfo-1.9.6-150400.3.3.1 libmediaart-debugsource-1.9.6-150400.3.3.1 typelib-1_0-Camel-1_2-3.42.5-150400.3.3.2 typelib-1_0-EBackend-1_2-3.42.5-150400.3.3.2 typelib-1_0-EBook-1_2-3.42.5-150400.3.3.2 typelib-1_0-EBookContacts-1_2-3.42.5-150400.3.3.2 typelib-1_0-ECal-2_0-3.42.5-150400.3.3.2 typelib-1_0-EDataBook-1_2-3.42.5-150400.3.3.2 typelib-1_0-EDataCal-2_0-3.42.5-150400.3.3.2 typelib-1_0-EDataServer-1_2-3.42.5-150400.3.3.2 typelib-1_0-EDataServerUI-1_2-3.42.5-150400.3.3.2 typelib-1_0-MediaArt-2_0-1.9.6-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 s390x): evolution-data-server-3.42.5-150400.3.3.2 evolution-data-server-devel-3.42.5-150400.3.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): evolution-data-server-lang-3.42.5-150400.3.3.2 evolution-lang-3.42.4-150400.3.3.1 folks-lang-0.15.5-150400.5.3.2 gnome-music-lang-41.1-150400.3.3.1 gnome-remote-desktop-lang-41.3-150400.3.3.1 gtkmm3-doc-3.24.6-150400.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-150000.3.6.1 python-cairo-debugsource-1.15.1-150000.3.6.1 python2-cairo-devel-1.15.1-150000.3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): glade-catalog-libpeas-1.32.0-150400.4.3.2 libpeas-debuginfo-1.32.0-150400.4.3.2 libpeas-debugsource-1.32.0-150400.4.3.2 libvala-0_54-0-0.54.8-150400.3.3.1 libvala-0_54-0-debuginfo-0.54.8-150400.3.3.1 vala-0.54.8-150400.3.3.1 vala-debuginfo-0.54.8-150400.3.3.1 vala-debugsource-0.54.8-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): atkmm1_6-debugsource-2.28.3-150400.4.3.1 atkmm1_6-devel-2.28.3-150400.4.3.1 eog-41.2-150400.3.3.2 eog-debuginfo-41.2-150400.3.3.2 eog-debugsource-41.2-150400.3.3.2 eog-devel-41.2-150400.3.3.2 evince-41.4-150400.3.3.3 evince-debuginfo-41.4-150400.3.3.3 evince-debugsource-41.4-150400.3.3.3 evince-devel-41.4-150400.3.3.3 evince-plugin-djvudocument-41.4-150400.3.3.3 evince-plugin-djvudocument-debuginfo-41.4-150400.3.3.3 evince-plugin-dvidocument-41.4-150400.3.3.3 evince-plugin-dvidocument-debuginfo-41.4-150400.3.3.3 evince-plugin-pdfdocument-41.4-150400.3.3.3 evince-plugin-pdfdocument-debuginfo-41.4-150400.3.3.3 evince-plugin-psdocument-41.4-150400.3.3.3 evince-plugin-psdocument-debuginfo-41.4-150400.3.3.3 evince-plugin-tiffdocument-41.4-150400.3.3.3 evince-plugin-tiffdocument-debuginfo-41.4-150400.3.3.3 evince-plugin-xpsdocument-41.4-150400.3.3.3 evince-plugin-xpsdocument-debuginfo-41.4-150400.3.3.3 gcr-data-3.41.1-150400.3.3.1 gcr-debugsource-3.41.1-150400.3.3.1 gcr-prompter-3.41.1-150400.3.3.1 gcr-prompter-debuginfo-3.41.1-150400.3.3.1 gcr-ssh-agent-3.41.1-150400.3.3.1 gcr-ssh-agent-debuginfo-3.41.1-150400.3.3.1 gcr-ssh-askpass-3.41.1-150400.3.3.1 gcr-ssh-askpass-debuginfo-3.41.1-150400.3.3.1 gcr-viewer-3.41.1-150400.3.3.1 gcr-viewer-debuginfo-3.41.1-150400.3.3.1 geocode-glib-3.26.4-150400.3.3.2 geocode-glib-debugsource-3.26.4-150400.3.3.2 geocode-glib-devel-3.26.4-150400.3.3.2 gjs-1.70.2-150400.3.3.1 gjs-debuginfo-1.70.2-150400.3.3.1 gjs-debugsource-1.70.2-150400.3.3.1 gnome-control-center-41.7-150400.3.3.1 gnome-control-center-debuginfo-41.7-150400.3.3.1 gnome-control-center-debugsource-41.7-150400.3.3.1 gnome-control-center-devel-41.7-150400.3.3.1 gnome-desktop-debuginfo-41.8-150400.3.3.1 gnome-desktop-debugsource-41.8-150400.3.3.1 gnome-extensions-41.9-150400.3.3.2 gnome-extensions-debuginfo-41.9-150400.3.3.2 gnome-session-41.3-150400.3.3.1 gnome-session-core-41.3-150400.3.3.1 gnome-session-core-debuginfo-41.3-150400.3.3.1 gnome-session-debugsource-41.3-150400.3.3.1 gnome-session-default-session-41.3-150400.3.3.1 gnome-shell-41.9-150400.3.3.2 gnome-shell-debuginfo-41.9-150400.3.3.2 gnome-shell-debugsource-41.9-150400.3.3.2 gnome-shell-devel-41.9-150400.3.3.2 gnome-shell-search-provider-gnome-terminal-3.42.3-150400.3.3.1 gnome-shell-search-provider-nautilus-41.5-150400.3.3.1 gnome-software-41.5-150400.3.3.2 gnome-software-debuginfo-41.5-150400.3.3.2 gnome-software-debugsource-41.5-150400.3.3.2 gnome-software-devel-41.5-150400.3.3.2 gnome-terminal-3.42.3-150400.3.3.1 gnome-terminal-debuginfo-3.42.3-150400.3.3.1 gnome-terminal-debugsource-3.42.3-150400.3.3.1 gnome-version-41.8-150400.3.3.1 gspell-debuginfo-1.10.0-150400.3.3.1 gspell-debugsource-1.10.0-150400.3.3.1 gspell-devel-1.10.0-150400.3.3.1 gtkmm3-debugsource-3.24.6-150400.3.3.1 gtkmm3-devel-3.24.6-150400.3.3.1 gvfs-1.48.2-150400.4.6.1 gvfs-backend-afc-1.48.2-150400.4.6.1 gvfs-backend-afc-debuginfo-1.48.2-150400.4.6.1 gvfs-backend-samba-1.48.2-150400.4.6.1 gvfs-backend-samba-debuginfo-1.48.2-150400.4.6.1 gvfs-backends-1.48.2-150400.4.6.1 gvfs-backends-debuginfo-1.48.2-150400.4.6.1 gvfs-debuginfo-1.48.2-150400.4.6.1 gvfs-debugsource-1.48.2-150400.4.6.1 gvfs-devel-1.48.2-150400.4.6.1 gvfs-fuse-1.48.2-150400.4.6.1 gvfs-fuse-debuginfo-1.48.2-150400.4.6.1 libatkmm-1_6-1-2.28.3-150400.4.3.1 libatkmm-1_6-1-debuginfo-2.28.3-150400.4.3.1 libevdocument3-4-41.4-150400.3.3.3 libevdocument3-4-debuginfo-41.4-150400.3.3.3 libevview3-3-41.4-150400.3.3.3 libevview3-3-debuginfo-41.4-150400.3.3.3 libgck-1-0-3.41.1-150400.3.3.1 libgck-1-0-debuginfo-3.41.1-150400.3.3.1 libgck-devel-3.41.1-150400.3.3.1 libgcr-3-1-3.41.1-150400.3.3.1 libgcr-3-1-debuginfo-3.41.1-150400.3.3.1 libgcr-devel-3.41.1-150400.3.3.1 libgeocode-glib0-3.26.4-150400.3.3.2 libgeocode-glib0-debuginfo-3.26.4-150400.3.3.2 libgjs-devel-1.70.2-150400.3.3.1 libgjs0-1.70.2-150400.3.3.1 libgjs0-debuginfo-1.70.2-150400.3.3.1 libgnome-desktop-3-19-41.8-150400.3.3.1 libgnome-desktop-3-19-debuginfo-41.8-150400.3.3.1 libgnome-desktop-3-devel-41.8-150400.3.3.1 libgnome-desktop-3_0-common-41.8-150400.3.3.1 libgnome-desktop-3_0-common-debuginfo-41.8-150400.3.3.1 libgsf-1-114-1.14.50-150400.3.3.1 libgsf-1-114-debuginfo-1.14.50-150400.3.3.1 libgsf-debugsource-1.14.50-150400.3.3.1 libgspell-1-2-1.10.0-150400.3.3.1 libgspell-1-2-debuginfo-1.10.0-150400.3.3.1 libgtkmm-3_0-1-3.24.6-150400.3.3.1 libgtkmm-3_0-1-debuginfo-3.24.6-150400.3.3.1 libnautilus-extension1-41.5-150400.3.3.1 libnautilus-extension1-debuginfo-41.5-150400.3.3.1 libnma-debugsource-1.8.40-150400.3.3.1 libnma0-1.8.40-150400.3.3.1 libnma0-debuginfo-1.8.40-150400.3.3.1 libnotify-debugsource-0.7.12-150400.3.3.1 libnotify-devel-0.7.12-150400.3.3.1 libnotify-tools-0.7.12-150400.3.3.1 libnotify-tools-debuginfo-0.7.12-150400.3.3.1 libpeas-1_0-0-1.32.0-150400.4.3.2 libpeas-1_0-0-debuginfo-1.32.0-150400.4.3.2 libpeas-debuginfo-1.32.0-150400.4.3.2 libpeas-debugsource-1.32.0-150400.4.3.2 libpeas-devel-1.32.0-150400.4.3.2 libpeas-gtk-1_0-0-1.32.0-150400.4.3.2 libpeas-gtk-1_0-0-debuginfo-1.32.0-150400.4.3.2 libpeas-loader-python3-1.32.0-150400.4.3.2 libpeas-loader-python3-debuginfo-1.32.0-150400.4.3.2 librsvg-debugsource-2.52.9-150400.3.3.1 librsvg-devel-2.52.9-150400.3.3.1 mutter-41.9-150400.3.6.1 mutter-debuginfo-41.9-150400.3.6.1 mutter-debugsource-41.9-150400.3.6.1 mutter-devel-41.9-150400.3.6.1 nautilus-41.5-150400.3.3.1 nautilus-debuginfo-41.5-150400.3.3.1 nautilus-debugsource-41.5-150400.3.3.1 nautilus-devel-41.5-150400.3.3.1 nautilus-evince-41.4-150400.3.3.3 nautilus-evince-debuginfo-41.4-150400.3.3.3 nautilus-extension-terminal-3.42.3-150400.3.3.1 nautilus-extension-terminal-debuginfo-3.42.3-150400.3.3.1 python-cairo-common-devel-1.15.1-150000.3.6.1 python-cairo-debuginfo-1.15.1-150000.3.6.1 python-cairo-debugsource-1.15.1-150000.3.6.1 python3-cairo-devel-1.15.1-150000.3.6.1 tracker-miner-files-3.2.2-150400.3.3.1 tracker-miner-files-debuginfo-3.2.2-150400.3.3.1 tracker-miners-3.2.2-150400.3.3.1 tracker-miners-debuginfo-3.2.2-150400.3.3.1 tracker-miners-debugsource-3.2.2-150400.3.3.1 typelib-1_0-EvinceDocument-3_0-41.4-150400.3.3.3 typelib-1_0-EvinceView-3_0-41.4-150400.3.3.3 typelib-1_0-Gck-1-3.41.1-150400.3.3.1 typelib-1_0-Gcr-3-3.41.1-150400.3.3.1 typelib-1_0-GcrUi-3-3.41.1-150400.3.3.1 typelib-1_0-GeocodeGlib-1_0-3.26.4-150400.3.3.2 typelib-1_0-GjsPrivate-1_0-1.70.2-150400.3.3.1 typelib-1_0-GnomeDesktop-3_0-41.8-150400.3.3.1 typelib-1_0-Gspell-1-1.10.0-150400.3.3.1 typelib-1_0-NMA-1_0-1.8.40-150400.3.3.1 typelib-1_0-Nautilus-3_0-41.5-150400.3.3.1 typelib-1_0-Notify-0_7-0.7.12-150400.3.3.1 typelib-1_0-Peas-1_0-1.32.0-150400.4.3.2 typelib-1_0-PeasGtk-1_0-1.32.0-150400.4.3.2 typelib-1_0-Rsvg-2_0-2.52.9-150400.3.3.1 xdg-desktop-portal-gnome-41.2-150400.3.3.1 xdg-desktop-portal-gnome-debuginfo-41.2-150400.3.3.1 xdg-desktop-portal-gnome-debugsource-41.2-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): eog-lang-41.2-150400.3.3.2 evince-lang-41.4-150400.3.3.3 gcr-lang-3.41.1-150400.3.3.1 gnome-control-center-lang-41.7-150400.3.3.1 gnome-desktop-lang-41.8-150400.3.3.1 gnome-session-lang-41.3-150400.3.3.1 gnome-shell-lang-41.9-150400.3.3.2 gnome-software-lang-41.5-150400.3.3.2 gnome-terminal-lang-3.42.3-150400.3.3.1 gnome-user-docs-41.5-150400.3.3.1 gnome-user-docs-lang-41.5-150400.3.3.1 gspell-lang-1.10.0-150400.3.3.1 gvfs-lang-1.48.2-150400.4.6.1 libpeas-lang-1.32.0-150400.4.3.2 mutter-lang-41.9-150400.3.6.1 nautilus-lang-41.5-150400.3.3.1 orca-41.3-150400.3.3.1 orca-lang-41.3-150400.3.3.1 xdg-desktop-portal-gnome-lang-41.2-150400.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-cairo-common-devel-1.15.1-150000.3.6.1 python-cairo-debuginfo-1.15.1-150000.3.6.1 python-cairo-debugsource-1.15.1-150000.3.6.1 python3-cairo-devel-1.15.1-150000.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.52.9-150400.3.3.1 glib2-debugsource-2.70.5-150400.3.3.1 glib2-devel-2.70.5-150400.3.3.1 glib2-devel-debuginfo-2.70.5-150400.3.3.1 glib2-tools-2.70.5-150400.3.3.1 glib2-tools-debuginfo-2.70.5-150400.3.3.1 gtk-vnc-debuginfo-1.3.1-150400.3.3.1 gtk-vnc-debugsource-1.3.1-150400.3.3.1 libgio-2_0-0-2.70.5-150400.3.3.1 libgio-2_0-0-debuginfo-2.70.5-150400.3.3.1 libglib-2_0-0-2.70.5-150400.3.3.1 libglib-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgmodule-2_0-0-2.70.5-150400.3.3.1 libgmodule-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgobject-2_0-0-2.70.5-150400.3.3.1 libgobject-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgthread-2_0-0-2.70.5-150400.3.3.1 libgthread-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgtk-vnc-2_0-0-1.3.1-150400.3.3.1 libgtk-vnc-2_0-0-debuginfo-1.3.1-150400.3.3.1 libgvnc-1_0-0-1.3.1-150400.3.3.1 libgvnc-1_0-0-debuginfo-1.3.1-150400.3.3.1 libnotify-debugsource-0.7.12-150400.3.3.1 libnotify4-0.7.12-150400.3.3.1 libnotify4-debuginfo-0.7.12-150400.3.3.1 librsvg-2-2-2.52.9-150400.3.3.1 librsvg-2-2-debuginfo-2.52.9-150400.3.3.1 librsvg-debugsource-2.52.9-150400.3.3.1 libsecret-1-0-0.20.5-150400.4.3.1 libsecret-1-0-debuginfo-0.20.5-150400.4.3.1 libsecret-debugsource-0.20.5-150400.4.3.1 libsecret-devel-0.20.5-150400.4.3.1 python-cairo-debuginfo-1.15.1-150000.3.6.1 python-cairo-debugsource-1.15.1-150000.3.6.1 python-gobject-debuginfo-3.42.2-150400.3.3.2 python-gobject-debugsource-3.42.2-150400.3.3.2 python3-cairo-1.15.1-150000.3.6.1 python3-cairo-debuginfo-1.15.1-150000.3.6.1 python3-gobject-3.42.2-150400.3.3.2 python3-gobject-Gdk-3.42.2-150400.3.3.2 python3-gobject-cairo-3.42.2-150400.3.3.2 python3-gobject-cairo-debuginfo-3.42.2-150400.3.3.2 python3-gobject-debuginfo-3.42.2-150400.3.3.2 typelib-1_0-Secret-1-0.20.5-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libgio-2_0-0-32bit-2.70.5-150400.3.3.1 libgio-2_0-0-32bit-debuginfo-2.70.5-150400.3.3.1 libglib-2_0-0-32bit-2.70.5-150400.3.3.1 libglib-2_0-0-32bit-debuginfo-2.70.5-150400.3.3.1 libgmodule-2_0-0-32bit-2.70.5-150400.3.3.1 libgmodule-2_0-0-32bit-debuginfo-2.70.5-150400.3.3.1 libgobject-2_0-0-32bit-2.70.5-150400.3.3.1 libgobject-2_0-0-32bit-debuginfo-2.70.5-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): gio-branding-SLE-15-150400.27.2.1 glib2-lang-2.70.5-150400.3.3.1 libsecret-lang-0.20.5-150400.4.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-cairo-debuginfo-1.15.1-150000.3.6.1 python-cairo-debugsource-1.15.1-150000.3.6.1 python3-cairo-1.15.1-150000.3.6.1 python3-cairo-debuginfo-1.15.1-150000.3.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.52.9-150400.3.3.1 glib2-debugsource-2.70.5-150400.3.3.1 glib2-tools-2.70.5-150400.3.3.1 glib2-tools-debuginfo-2.70.5-150400.3.3.1 libgio-2_0-0-2.70.5-150400.3.3.1 libgio-2_0-0-debuginfo-2.70.5-150400.3.3.1 libglib-2_0-0-2.70.5-150400.3.3.1 libglib-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgmodule-2_0-0-2.70.5-150400.3.3.1 libgmodule-2_0-0-debuginfo-2.70.5-150400.3.3.1 libgobject-2_0-0-2.70.5-150400.3.3.1 libgobject-2_0-0-debuginfo-2.70.5-150400.3.3.1 librsvg-2-2-2.52.9-150400.3.3.1 librsvg-2-2-debuginfo-2.52.9-150400.3.3.1 librsvg-debugsource-2.52.9-150400.3.3.1 python-gobject-debuginfo-3.42.2-150400.3.3.2 python-gobject-debugsource-3.42.2-150400.3.3.2 python3-cairo-1.15.1-150000.3.6.1 python3-gobject-3.42.2-150400.3.3.2 python3-gobject-Gdk-3.42.2-150400.3.3.2 python3-gobject-cairo-3.42.2-150400.3.3.2 python3-gobject-cairo-debuginfo-3.42.2-150400.3.3.2 python3-gobject-debuginfo-3.42.2-150400.3.3.2 - SUSE Linux Enterprise Micro 5.3 (noarch): gio-branding-SLE-15-150400.27.2.1 References: https://bugzilla.suse.com/1175622 https://bugzilla.suse.com/1179584 https://bugzilla.suse.com/1188882 https://bugzilla.suse.com/1196205 https://bugzilla.suse.com/1200581 https://bugzilla.suse.com/1203274 https://bugzilla.suse.com/1204867 https://bugzilla.suse.com/944832 From sle-updates at lists.suse.com Wed Dec 21 17:22:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2022 18:22:14 +0100 (CET) Subject: SUSE-RU-2022:4604-1: moderate: Recommended update for scap-security-guide Message-ID: <20221221172214.F2865FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for scap-security-guide ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4604-1 Rating: moderate References: #1203602 #1205761 ECO-3319 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.65 (jsc#ECO-3319) - Introduce cui profile for OL9 - Remove Support for OVAL 5.10 - Rename account_passwords_pam_faillock_audit - CI ansible hardening and rename of existing Bash hardening - Update contributors list for v0.1.65 release - various SUSE profile specific fixes Local fixes: - fixed building of shell and ansible mitigations (bsc#1205761) - require sudo, as remediations touch sudo config or use sudo. (bsc#1203602) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4604=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): scap-security-guide-0.1.65-9.3.1 scap-security-guide-debian-0.1.65-9.3.1 scap-security-guide-redhat-0.1.65-9.3.1 scap-security-guide-ubuntu-0.1.65-9.3.1 References: https://bugzilla.suse.com/1203602 https://bugzilla.suse.com/1205761 From sle-updates at lists.suse.com Wed Dec 21 17:22:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2022 18:22:58 +0100 (CET) Subject: SUSE-SU-2022:4603-1: moderate: Security update for sqlite3 Message-ID: <20221221172258.6F7D1FD2D@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4603-1 Rating: moderate References: #1206337 Cross-References: CVE-2022-46908 CVSS scores: CVE-2022-46908 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2022-46908 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4603=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4603=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sqlite3-debuginfo-3.39.3-9.26.1 sqlite3-debugsource-3.39.3-9.26.1 sqlite3-devel-3.39.3-9.26.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.39.3-9.26.1 libsqlite3-0-debuginfo-3.39.3-9.26.1 sqlite3-3.39.3-9.26.1 sqlite3-debuginfo-3.39.3-9.26.1 sqlite3-debugsource-3.39.3-9.26.1 sqlite3-devel-3.39.3-9.26.1 sqlite3-tcl-3.39.3-9.26.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsqlite3-0-32bit-3.39.3-9.26.1 libsqlite3-0-debuginfo-32bit-3.39.3-9.26.1 References: https://www.suse.com/security/cve/CVE-2022-46908.html https://bugzilla.suse.com/1206337 From sle-updates at lists.suse.com Wed Dec 21 17:23:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Dec 2022 18:23:49 +0100 (CET) Subject: SUSE-SU-2022:4602-1: moderate: Security update for java-1_8_0-ibm Message-ID: <20221221172349.12481FD2D@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4602-1 Rating: moderate References: #1204703 #1205302 Cross-References: CVE-2022-3676 CVSS scores: CVE-2022-3676 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-3676 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for java-1_8_0-ibm fixes the following issues: IBM Security Update November 2022: (bsc#1205302, bsc#1204703) - CVE-2022-3676: A security vulnerability was fixed in version 8.0.7.20, adding the reference here. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4602=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4602=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4602=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4602=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4602=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4602=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4602=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-alsa-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-devel-1.8.0_sr7.20-30.102.1 java-1_8_0-ibm-plugin-1.8.0_sr7.20-30.102.1 References: https://www.suse.com/security/cve/CVE-2022-3676.html https://bugzilla.suse.com/1204703 https://bugzilla.suse.com/1205302 From sle-updates at lists.suse.com Thu Dec 22 08:39:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 09:39:25 +0100 (CET) Subject: SUSE-CU-2022:3421-1: Security update of suse/sles12sp5 Message-ID: <20221222083925.2C025FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3421-1 Container Tags : suse/sles12sp5:6.5.415 , suse/sles12sp5:latest Container Release : 6.5.415 Severity : moderate Type : security References : 1206309 CVE-2022-43552 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4598-1 Released: Wed Dec 21 10:13:33 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). The following package changes have been done: - libcurl4-7.60.0-11.52.1 updated From sle-updates at lists.suse.com Thu Dec 22 09:07:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:07:16 +0100 (CET) Subject: SUSE-CU-2022:3426-1: Security update of suse/389-ds Message-ID: <20221222090716.667EBFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3426-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-18.12 , suse/389-ds:latest Container Release : 18.12 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:09:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:09:20 +0100 (CET) Subject: SUSE-CU-2022:3427-1: Security update of bci/dotnet-aspnet Message-ID: <20221222090920.1AC52FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3427-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-46.5 , bci/dotnet-aspnet:3.1.32 , bci/dotnet-aspnet:3.1.32-46.5 Container Release : 46.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:11:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:11:17 +0100 (CET) Subject: SUSE-CU-2022:3428-1: Security update of bci/dotnet-aspnet Message-ID: <20221222091117.84150FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3428-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.68 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.68 Container Release : 27.68 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:13:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:13:26 +0100 (CET) Subject: SUSE-CU-2022:3429-1: Security update of bci/dotnet-aspnet Message-ID: <20221222091326.9A0F0FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3429-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-26.5 , bci/dotnet-aspnet:6.0.12 , bci/dotnet-aspnet:6.0.12-26.5 Container Release : 26.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:15:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:15:37 +0100 (CET) Subject: SUSE-CU-2022:3430-1: Security update of bci/dotnet-sdk Message-ID: <20221222091537.E6267FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3430-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-51.5 , bci/dotnet-sdk:3.1.32 , bci/dotnet-sdk:3.1.32-51.5 Container Release : 51.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:17:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:17:34 +0100 (CET) Subject: SUSE-CU-2022:3431-1: Security update of bci/dotnet-sdk Message-ID: <20221222091734.14BFFFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3431-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.67 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.67 Container Release : 35.67 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:19:32 +0100 (CET) Subject: SUSE-CU-2022:3432-1: Security update of bci/dotnet-sdk Message-ID: <20221222091932.81EDBFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3432-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-28.5 , bci/dotnet-sdk:6.0.12 , bci/dotnet-sdk:6.0.12-28.5 Container Release : 28.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:21:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:21:24 +0100 (CET) Subject: SUSE-CU-2022:3433-1: Security update of bci/dotnet-runtime Message-ID: <20221222092124.92008FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3433-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-52.5 , bci/dotnet-runtime:3.1.32 , bci/dotnet-runtime:3.1.32-52.5 Container Release : 52.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:23:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:23:11 +0100 (CET) Subject: SUSE-CU-2022:3434-1: Security update of bci/dotnet-runtime Message-ID: <20221222092311.EC207FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3434-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.66 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.66 Container Release : 34.66 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:24:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:24:51 +0100 (CET) Subject: SUSE-CU-2022:3435-1: Security update of bci/dotnet-runtime Message-ID: <20221222092451.DAF02FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3435-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-25.5 , bci/dotnet-runtime:6.0.12 , bci/dotnet-runtime:6.0.12-25.5 Container Release : 25.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:27:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:27:40 +0100 (CET) Subject: SUSE-CU-2022:3436-1: Security update of bci/golang Message-ID: <20221222092740.67BA6FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3436-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.112 Container Release : 30.112 Severity : important Type : security References : 1179465 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:30:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:30:36 +0100 (CET) Subject: SUSE-CU-2022:3437-1: Security update of bci/golang Message-ID: <20221222093036.B173EFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3437-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.113 Container Release : 29.113 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:33:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:33:34 +0100 (CET) Subject: SUSE-CU-2022:3438-1: Security update of bci/golang Message-ID: <20221222093334.4E351FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3438-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.7 Container Release : 19.7 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:35:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:35:42 +0100 (CET) Subject: SUSE-CU-2022:3439-1: Security update of bci/bci-init Message-ID: <20221222093542.3DB20FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3439-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.58 , bci/bci-init:latest Container Release : 24.58 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:37:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:37:51 +0100 (CET) Subject: SUSE-CU-2022:3440-1: Security update of bci/nodejs Message-ID: <20221222093751.6E3FAFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3440-1 Container Tags : bci/node:14 , bci/node:14-36.7 , bci/nodejs:14 , bci/nodejs:14-36.7 Container Release : 36.7 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:39:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:39:17 +0100 (CET) Subject: SUSE-CU-2022:3441-1: Security update of bci/nodejs Message-ID: <20221222093917.872A2FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3441-1 Container Tags : bci/node:16 , bci/node:16-12.7 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-12.7 , bci/nodejs:latest Container Release : 12.7 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:43:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:43:18 +0100 (CET) Subject: SUSE-CU-2022:3442-1: Security update of bci/openjdk-devel Message-ID: <20221222094318.A9E2EFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3442-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.16 Container Release : 38.16 Severity : important Type : security References : 1175622 1179584 1188882 1196205 1200581 1203274 1204867 1206308 1206309 944832 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - container:bci-openjdk-11-15.4.11-34.8 updated From sle-updates at lists.suse.com Thu Dec 22 09:46:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:46:16 +0100 (CET) Subject: SUSE-CU-2022:3443-1: Security update of bci/openjdk Message-ID: <20221222094616.B2F49FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3443-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.8 Container Release : 34.8 Severity : important Type : security References : 1175622 1179584 1188882 1196205 1200581 1203274 1204867 1206308 1206309 944832 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal The following package changes have been done: - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 09:46:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:46:40 +0100 (CET) Subject: SUSE-CU-2022:3444-1: Security update of bci/openjdk-devel Message-ID: <20221222094640.13089FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3444-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.13 , bci/openjdk-devel:latest Container Release : 12.13 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:bci-openjdk-17-15.4.17-11.6 updated From sle-updates at lists.suse.com Thu Dec 22 09:47:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 10:47:01 +0100 (CET) Subject: SUSE-CU-2022:3445-1: Security update of bci/openjdk Message-ID: <20221222094701.CBF0CFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3445-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-11.6 , bci/openjdk:latest Container Release : 11.6 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Thu Dec 22 14:20:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 15:20:10 +0100 (CET) Subject: SUSE-SU-2022:4606-1: moderate: Security update for helm Message-ID: <20221222142010.DD2DCFD84@maintenance.suse.de> SUSE Security Update: Security update for helm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4606-1 Rating: moderate References: #1181419 #1206467 #1206469 #1206471 Cross-References: CVE-2021-21272 CVE-2022-1996 CVE-2022-23524 CVE-2022-23525 CVE-2022-23526 CVSS scores: CVE-2021-21272 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-1996 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-23524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23524 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23525 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23525 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23526 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23526 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for helm fixes the following issues: Update to version 3.10.3: - CVE-2022-23524: Fixed a denial of service in the string value parsing (bsc#1206467). - CVE-2022-23525: Fixed a denial of service with the repository index file (bsc#1206469). - CVE-2022-23526: Fixed a denial of service in the schema file handling (bsc#1206471). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4606=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4606=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4606=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4606=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): helm-3.10.3-150000.1.13.1 helm-debuginfo-3.10.3-150000.1.13.1 - openSUSE Leap 15.4 (noarch): helm-bash-completion-3.10.3-150000.1.13.1 helm-fish-completion-3.10.3-150000.1.13.1 helm-zsh-completion-3.10.3-150000.1.13.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): helm-3.10.3-150000.1.13.1 helm-debuginfo-3.10.3-150000.1.13.1 - openSUSE Leap 15.3 (noarch): helm-bash-completion-3.10.3-150000.1.13.1 helm-fish-completion-3.10.3-150000.1.13.1 helm-zsh-completion-3.10.3-150000.1.13.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): helm-fish-completion-3.10.3-150000.1.13.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): helm-3.10.3-150000.1.13.1 helm-debuginfo-3.10.3-150000.1.13.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): helm-bash-completion-3.10.3-150000.1.13.1 helm-zsh-completion-3.10.3-150000.1.13.1 References: https://www.suse.com/security/cve/CVE-2021-21272.html https://www.suse.com/security/cve/CVE-2022-1996.html https://www.suse.com/security/cve/CVE-2022-23524.html https://www.suse.com/security/cve/CVE-2022-23525.html https://www.suse.com/security/cve/CVE-2022-23526.html https://bugzilla.suse.com/1181419 https://bugzilla.suse.com/1206467 https://bugzilla.suse.com/1206469 https://bugzilla.suse.com/1206471 From sle-updates at lists.suse.com Thu Dec 22 14:21:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 15:21:16 +0100 (CET) Subject: SUSE-SU-2022:4607-1: moderate: Security update for conmon Message-ID: <20221222142116.A90A3FD84@maintenance.suse.de> SUSE Security Update: Security update for conmon ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4607-1 Rating: moderate References: #1200285 Cross-References: CVE-2022-1708 CVSS scores: CVE-2022-1708 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1708 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4607=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4607=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4607=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4607=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4607=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4607=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): conmon-2.1.5-150300.8.6.1 conmon-debuginfo-2.1.5-150300.8.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): conmon-2.1.5-150300.8.6.1 conmon-debuginfo-2.1.5-150300.8.6.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): conmon-2.1.5-150300.8.6.1 conmon-debuginfo-2.1.5-150300.8.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): conmon-2.1.5-150300.8.6.1 conmon-debuginfo-2.1.5-150300.8.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): conmon-2.1.5-150300.8.6.1 conmon-debuginfo-2.1.5-150300.8.6.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): conmon-2.1.5-150300.8.6.1 conmon-debuginfo-2.1.5-150300.8.6.1 References: https://www.suse.com/security/cve/CVE-2022-1708.html https://bugzilla.suse.com/1200285 From sle-updates at lists.suse.com Thu Dec 22 20:19:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 21:19:45 +0100 (CET) Subject: SUSE-RU-2022:3555-2: important: Recommended update for aaa_base Message-ID: <20221222201945.27742FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:3555-2 Rating: important References: #1199492 Affected Products: openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issues: - The wrapper rootsh is not a restricted shell. (bsc#1199492) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-3555=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-150300.10.3.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-150300.10.3.1 aaa_base-debugsource-84.87+git20180409.04c9dae-150300.10.3.1 References: https://bugzilla.suse.com/1199492 From sle-updates at lists.suse.com Thu Dec 22 20:20:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Dec 2022 21:20:55 +0100 (CET) Subject: SUSE-RU-2022:4609-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20221222202055.446D8FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4609-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150000_150_101, 4_12_14-150000_150_104, 4_12_14-150100_197_123, 4_12_14-150100_197_126, 5_14_21-150400_24_21, 5_14_21-150400_24_28, 5_3_18-150200_24_129, 5_3_18-150200_24_134, 5_3_18-150300_59_93, 5_3_18-150300_59_98. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-4609=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4609=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2022-4609=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.119.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.119.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.119.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Fri Dec 23 08:25:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:25:39 +0100 (CET) Subject: SUSE-CU-2022:3446-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20221223082539.45924FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3446-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.58 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.58 Severity : moderate Type : recommended References : 1175622 1179584 1188882 1196205 1200581 1203274 1204867 944832 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal The following package changes have been done: - libgmodule-2_0-0-2.70.5-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Dec 23 08:26:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:26:15 +0100 (CET) Subject: SUSE-CU-2022:3447-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20221223082615.3FD65FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3447-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.23 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.23 Severity : moderate Type : recommended References : 1175622 1179584 1188882 1196205 1200581 1203274 1204867 944832 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal The following package changes have been done: - libgmodule-2_0-0-2.70.5-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Dec 23 08:29:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:29:15 +0100 (CET) Subject: SUSE-CU-2022:3448-1: Security update of bci/golang Message-ID: <20221223082915.63CB5FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3448-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-19.6 , bci/golang:latest Container Release : 19.6 Severity : important Type : security References : 1179465 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4499-1 Released: Thu Dec 15 10:48:49 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issues: - Make ssh connections update their dbus environment (bsc#1179465): * Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - openssh-common-8.4p1-150300.3.15.4 updated - openssh-fips-8.4p1-150300.3.15.4 updated - openssh-clients-8.4p1-150300.3.15.4 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Fri Dec 23 08:29:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:29:40 +0100 (CET) Subject: SUSE-CU-2022:3445-1: Security update of bci/openjdk Message-ID: <20221223082940.9B86EFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3445-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-11.6 , bci/openjdk:latest Container Release : 11.6 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Fri Dec 23 08:33:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:33:37 +0100 (CET) Subject: SUSE-CU-2022:3449-1: Security update of suse/pcp Message-ID: <20221223083337.1BC55FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3449-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.116 , suse/pcp:latest Container Release : 11.116 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:bci-bci-init-15.4-15.4-24.58 updated From sle-updates at lists.suse.com Fri Dec 23 08:35:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:35:43 +0100 (CET) Subject: SUSE-CU-2022:3450-1: Security update of bci/python Message-ID: <20221223083543.37C32FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3450-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-10.5 , bci/python:latest Container Release : 10.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - curl-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Fri Dec 23 08:38:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:38:04 +0100 (CET) Subject: SUSE-CU-2022:3451-1: Security update of bci/python Message-ID: <20221223083804.DA96BFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3451-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-33.5 Container Release : 33.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - curl-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Fri Dec 23 08:42:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:42:09 +0100 (CET) Subject: SUSE-CU-2022:3452-1: Security update of bci/ruby Message-ID: <20221223084209.89A9EFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3452-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-32.5 , bci/ruby:latest Container Release : 32.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - curl-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Fri Dec 23 08:42:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:42:59 +0100 (CET) Subject: SUSE-CU-2022:3453-1: Security update of bci/rust Message-ID: <20221223084259.D0A60FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3453-1 Container Tags : bci/rust:1.64 , bci/rust:1.64-4.5 Container Release : 4.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Fri Dec 23 08:43:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:43:18 +0100 (CET) Subject: SUSE-CU-2022:3454-1: Security update of bci/rust Message-ID: <20221223084318.BA732FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3454-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-12.5 , bci/rust:latest Container Release : 12.5 Severity : important Type : security References : 1206308 1206309 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). The following package changes have been done: - libcurl4-7.79.1-150400.5.12.1 updated - container:sles15-image-15.0.0-27.14.25 updated From sle-updates at lists.suse.com Fri Dec 23 08:45:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 09:45:21 +0100 (CET) Subject: SUSE-CU-2022:3455-1: Security update of suse/sle15 Message-ID: <20221223084521.C0C06FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3455-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.25 , suse/sle15:15.4 , suse/sle15:15.4.27.14.25 Container Release : 27.14.25 Severity : important Type : security References : 1175622 1179584 1188882 1196205 1200581 1203274 1204867 1206308 1206309 944832 CVE-2022-43551 CVE-2022-43552 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal The following package changes have been done: - curl-7.79.1-150400.5.12.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - libglib-2_0-0-2.70.5-150400.3.3.1 updated From sle-updates at lists.suse.com Fri Dec 23 14:21:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 15:21:41 +0100 (CET) Subject: SUSE-SU-2022:4614-1: important: Security update for the Linux Kernel Message-ID: <20221223142141.1999AFD89@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4614-1 Rating: important References: #1198702 #1199365 #1200845 #1201725 #1202686 #1202700 #1203008 #1203066 #1203067 #1203322 #1203391 #1203496 #1203514 #1203860 #1203960 #1204017 #1204053 #1204168 #1204170 #1204354 #1204355 #1204402 #1204414 #1204415 #1204417 #1204424 #1204431 #1204432 #1204439 #1204446 #1204470 #1204479 #1204486 #1204574 #1204575 #1204576 #1204631 #1204635 #1204636 #1204637 #1204646 #1204647 #1204653 #1204780 #1204850 #1205128 #1205130 #1205220 #1205473 #1205514 #1205617 #1205671 #1205700 #1205705 #1205709 #1205711 #1205796 #1206207 #1206228 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-2602 CVE-2022-28693 CVE-2022-28748 CVE-2022-2964 CVE-2022-2978 CVE-2022-3169 CVE-2022-3176 CVE-2022-3521 CVE-2022-3524 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3646 CVE-2022-3649 CVE-2022-3707 CVE-2022-3903 CVE-2022-39189 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 43 vulnerabilities and has 16 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3625: Fixed a user-after-free vulnerability in devlink_param_set/devlink_param_get of the file net/core/devlink.c (bsc#1204637). - CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-39189: Fixed an issue were an unprivileged guest users can compromise the guest kernel because TLB flush operations were mishandled in certain KVM_VCPU_PREEMPTED situations (bsc#1203066). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-2978: Fixed a use-after-free in the NILFS file system (bsc#1202700). The following non-security bugs were fixed: - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Allow cleanup of VMBUS_CONNECT_CPU if disconnected (bsc#1204017). - Drivers: hv: vmbus: Always handle the VMBus messages on CPU0 (bsc#1204017). - Drivers: hv: vmbus: Do not bind the offer&rescind works to a specific CPU (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Move __vmbus_open() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (bsc#1204017). - Drivers: hv: vmbus: Replace the per-CPU channel lists with a global array of channels (bsc#1204017). - Drivers: hv: vmbus: Use a spin lock for synchronizing channel scheduling vs. channel removal (bsc#1204017). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add hibernation support (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (bsc#1204017). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix hibernation in case interrupts are not re-created (bsc#1204446). - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845). - PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845). - PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017, bsc#1203860). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Prepare hv_compose_msi_msg() for the VMBus-channel-interrupt-to-vCPU reassignment functionality (bsc#1204017). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use struct_size() helper (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Add the support of hibernation (bsc#1204017). - hv_netvsc: Add validation for untrusted Hyper-V values (bsc#1204017). - hv_netvsc: Cache the current data path to avoid duplicate call and message (bsc#1204017). - hv_netvsc: Check VF datapath when sending traffic to VF (bsc#1204017). - hv_netvsc: Fix hibernation for mlx5 VF driver (bsc#1204850). - hv_netvsc: Fix potential dereference of NULL pointer (bsc#1204017). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (bsc#1204017). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Remove unnecessary round_up for recv_completion_cnt (bsc#1204017). - hv_netvsc: Reset the RSC count if NVSP_STAT_FAIL in netvsc_receive() (bsc#1204017). - hv_netvsc: Switch the data path at the right time during hibernation (bsc#1204850). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: netvsc: remove break after return (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - xfs: reserve data and rt quota at the same time (bsc#1203496). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-4614=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.109.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.109.1 dlm-kmp-rt-4.12.14-10.109.1 dlm-kmp-rt-debuginfo-4.12.14-10.109.1 gfs2-kmp-rt-4.12.14-10.109.1 gfs2-kmp-rt-debuginfo-4.12.14-10.109.1 kernel-rt-4.12.14-10.109.1 kernel-rt-base-4.12.14-10.109.1 kernel-rt-base-debuginfo-4.12.14-10.109.1 kernel-rt-debuginfo-4.12.14-10.109.1 kernel-rt-debugsource-4.12.14-10.109.1 kernel-rt-devel-4.12.14-10.109.1 kernel-rt-devel-debuginfo-4.12.14-10.109.1 kernel-rt_debug-4.12.14-10.109.1 kernel-rt_debug-debuginfo-4.12.14-10.109.1 kernel-rt_debug-debugsource-4.12.14-10.109.1 kernel-rt_debug-devel-4.12.14-10.109.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.109.1 kernel-syms-rt-4.12.14-10.109.1 ocfs2-kmp-rt-4.12.14-10.109.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.109.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.109.1 kernel-source-rt-4.12.14-10.109.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1199365 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201725 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203496 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203860 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204053 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204432 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204780 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205700 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205711 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1206207 https://bugzilla.suse.com/1206228 From sle-updates at lists.suse.com Fri Dec 23 14:28:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 15:28:50 +0100 (CET) Subject: SUSE-SU-2022:4615-1: important: Security update for the Linux Kernel Message-ID: <20221223142850.961A5FD89@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4615-1 Rating: important References: #1196018 #1198702 #1200788 #1201455 #1202686 #1203008 #1203183 #1203290 #1203322 #1203514 #1203960 #1203987 #1204166 #1204168 #1204170 #1204354 #1204355 #1204402 #1204414 #1204415 #1204424 #1204431 #1204432 #1204439 #1204479 #1204574 #1204576 #1204631 #1204635 #1204636 #1204646 #1204647 #1204653 #1204868 #1205006 #1205128 #1205130 #1205220 #1205473 #1205514 #1205671 #1205705 #1205709 #1205796 #1206113 #1206114 #1206207 Cross-References: CVE-2021-4037 CVE-2022-2153 CVE-2022-28693 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3521 CVE-2022-3524 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41848 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 38 vulnerabilities and has 9 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-3545: Fixed a use-after-free in area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in the KVM subsystem, when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987). The following non-security bugs were fixed: - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - sunrpc: Re-purpose trace_svc_process (bsc#1205006). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4615=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4615=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4615=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4615=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-4615=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-4615=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.114.1 kernel-default-base-4.12.14-95.114.1 kernel-default-base-debuginfo-4.12.14-95.114.1 kernel-default-debuginfo-4.12.14-95.114.1 kernel-default-debugsource-4.12.14-95.114.1 kernel-default-devel-4.12.14-95.114.1 kernel-default-devel-debuginfo-4.12.14-95.114.1 kernel-syms-4.12.14-95.114.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.114.1 kernel-macros-4.12.14-95.114.1 kernel-source-4.12.14-95.114.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.114.1 kernel-macros-4.12.14-95.114.1 kernel-source-4.12.14-95.114.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.114.1 kernel-default-base-4.12.14-95.114.1 kernel-default-base-debuginfo-4.12.14-95.114.1 kernel-default-debuginfo-4.12.14-95.114.1 kernel-default-debugsource-4.12.14-95.114.1 kernel-default-devel-4.12.14-95.114.1 kernel-default-devel-debuginfo-4.12.14-95.114.1 kernel-syms-4.12.14-95.114.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.114.1 kernel-default-base-4.12.14-95.114.1 kernel-default-base-debuginfo-4.12.14-95.114.1 kernel-default-debuginfo-4.12.14-95.114.1 kernel-default-debugsource-4.12.14-95.114.1 kernel-default-devel-4.12.14-95.114.1 kernel-syms-4.12.14-95.114.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.114.1 kernel-macros-4.12.14-95.114.1 kernel-source-4.12.14-95.114.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.114.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.114.1 kernel-default-base-4.12.14-95.114.1 kernel-default-base-debuginfo-4.12.14-95.114.1 kernel-default-debuginfo-4.12.14-95.114.1 kernel-default-debugsource-4.12.14-95.114.1 kernel-default-devel-4.12.14-95.114.1 kernel-syms-4.12.14-95.114.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.114.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.114.1 kernel-macros-4.12.14-95.114.1 kernel-source-4.12.14-95.114.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.114.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.114.1 kernel-default-kgraft-devel-4.12.14-95.114.1 kgraft-patch-4_12_14-95_114-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.114.1 cluster-md-kmp-default-debuginfo-4.12.14-95.114.1 dlm-kmp-default-4.12.14-95.114.1 dlm-kmp-default-debuginfo-4.12.14-95.114.1 gfs2-kmp-default-4.12.14-95.114.1 gfs2-kmp-default-debuginfo-4.12.14-95.114.1 kernel-default-debuginfo-4.12.14-95.114.1 kernel-default-debugsource-4.12.14-95.114.1 ocfs2-kmp-default-4.12.14-95.114.1 ocfs2-kmp-default-debuginfo-4.12.14-95.114.1 References: https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204432 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1205006 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206207 From sle-updates at lists.suse.com Fri Dec 23 14:36:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 15:36:12 +0100 (CET) Subject: SUSE-SU-2022:4616-1: important: Security update for the Linux Kernel Message-ID: <20221223143612.E9E44FD89@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4616-1 Rating: important References: #1065729 #1071995 #1156395 #1184350 #1189297 #1192761 #1199657 #1200845 #1201455 #1201469 #1203144 #1203746 #1203960 #1204017 #1204142 #1204215 #1204228 #1204241 #1204328 #1204414 #1204446 #1204636 #1204693 #1204780 #1204791 #1204810 #1204827 #1204850 #1204868 #1204934 #1204957 #1204963 #1204967 #1205128 #1205130 #1205220 #1205264 #1205329 #1205330 #1205428 #1205473 #1205514 #1205567 #1205617 #1205671 #1205700 #1205705 #1205709 #1205753 #1205796 #1205984 #1205985 #1205986 #1205987 #1205988 #1205989 #1206032 #1206037 #1206207 Cross-References: CVE-2022-2602 CVE-2022-28693 CVE-2022-29900 CVE-2022-29901 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-29901 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP3-BCL SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 19 vulnerabilities and has 40 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" (git-fixes). - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use "unsigned long" for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4616=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4616=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4616=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-4616=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-4616=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-4616=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-4616=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2022-4616=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2022-4616=1 - SUSE Linux Enterprise Server 15-SP3-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-BCL-2022-4616=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-4616=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4616=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-4616=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-4616=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4616=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4616=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4616=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2022-4616=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2022-4616=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-4616=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4616=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.106.1 dtb-zte-5.3.18-150300.59.106.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.106.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.106.1 dlm-kmp-default-5.3.18-150300.59.106.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.106.1 gfs2-kmp-default-5.3.18-150300.59.106.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-base-rebuild-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-default-extra-5.3.18-150300.59.106.1 kernel-default-extra-debuginfo-5.3.18-150300.59.106.1 kernel-default-livepatch-5.3.18-150300.59.106.1 kernel-default-livepatch-devel-5.3.18-150300.59.106.1 kernel-default-optional-5.3.18-150300.59.106.1 kernel-default-optional-debuginfo-5.3.18-150300.59.106.1 kernel-obs-build-5.3.18-150300.59.106.1 kernel-obs-build-debugsource-5.3.18-150300.59.106.1 kernel-obs-qa-5.3.18-150300.59.106.1 kernel-syms-5.3.18-150300.59.106.1 kselftests-kmp-default-5.3.18-150300.59.106.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.106.1 ocfs2-kmp-default-5.3.18-150300.59.106.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.106.1 reiserfs-kmp-default-5.3.18-150300.59.106.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.106.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.106.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.106.1 dlm-kmp-preempt-5.3.18-150300.59.106.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.106.1 gfs2-kmp-preempt-5.3.18-150300.59.106.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-devel-5.3.18-150300.59.106.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-extra-5.3.18-150300.59.106.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.106.1 kernel-preempt-optional-5.3.18-150300.59.106.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.106.1 kselftests-kmp-preempt-5.3.18-150300.59.106.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.106.1 ocfs2-kmp-preempt-5.3.18-150300.59.106.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.106.1 reiserfs-kmp-preempt-5.3.18-150300.59.106.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.106.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.106.1 kernel-debug-debuginfo-5.3.18-150300.59.106.1 kernel-debug-debugsource-5.3.18-150300.59.106.1 kernel-debug-devel-5.3.18-150300.59.106.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.106.1 kernel-debug-livepatch-devel-5.3.18-150300.59.106.1 kernel-kvmsmall-5.3.18-150300.59.106.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.106.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.106.1 kernel-kvmsmall-devel-5.3.18-150300.59.106.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.106.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.106.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.106.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.106.1 dlm-kmp-64kb-5.3.18-150300.59.106.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.106.1 dtb-al-5.3.18-150300.59.106.1 dtb-allwinner-5.3.18-150300.59.106.1 dtb-altera-5.3.18-150300.59.106.1 dtb-amd-5.3.18-150300.59.106.1 dtb-amlogic-5.3.18-150300.59.106.1 dtb-apm-5.3.18-150300.59.106.1 dtb-arm-5.3.18-150300.59.106.1 dtb-broadcom-5.3.18-150300.59.106.1 dtb-cavium-5.3.18-150300.59.106.1 dtb-exynos-5.3.18-150300.59.106.1 dtb-freescale-5.3.18-150300.59.106.1 dtb-hisilicon-5.3.18-150300.59.106.1 dtb-lg-5.3.18-150300.59.106.1 dtb-marvell-5.3.18-150300.59.106.1 dtb-mediatek-5.3.18-150300.59.106.1 dtb-nvidia-5.3.18-150300.59.106.1 dtb-qcom-5.3.18-150300.59.106.1 dtb-renesas-5.3.18-150300.59.106.1 dtb-rockchip-5.3.18-150300.59.106.1 dtb-socionext-5.3.18-150300.59.106.1 dtb-sprd-5.3.18-150300.59.106.1 dtb-xilinx-5.3.18-150300.59.106.1 dtb-zte-5.3.18-150300.59.106.1 gfs2-kmp-64kb-5.3.18-150300.59.106.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.106.1 kernel-64kb-5.3.18-150300.59.106.1 kernel-64kb-debuginfo-5.3.18-150300.59.106.1 kernel-64kb-debugsource-5.3.18-150300.59.106.1 kernel-64kb-devel-5.3.18-150300.59.106.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.106.1 kernel-64kb-extra-5.3.18-150300.59.106.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.106.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.106.1 kernel-64kb-optional-5.3.18-150300.59.106.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.106.1 kselftests-kmp-64kb-5.3.18-150300.59.106.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.106.1 ocfs2-kmp-64kb-5.3.18-150300.59.106.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.106.1 reiserfs-kmp-64kb-5.3.18-150300.59.106.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.106.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-docs-5.3.18-150300.59.106.1 kernel-docs-html-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 kernel-source-5.3.18-150300.59.106.1 kernel-source-vanilla-5.3.18-150300.59.106.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.106.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.106.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.106.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Manager Server 4.2 (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 - SUSE Manager Server 4.2 (x86_64): kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 - SUSE Manager Server 4.2 (s390x): kernel-zfcpdump-5.3.18-150300.59.106.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.106.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.106.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 - SUSE Manager Retail Branch Server 4.2 (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 - SUSE Manager Proxy 4.2 (x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 - SUSE Manager Proxy 4.2 (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-extra-5.3.18-150300.59.106.1 kernel-default-extra-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-extra-5.3.18-150300.59.106.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-obs-build-5.3.18-150300.59.106.1 kernel-obs-build-debugsource-5.3.18-150300.59.106.1 kernel-syms-5.3.18-150300.59.106.1 reiserfs-kmp-default-5.3.18-150300.59.106.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-devel-5.3.18-150300.59.106.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-docs-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 kernel-source-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-obs-build-5.3.18-150300.59.106.1 kernel-obs-build-debugsource-5.3.18-150300.59.106.1 kernel-syms-5.3.18-150300.59.106.1 reiserfs-kmp-default-5.3.18-150300.59.106.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-devel-5.3.18-150300.59.106.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64): kernel-64kb-5.3.18-150300.59.106.1 kernel-64kb-debuginfo-5.3.18-150300.59.106.1 kernel-64kb-debugsource-5.3.18-150300.59.106.1 kernel-64kb-devel-5.3.18-150300.59.106.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-docs-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 kernel-source-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (s390x): kernel-zfcpdump-5.3.18-150300.59.106.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.106.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server 15-SP3-BCL (x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-obs-build-5.3.18-150300.59.106.1 kernel-obs-build-debugsource-5.3.18-150300.59.106.1 kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-devel-5.3.18-150300.59.106.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.106.1 kernel-syms-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Server 15-SP3-BCL (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-docs-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 kernel-source-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-docs-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 kernel-source-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-obs-build-5.3.18-150300.59.106.1 kernel-obs-build-debugsource-5.3.18-150300.59.106.1 kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-devel-5.3.18-150300.59.106.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.106.1 kernel-syms-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-livepatch-5.3.18-150300.59.106.1 kernel-default-livepatch-devel-5.3.18-150300.59.106.1 kernel-livepatch-5_3_18-150300_59_106-default-1-150300.7.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 reiserfs-kmp-default-5.3.18-150300.59.106.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.106.1 kernel-obs-build-debugsource-5.3.18-150300.59.106.1 kernel-syms-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-devel-5.3.18-150300.59.106.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.106.1 kernel-source-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.106.1 kernel-64kb-debuginfo-5.3.18-150300.59.106.1 kernel-64kb-debugsource-5.3.18-150300.59.106.1 kernel-64kb-devel-5.3.18-150300.59.106.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.106.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.106.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-obs-build-5.3.18-150300.59.106.1 kernel-obs-build-debugsource-5.3.18-150300.59.106.1 kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-devel-5.3.18-150300.59.106.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.106.1 kernel-syms-5.3.18-150300.59.106.1 reiserfs-kmp-default-5.3.18-150300.59.106.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64): kernel-64kb-5.3.18-150300.59.106.1 kernel-64kb-debuginfo-5.3.18-150300.59.106.1 kernel-64kb-debugsource-5.3.18-150300.59.106.1 kernel-64kb-devel-5.3.18-150300.59.106.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-docs-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 kernel-source-5.3.18-150300.59.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-obs-build-5.3.18-150300.59.106.1 kernel-obs-build-debugsource-5.3.18-150300.59.106.1 kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-devel-5.3.18-150300.59.106.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.106.1 kernel-syms-5.3.18-150300.59.106.1 reiserfs-kmp-default-5.3.18-150300.59.106.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64): kernel-64kb-5.3.18-150300.59.106.1 kernel-64kb-debuginfo-5.3.18-150300.59.106.1 kernel-64kb-debugsource-5.3.18-150300.59.106.1 kernel-64kb-devel-5.3.18-150300.59.106.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-docs-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 kernel-source-5.3.18-150300.59.106.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.106.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.106.1 dlm-kmp-default-5.3.18-150300.59.106.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.106.1 gfs2-kmp-default-5.3.18-150300.59.106.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 ocfs2-kmp-default-5.3.18-150300.59.106.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.106.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): kernel-default-5.3.18-150300.59.106.1 kernel-default-base-5.3.18-150300.59.106.1.150300.18.60.2 kernel-default-debuginfo-5.3.18-150300.59.106.1 kernel-default-debugsource-5.3.18-150300.59.106.1 kernel-default-devel-5.3.18-150300.59.106.1 kernel-default-devel-debuginfo-5.3.18-150300.59.106.1 kernel-obs-build-5.3.18-150300.59.106.1 kernel-obs-build-debugsource-5.3.18-150300.59.106.1 kernel-preempt-5.3.18-150300.59.106.1 kernel-preempt-debuginfo-5.3.18-150300.59.106.1 kernel-preempt-debugsource-5.3.18-150300.59.106.1 kernel-preempt-devel-5.3.18-150300.59.106.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.106.1 kernel-syms-5.3.18-150300.59.106.1 reiserfs-kmp-default-5.3.18-150300.59.106.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.106.1 - SUSE Enterprise Storage 7.1 (aarch64): kernel-64kb-5.3.18-150300.59.106.1 kernel-64kb-debuginfo-5.3.18-150300.59.106.1 kernel-64kb-debugsource-5.3.18-150300.59.106.1 kernel-64kb-devel-5.3.18-150300.59.106.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.106.1 - SUSE Enterprise Storage 7.1 (noarch): kernel-devel-5.3.18-150300.59.106.1 kernel-docs-5.3.18-150300.59.106.1 kernel-macros-5.3.18-150300.59.106.1 kernel-source-5.3.18-150300.59.106.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-29900.html https://www.suse.com/security/cve/CVE-2022-29901.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1189297 https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1199657 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1201469 https://bugzilla.suse.com/1203144 https://bugzilla.suse.com/1203746 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204215 https://bugzilla.suse.com/1204228 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204328 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204780 https://bugzilla.suse.com/1204791 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204827 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204934 https://bugzilla.suse.com/1204957 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1204967 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205264 https://bugzilla.suse.com/1205329 https://bugzilla.suse.com/1205330 https://bugzilla.suse.com/1205428 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205567 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205700 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205753 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1205984 https://bugzilla.suse.com/1205985 https://bugzilla.suse.com/1205986 https://bugzilla.suse.com/1205987 https://bugzilla.suse.com/1205988 https://bugzilla.suse.com/1205989 https://bugzilla.suse.com/1206032 https://bugzilla.suse.com/1206037 https://bugzilla.suse.com/1206207 From sle-updates at lists.suse.com Fri Dec 23 14:43:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 15:43:30 +0100 (CET) Subject: SUSE-SU-2022:4613-1: important: Security update for the Linux Kernel Message-ID: <20221223144330.547E4FD89@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4613-1 Rating: important References: #1065729 #1071995 #1156395 #1184350 #1189297 #1192761 #1200845 #1201455 #1203144 #1203746 #1204017 #1204142 #1204215 #1204241 #1204328 #1204446 #1204631 #1204636 #1204693 #1204780 #1204791 #1204810 #1204827 #1204850 #1204868 #1204934 #1204957 #1204963 #1204967 #1205128 #1205130 #1205186 #1205220 #1205329 #1205330 #1205428 #1205473 #1205514 #1205617 #1205671 #1205700 #1205705 #1205709 #1205753 #1205796 #1205984 #1205985 #1205986 #1205987 #1205988 #1205989 #1206032 #1206037 #1206207 Cross-References: CVE-2022-2602 CVE-2022-28693 CVE-2022-3567 CVE-2022-3628 CVE-2022-3635 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-41850 CVE-2022-41858 CVE-2022-42895 CVE-2022-42896 CVE-2022-4378 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 17 vulnerabilities and has 37 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe" (git-fixes). - ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe" (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe" (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573) - Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017). - Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017). - Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes). - Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes). - Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes). - Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: remove unused function (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes). - KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes). - KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes). - KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes). - KVM: s390: Fix handle_sske page fault handling (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes). - KVM: s390: get rid of register asm usage (git-fixes). - KVM: s390: pv: avoid stalls when making pages secure (git-fixes). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390: reduce number of IO pins to 1 (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215). - NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215). - PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Drop msi_controller structure (bsc#1204446). - PCI: hv: Fix a race condition when removing the device (bsc#1204446). - PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845). - PCI: hv: Fix typo (bsc#1204446). - PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446). - PCI: hv: Remove unnecessary use of %hx (bsc#1204446). - PCI: hv: Support for create interrupt v3 (bsc#1204446). - PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - RDMA/core/sa_query: Remove unused argument (git-fixes) - RDMA/hns: Fix spelling mistakes of original (git-fixes) - RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes) - RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes) - RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes) - RDMA/rxe: Fix memory leak in error path code (git-fixes) - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: option: remove old LARA-R6 PID. - Xen/gntdev: do not ignore kernel unmapping error (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - arm/xen: Do not probe xenbus as part of an early initcall (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes) - arm64: dts: juno: Add thermal critical trip points (git-fixes) - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - blk-crypto: fix check for too-large dun_bytes (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes). - block: Add a helper to validate the block size (git-fixes). - block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328). - block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes). - block: ataflop: more blk-mq refactoring fixes (git-fixes). - block: fix infinite loop for invalid zone append (git-fixes). - block: limit request dispatch loop duration (git-fixes). - block: nbd: add sanity check for first_minor (git-fixes). - block: use "unsigned long" for blk_validate_block_size() (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989). - ceph: do not access the kiocb after aio requests (bsc#1205984). - ceph: fix fscache invalidation (bsc#1205985). - ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986). - ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987). - cifs: skip extra NULL byte in filenames (bsc#1204791). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: set journal entry unused when shrinking device (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm mpath: only use ktime_get_ns() in historical selector (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm raid: fix address sanitizer warning in raid_resume (git-fixes). - dm raid: fix address sanitizer warning in raid_status (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm verity fec: fix misaligned RS roots IO (git-fixes). - dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes). - dm writecache: return the exact table values that were set (git-fixes). - dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes). - dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes). - dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes). - drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes). - drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes). - drivers: hv: Fix missing error code in vmbus_connect() (git-fixes). - drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes). - drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes). - drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes). - drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes). - drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205330). - fuse: fix readdir cache race (bsc#1205329). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv: hyperv.h: Remove unused inline functions (git-fixes). - hv_netvsc: Add a comment clarifying batching logic (git-fixes). - hv_netvsc: Add check for kvmalloc_array (git-fixes). - hv_netvsc: Add error handling while switching data path (bsc#1204850). - hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes). - hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850). - hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes). - hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - hv_netvsc: Validate number of allocated sub-channels (git-fixes). - hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017). - hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes). - hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: remove new member of usbip_device (git-fixes). - kabi: fix transport_add_device change (git-fixes). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes). - loop: Check for overflow while configuring loop (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md: Replace snprintf with scnprintf (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: vim2m: initialize the media device earlier (git-fixes). - media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - nbd: Fix use-after-free in pid_show (git-fixes). - nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes). - nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes). - nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: netvsc: remove break after return (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfsd: set the server_scope during service startup (bsc#1203746). - null_blk: Fail zone append to conventional zones (git-fixes). - null_blk: synchronization fix for zoned device (git-fixes). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - r8152: Add MAC passthrough support to new device (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: use new helper tcp_v6_gso_csum_prep (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rtc: mt6397: fix alarm register overwrite (git-fixes). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpcmd: fix inline assembly register clobbering (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes). - s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/vtime: fix inline assembly clobber list (git-fixes). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes). - s390: Remove arch_has_random, arch_has_random_seed (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (git-fixes). - s390: fix nospec table alignments (git-fixes). - s390: mark __cpacf_query() as __always_inline (git-fixes). - scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes). - scsi: drivers: base: Propagate errors through the transport component (git-fixes). - scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017). - scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017). - scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes). - scsi: storvsc: Miscellaneous code cleanups (git-fixes). - scsi: storvsc: Parameterize number hardware queues (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017). - scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes). - scsi: storvsc: Update error logging (git-fixes). - scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017). - scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - staging: greybus: light: fix a couple double frees (git-fixes). - swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Fix null pointer exception (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup. - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes). - usbip: stub-dev synchronize sysfs code paths (git-fixes). - usbip: stub_dev: remake locking for kABI (git-fixes). - usbip: synchronize event handler with sysfs code paths (git-fixes). - usbip: usbip_event: use global lock (git-fixes). - usbip: vudc synchronize sysfs code paths (git-fixes). - usbip: vudc_sysfs: use global lock (git-fixes). - use __netdev_notify_peers in hyperv (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" (bsc#1200845) - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio_blk: eliminate anonymous module_init & module_exit (git-fixes). - virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes). - vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes). - x86/xen: Distribute switch variables for initialization (git-fixes). - x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes). - xen-blkback: prevent premature module unload (git-fixes). - xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes). - xen/balloon: fix balloon kthread freezing (git-fixes). - xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes). - xen/balloon: fix cancelled balloon action (git-fixes). - xen/balloon: use a kernel thread instead a workqueue (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: Corrected error handling path (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/xenbus: Fix granting of vmalloc'd memory (git-fixes). - xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes). - xen: Fix XenStore initialisation for XS_LOCAL (git-fixes). - xen: Fix event channel callback via INTX/GSI (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xenbus: req->body should be updated before req->state (git-fixes). - xenbus: req->err should be updated before req->state (git-fixes). - xfs: Lower CIL flush limit for large logs (git-fixes). - xfs: Throttle commits on delayed background CIL push (git-fixes). - xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - xfs: check owner of dir3 blocks (git-fixes). - xfs: factor common AIL item deletion code (git-fixes). - xfs: open code insert range extent split helper (git-fixes). - xfs: rework collapse range into an atomic operation (git-fixes). - xfs: rework insert range into an atomic operation (git-fixes). - xfs: tail updates only need to occur when LSN changes (git-fixes). - xfs: trylock underlying buffer on dquot flush (git-fixes). - xfs: xfs_buf_corruption_error should take __this_address (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4613=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4613=1 - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-4613=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4613=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4613=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.112.1 kernel-rt-debuginfo-5.3.18-150300.112.1 kernel-rt-debugsource-5.3.18-150300.112.1 - openSUSE Leap 15.3 (noarch): kernel-devel-rt-5.3.18-150300.112.1 kernel-source-rt-5.3.18-150300.112.1 - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.112.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.112.1 dlm-kmp-rt-5.3.18-150300.112.1 dlm-kmp-rt-debuginfo-5.3.18-150300.112.1 gfs2-kmp-rt-5.3.18-150300.112.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.112.1 kernel-rt-5.3.18-150300.112.1 kernel-rt-debuginfo-5.3.18-150300.112.1 kernel-rt-debugsource-5.3.18-150300.112.1 kernel-rt-devel-5.3.18-150300.112.1 kernel-rt-devel-debuginfo-5.3.18-150300.112.1 kernel-rt_debug-debuginfo-5.3.18-150300.112.1 kernel-rt_debug-debugsource-5.3.18-150300.112.1 kernel-rt_debug-devel-5.3.18-150300.112.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.112.1 kernel-syms-rt-5.3.18-150300.112.1 ocfs2-kmp-rt-5.3.18-150300.112.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.112.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.112.1 kernel-source-rt-5.3.18-150300.112.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.112.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.112.1 dlm-kmp-rt-5.3.18-150300.112.1 dlm-kmp-rt-debuginfo-5.3.18-150300.112.1 gfs2-kmp-rt-5.3.18-150300.112.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.112.1 kernel-rt-5.3.18-150300.112.1 kernel-rt-debuginfo-5.3.18-150300.112.1 kernel-rt-debugsource-5.3.18-150300.112.1 kernel-rt-devel-5.3.18-150300.112.1 kernel-rt-devel-debuginfo-5.3.18-150300.112.1 kernel-rt_debug-debuginfo-5.3.18-150300.112.1 kernel-rt_debug-debugsource-5.3.18-150300.112.1 kernel-rt_debug-devel-5.3.18-150300.112.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.112.1 kernel-syms-rt-5.3.18-150300.112.1 ocfs2-kmp-rt-5.3.18-150300.112.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.112.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.112.1 kernel-rt-debuginfo-5.3.18-150300.112.1 kernel-rt-debugsource-5.3.18-150300.112.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.112.1 kernel-rt-debuginfo-5.3.18-150300.112.1 kernel-rt-debugsource-5.3.18-150300.112.1 References: https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1189297 https://bugzilla.suse.com/1192761 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1203144 https://bugzilla.suse.com/1203746 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204215 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204328 https://bugzilla.suse.com/1204446 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204780 https://bugzilla.suse.com/1204791 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204827 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204934 https://bugzilla.suse.com/1204957 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1204967 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205186 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205329 https://bugzilla.suse.com/1205330 https://bugzilla.suse.com/1205428 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205700 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205753 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1205984 https://bugzilla.suse.com/1205985 https://bugzilla.suse.com/1205986 https://bugzilla.suse.com/1205987 https://bugzilla.suse.com/1205988 https://bugzilla.suse.com/1205989 https://bugzilla.suse.com/1206032 https://bugzilla.suse.com/1206037 https://bugzilla.suse.com/1206207 From sle-updates at lists.suse.com Fri Dec 23 14:49:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 15:49:21 +0100 (CET) Subject: SUSE-SU-2022:4611-1: important: Security update for the Linux Kernel Message-ID: <20221223144921.DB5C4FD89@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4611-1 Rating: important References: #1129898 #1177282 #1196018 #1198702 #1201309 #1202097 #1202686 #1203008 #1203290 #1203322 #1203514 #1203960 #1203987 #1204166 #1204168 #1204170 #1204354 #1204402 #1204414 #1204431 #1204432 #1204439 #1204479 #1204574 #1204576 #1204631 #1204635 #1204636 #1204646 #1204647 #1204653 #1204868 #1205128 #1205130 #1205220 #1205514 #1205671 #1205796 #1206164 Cross-References: CVE-2019-3874 CVE-2020-26541 CVE-2021-4037 CVE-2022-2663 CVE-2022-28748 CVE-2022-2964 CVE-2022-3169 CVE-2022-3424 CVE-2022-3524 CVE-2022-3542 CVE-2022-3565 CVE-2022-3567 CVE-2022-3586 CVE-2022-3594 CVE-2022-3621 CVE-2022-3628 CVE-2022-3629 CVE-2022-3635 CVE-2022-3646 CVE-2022-3649 CVE-2022-3903 CVE-2022-40307 CVE-2022-40768 CVE-2022-4095 CVE-2022-41848 CVE-2022-41850 CVE-2022-41858 CVE-2022-42703 CVE-2022-43750 CVE-2022-43945 CVE-2022-45934 CVSS scores: CVE-2019-3874 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-3874 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-26541 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVE-2020-26541 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40307 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that solves 31 vulnerabilities and has 8 fixes is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism (bsc#1177282). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bsc#1202097). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-40307: Fixed a race condition that could had been exploited to trigger a use-after-free in the efi firmware capsule-loader.c (bsc#1203322). - CVE-2022-41848: Fixed a race condition in drivers/char/pcmcia/synclink_cs.c mgslpc_ioctl and mgslpc_detach (bsc#1203987). The following non-security bugs were fixed: - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - x86/hyperv: Output host build info as normal Windows version number (git-fixes). - x86/hyperv: Set pv_info.name to "Hyper-V" (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4611=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.182.1 kernel-macros-4.4.180-94.182.1 kernel-source-4.4.180-94.182.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.182.1 kernel-default-base-4.4.180-94.182.1 kernel-default-base-debuginfo-4.4.180-94.182.1 kernel-default-debuginfo-4.4.180-94.182.1 kernel-default-debugsource-4.4.180-94.182.1 kernel-default-devel-4.4.180-94.182.1 kernel-syms-4.4.180-94.182.1 References: https://www.suse.com/security/cve/CVE-2019-3874.html https://www.suse.com/security/cve/CVE-2020-26541.html https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-40307.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1129898 https://bugzilla.suse.com/1177282 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203322 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204432 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1206164 From sle-updates at lists.suse.com Fri Dec 23 14:58:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 15:58:01 +0100 (CET) Subject: SUSE-SU-2022:4617-1: important: Security update for the Linux Kernel Message-ID: <20221223145801.71DC4FD89@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4617-1 Rating: important References: #1023051 #1032323 #1065729 #1071995 #1152472 #1152489 #1156395 #1164051 #1177471 #1184350 #1185032 #1188238 #1189297 #1189999 #1190256 #1190497 #1190969 #1192968 #1193629 #1194023 #1194592 #1194869 #1194904 #1195480 #1195917 #1196018 #1196444 #1196616 #1196632 #1196867 #1196869 #1197158 #1197391 #1197659 #1197755 #1197756 #1197757 #1197763 #1198189 #1198410 #1198577 #1198702 #1198971 #1199086 #1199364 #1199515 #1199670 #1199904 #1200015 #1200058 #1200268 #1200288 #1200301 #1200313 #1200431 #1200465 #1200494 #1200544 #1200567 #1200622 #1200644 #1200651 #1200692 #1200788 #1200845 #1200868 #1200869 #1200870 #1200871 #1200872 #1200873 #1201019 #1201308 #1201309 #1201310 #1201361 #1201427 #1201442 #1201455 #1201489 #1201610 #1201675 #1201725 #1201726 #1201768 #1201865 #1201940 #1201941 #1201948 #1201954 #1201956 #1201958 #1202095 #1202096 #1202097 #1202113 #1202131 #1202154 #1202187 #1202262 #1202265 #1202312 #1202341 #1202346 #1202347 #1202385 #1202393 #1202447 #1202471 #1202558 #1202623 #1202636 #1202672 #1202681 #1202685 #1202686 #1202700 #1202710 #1202711 #1202712 #1202713 #1202715 #1202716 #1202757 #1202758 #1202759 #1202761 #1202762 #1202763 #1202764 #1202765 #1202766 #1202767 #1202768 #1202769 #1202770 #1202771 #1202773 #1202774 #1202775 #1202776 #1202778 #1202779 #1202780 #1202781 #1202782 #1202783 #1202822 #1202823 #1202824 #1202860 #1202867 #1202872 #1202874 #1202898 #1202914 #1202960 #1202989 #1202992 #1202993 #1203002 #1203008 #1203036 #1203039 #1203041 #1203063 #1203066 #1203067 #1203098 #1203101 #1203107 #1203116 #1203117 #1203138 #1203139 #1203159 #1203183 #1203197 #1203208 #1203229 #1203263 #1203290 #1203338 #1203360 #1203361 #1203389 #1203391 #1203410 #1203435 #1203505 #1203511 #1203514 #1203552 #1203606 #1203664 #1203693 #1203699 #1203767 #1203769 #1203770 #1203794 #1203798 #1203802 #1203829 #1203893 #1203902 #1203906 #1203908 #1203922 #1203935 #1203939 #1203960 #1203969 #1203987 #1203992 #1203994 #1204017 #1204051 #1204059 #1204060 #1204092 #1204125 #1204132 #1204142 #1204166 #1204168 #1204170 #1204171 #1204183 #1204228 #1204241 #1204289 #1204290 #1204291 #1204292 #1204353 #1204354 #1204355 #1204402 #1204405 #1204413 #1204414 #1204415 #1204417 #1204424 #1204428 #1204431 #1204432 #1204439 #1204470 #1204479 #1204486 #1204498 #1204533 #1204569 #1204574 #1204575 #1204576 #1204619 #1204624 #1204631 #1204635 #1204636 #1204637 #1204646 #1204647 #1204650 #1204653 #1204693 #1204705 #1204719 #1204728 #1204745 #1204753 #1204780 #1204810 #1204850 #1204868 #1204926 #1204933 #1204934 #1204947 #1204957 #1204963 #1204970 #1205007 #1205100 #1205111 #1205113 #1205128 #1205130 #1205149 #1205153 #1205220 #1205257 #1205264 #1205282 #1205313 #1205331 #1205332 #1205427 #1205428 #1205473 #1205496 #1205507 #1205514 #1205521 #1205567 #1205616 #1205617 #1205653 #1205671 #1205679 #1205683 #1205700 #1205705 #1205709 #1205711 #1205744 #1205764 #1205796 #1205882 #1205993 #1206035 #1206036 #1206037 #1206045 #1206046 #1206047 #1206048 #1206049 #1206050 #1206051 #1206056 #1206057 #1206113 #1206114 #1206147 #1206149 #1206207 #1206273 #1206391 PED-1082 PED-1084 PED-1085 PED-1096 PED-1211 PED-1573 PED-1649 PED-1706 PED-1936 PED-2684 PED-387 PED-529 PED-611 PED-634 PED-652 PED-664 PED-676 PED-678 PED-679 PED-682 PED-688 PED-707 PED-720 PED-729 PED-732 PED-755 PED-763 PED-813 PED-817 PED-822 PED-824 PED-825 PED-833 PED-842 PED-846 PED-849 PED-850 PED-851 PED-856 PED-857 SLE-13847 SLE-18130 SLE-19359 SLE-19924 SLE-20183 SLE-23766 SLE-24572 SLE-24682 SLE-24814 SLE-9246 Cross-References: CVE-2016-3695 CVE-2020-16119 CVE-2020-36516 CVE-2021-33135 CVE-2021-4037 CVE-2022-1184 CVE-2022-1263 CVE-2022-1882 CVE-2022-20368 CVE-2022-20369 CVE-2022-2153 CVE-2022-2586 CVE-2022-2588 CVE-2022-2602 CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-28356 CVE-2022-28693 CVE-2022-2873 CVE-2022-28748 CVE-2022-2905 CVE-2022-2938 CVE-2022-2959 CVE-2022-2964 CVE-2022-2977 CVE-2022-2978 CVE-2022-3028 CVE-2022-3078 CVE-2022-3114 CVE-2022-3169 CVE-2022-3176 CVE-2022-3202 CVE-2022-32250 CVE-2022-32296 CVE-2022-3239 CVE-2022-3303 CVE-2022-33981 CVE-2022-3424 CVE-2022-3435 CVE-2022-3521 CVE-2022-3524 CVE-2022-3526 CVE-2022-3535 CVE-2022-3542 CVE-2022-3545 CVE-2022-3565 CVE-2022-3566 CVE-2022-3567 CVE-2022-3577 CVE-2022-3586 CVE-2022-3594 CVE-2022-3619 CVE-2022-3621 CVE-2022-3625 CVE-2022-3628 CVE-2022-3629 CVE-2022-3633 CVE-2022-3635 CVE-2022-3640 CVE-2022-3643 CVE-2022-3646 CVE-2022-3649 CVE-2022-36879 CVE-2022-36946 CVE-2022-3707 CVE-2022-3903 CVE-2022-39188 CVE-2022-39189 CVE-2022-39190 CVE-2022-40476 CVE-2022-40768 CVE-2022-4095 CVE-2022-41218 CVE-2022-4129 CVE-2022-4139 CVE-2022-41674 CVE-2022-41848 CVE-2022-41849 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42703 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-42895 CVE-2022-42896 CVE-2022-43750 CVE-2022-4378 CVE-2022-43945 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 CVSS scores: CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L CVE-2020-16119 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-16119 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2021-33135 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-1184 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1263 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1263 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1882 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1882 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2153 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-2586 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2602 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-28356 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-2873 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-2905 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-2938 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2938 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-2959 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2959 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2964 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-2978 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2978 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3078 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3078 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3114 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3114 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3169 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3176 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3176 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3202 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-3202 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32296 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32296 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-3239 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3239 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3303 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3303 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-33981 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3424 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3435 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3435 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3521 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3521 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3524 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3526 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3526 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3535 (NVD) : 3.5 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3535 (SUSE): 2.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L CVE-2022-3542 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3542 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3545 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3545 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3565 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3566 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3567 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3567 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3577 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3577 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3586 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3586 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3594 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3594 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3619 (NVD) : 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3619 (SUSE): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3621 (SUSE): 4.3 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3625 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3625 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3628 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3629 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3629 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3633 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3633 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3635 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3635 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3640 (SUSE): 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-3646 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3646 (SUSE): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-3649 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3649 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3707 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3903 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39189 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40476 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40476 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-40768 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-40768 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4095 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41218 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41218 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-4129 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4129 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4139 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41674 (NVD) : 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-41674 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41848 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41848 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-41849 (NVD) : 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41849 (SUSE): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41850 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41850 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2022-41858 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42703 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42719 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42720 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42721 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42721 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42722 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42722 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42895 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-42895 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-42896 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42896 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-43750 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-43750 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-4378 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-43945 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-43945 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45869 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-45869 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2022-45888 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-45888 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2022-45934 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-45934 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Module for Realtime 15-SP4 SUSE Linux Enterprise Real Time 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves 96 vulnerabilities, contains 50 features and has 246 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3633: Fixed a memory leak in j1939_session_destroy of the file net/can/j1939/transport.c (bsc#1204650). - CVE-2022-3114: Fixed a denial of service in imx_register_uart_clocks() in drivers/clk/imx/clk.c (bsc#1206391). - CVE-2022-3619: Fixed a memory leak in l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c (bsc#1204569). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166). - CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868). - CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bsc#1202686). - CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bsc#1198702). - CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bsc#1204653). - CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bsc#1204402). - CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bsc#1204635). - CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bsc#1204646). - CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bsc#1204647). - CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bsc#1204574). - CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bsc#1204479). - CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bsc#1204439). - CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bsc#1204431). - CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bsc#1204354). - CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory (bsc#1203514). - CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bsc#1204168). - CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290). - CVE-2022-3545: Fixed a use-after-free vulnerability is area_cache_get() of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bsc#1204415). - CVE-2022-3521: Fixed a race condition in kcm_tx_work() of the file net/kcm/kcmsock.c (bsc#1204355). - CVE-2022-2153: Fixed a NULL pointer dereference in KVM when attempting to set a SynIC IRQ (bsc#1200788). - CVE-2022-33981: Fixed a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function (bsc#1200692). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). - CVE-2022-3625: Fixed a user-after-free vulnerability in devlink_param_set/devlink_param_get of the file net/core/devlink.c (bsc#1204637). - CVE-2022-3535: Fixed a memory leak in mvpp2_dbgfs_port_init of the file drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bsc#1204417). - CVE-2022-39189: Fixed an issue were an unprivileged guest users can compromise the guest kernel because TLB flush operations were mishandled in certain KVM_VCPU_PREEMPTED situations (bsc#1203066). - CVE-2022-3577: Fixed an out-of-bounds memory write in bigben_probe of drivers/hid/hid-bigbenff.c (bsc#1204470). - CVE-2022-2978: Fixed a use-after-free in the NILFS file system (bsc#1202700). - CVE-2022-1184: Fixed a use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (bsc#1198577). - CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bsc#1198189). - CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904). - CVE-2022-20369: Fixed possible out of bounds write due to improper input validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bsc#1202347). - CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095). - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096). - CVE-2022-26373: Fixed CPU information leak via post-barrier RSB predictions (bsc#1201726). - CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154). - CVE-2022-2663: Fixed an issue which allowed a firewall to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured (bsc#1202097). - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346). - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a denial of service. (bsc#1197391) - CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bsc#1202558). - CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202860). - CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bsc#1202623). - CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bsc#1202681). - CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672). - CVE-2022-3028: Fixed a race condition that was found in the IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously (bsc#1202898). - CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bsc#1203041). - CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bsc#1203389). - CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bsc#1200015). - CVE-2022-32296: Fixed vulnerability where TCP servers were allowed to identify clients by observing what source ports are used (bsc#1200288). - CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bsc#1203552). - CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bsc#1203769). - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bsc#1204353). - CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bsc#1204619). - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bsc#1201948). - CVE-2022-36946: Fixed a denial of service inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bsc#1201940). - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bsc#1203107). - CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bsc#1203117). - CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bsc#1203435). - CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bsc#1202960). - CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770). - CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bsc#1203987). - CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bsc#1203992). - CVE-2022-42719: Fixed remote code execution with wlan frames when parsing a multi-BSSID element (bsc#1204051). - CVE-2022-42720: Fixed remote code execution due to refcounting bugs (bsc#1204059). - CVE-2022-42721: Fixed remote code execution due list corruption in the wlan stack (bsc#1204060). - CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125) - CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bsc#1199515). - CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bsc#1177471) - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bsc#1196616). - CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bsc#1023051). The following non-security bugs were fixed: - 9p: Fix refcounting during full path walks for fid lookups (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes). - 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes). - ACPI / scan: Create platform device for CS35L41 (bsc#1203699). - ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes). - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes). - ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes). - ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes). - ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes). - ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes). - ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes). - ACPI: VIOT: Fix ACS setup (git-fixes). - ACPI: extlog: Handle multiple records (git-fixes). - ACPI: processor idle: Practically limit "Dummy wait" workaround to old Intel systems (bsc#1203767). - ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes). - ACPI: processor: Remove freq Qos request for all CPUs (git-fixes). - ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes). - ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes). - ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes). - ACPI: thermal: drop an always true check (git-fixes). - ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699). - ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes). - ACPI: video: Force backlight native for some TongFang devices (git-fixes). - ACPI: video: Make backlight class device registration a separate step (v2) (git-fixes). - ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes). - ACPI: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: Use del_timer_sync() before freeing timer (git-fixes). - ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes). - ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes). - ALSA: aoa: Fix I2S device accounting (git-fixes). - ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes). - ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes). - ALSA: au88x0: use explicitly signed char (git-fixes). - ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes). - ALSA: core: Fix double-free at snd_card_new() (git-fixes). - ALSA: cs35l41: Check hw_config before using it (bsc#1203699). - ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699). - ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699). - ALSA: cs35l41: Unify hardware configuration (bsc#1203699). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: dmaengine: increment buffer pointer atomically (git-fixes). - ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes). - ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes). - ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes). - ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699). - ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699). - ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699). - ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699). - ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699). - ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699). - ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699). - ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699). - ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699). - ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699). - ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699). - ALSA: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes). - ALSA: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes). - ALSA: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes). - ALSA: hda/hdmi: change type for the 'assigned' variable (git-fixes). - ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699). - ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes). - ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes). - ALSA: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699). - ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699). - ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes). - ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes). - ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699). - ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699). - ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes). - ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699). - ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes). - ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699). - ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699). - ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699). - ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699). - ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699). - ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699). - ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes). - ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes). - ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544). - ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes). - ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). - ALSA: hda/tegra: Update scratch reg. communication (git-fixes). - ALSA: hda/tegra: set depop delay for tegra (git-fixes). - ALSA: hda: Fix Nvidia dp infoframe (git-fixes). - ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699). - ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699). - ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes). - ALSA: hda: Fix position reporting on Poulsbo (git-fixes). - ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes). - ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699). - ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699). - ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699). - ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699). - ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699). - ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699). - ALSA: hda: cs35l41: Add missing default cases (bsc#1203699). - ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699). - ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699). - ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699). - ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699). - ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699). - ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699). - ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699). - ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699). - ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699). - ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699). - ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699). - ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699). - ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699). - ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699). - ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699). - ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699). - ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699). - ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699). - ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699). - ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699). - ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699). - ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699). - ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699). - ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699). - ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699). - ALSA: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699). - ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699). - ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699). - ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699). - ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699). - ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699). - ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699). - ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699). - ALSA: hda: cs35l41: Support System Suspend (bsc#1203699). - ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699). - ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699). - ALSA: hda: cs35l41: Tidyup code (bsc#1203699). - ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699). - ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699). - ALSA: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699). - ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720). - ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes). - ALSA: hiface: fix repeated words in comments (git-fixes). - ALSA: info: Fix llseek return value when using callback (git-fixes). - ALSA: line6: Replace sprintf() with sysfs_emit() (git-fixes). - ALSA: line6: remove line6_set_raw declaration (git-fixes). - ALSA: oss: Fix potential deadlock at unregistration (git-fixes). - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). - ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes). - ALSA: rme9652: use explicitly signed char (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes). - ALSA: scarlett2: Add support for the internal "standalone" switch (git-fixes). - ALSA: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes). - ALSA: seq: Fix data-race at module auto-loading (git-fixes). - ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add endianness annotations (git-fixes). - ALSA: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes). - ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes). - ALSA: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes). - ALSA: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Fix NULL dererence at error path (git-fixes). - ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes). - ALSA: usb-audio: Fix last interface check for registration (git-fixes). - ALSA: usb-audio: Fix potential memory leaks (git-fixes). - ALSA: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719). - ALSA: usb-audio: Inform the delayed registration more properly (git-fixes). - ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes). - ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes). - ALSA: usb-audio: Register card at the last interface (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes). - ALSA: usb-audio: Support jack detection on Dell dock (git-fixes). - ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ALSA: usb-audio: make read-only array marker static const (git-fixes). - ALSA: usb-audio: remove redundant assignment to variable c (git-fixes). - ALSA: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes). - ALSA: usb/6fire: fix repeated words in comments (git-fixes). - ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes). - ARM: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes). - ARM: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes). - ARM: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes). - ARM: Drop CMDLINE_* dependency on ATAGS (git-fixes). - ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes). - ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes). - ARM: OMAP2+: display: Fix refcount leak bug (git-fixes). - ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes). - ARM: decompressor: Include .data.rel.ro.local (git-fixes). - ARM: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes). - ARM: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes). - ARM: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes). - ARM: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes). - ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes). - ARM: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes). - ARM: dts: ast2500-evb: fix board compatible (git-fixes). - ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes). - ARM: dts: ast2600-evb: fix board compatible (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes). - ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes). - ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes). - ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes). - ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes). - ARM: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes). - ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes). - ARM: dts: imx6dl: add missing properties for sram (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6q: add missing properties for sram (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes). - ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes). - ARM: dts: imx6qp: add missing properties for sram (git-fixes). - ARM: dts: imx6sl: add missing properties for sram (git-fixes). - ARM: dts: imx6sll: add missing properties for sram (git-fixes). - ARM: dts: imx6sx: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: add missing properties for sram (git-fixes). - ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes). - ARM: dts: imx6ul: fix csi node compatible (git-fixes). - ARM: dts: imx6ul: fix keypad compatible (git-fixes). - ARM: dts: imx6ul: fix lcdif node compatible (git-fixes). - ARM: dts: imx6ul: fix qspi node compatible (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes). - ARM: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes). - ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes). - ARM: dts: integrator: Tag PCI host with device_type (git-fixes). - ARM: dts: kirkwood: lsxl: fix serial line (git-fixes). - ARM: dts: kirkwood: lsxl: remove first ethernet port (git-fixes). - ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes). - ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes). - ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes). - ARM: dts: turris-omnia: Add label for wan port (git-fixes). - ARM: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes). - ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes). - ARM: findbit: fix overflowing offset (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). - ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). - ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes). - ASoC: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes). - ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes). - ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes). - ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake "Sourc" -> "Source", "Routee" -> "Route" (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: codecs: tx-macro: fix kcontrol put (git-fixes). - ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes). - ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699). - ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699). - ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699). - ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699). - ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699). - ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699). - ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699). - ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699). - ASoC: cs35l41: Binding fixes (bsc#1203699). - ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699). - ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699). - ASoC: cs35l41: Combine adjacent register writes (bsc#1203699). - ASoC: cs35l41: Convert tables to shared source code (bsc#1203699). - ASoC: cs35l41: Correct DSP power down (bsc#1203699). - ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699). - ASoC: cs35l41: Correct some control names (bsc#1203699). - ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699). - ASoC: cs35l41: Create shared function for errata patches (bsc#1203699). - ASoC: cs35l41: Create shared function for setting channels (bsc#1203699). - ASoC: cs35l41: DSP Support (bsc#1203699). - ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699). - ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699). - ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699). - ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699). - ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699). - ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699). - ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699). - ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699). - ASoC: cs35l41: Fix link problem (bsc#1203699). - ASoC: cs35l41: Fix max number of TX channels (bsc#1203699). - ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699). - ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699). - ASoC: cs35l41: Fixup the error messages (bsc#1203699). - ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699). - ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699). - ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699). - ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699). - ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699). - ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699). - ASoC: cs35l41: Remove incorrect comment (bsc#1203699). - ASoC: cs35l41: Remove unnecessary param (bsc#1203699). - ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699). - ASoC: cs35l41: Support external boost (bsc#1203699). - ASoC: cs35l41: Update handling of test key registers (bsc#1203699). - ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699). - ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699). - ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699). - ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699). - ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699). - ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699). - ASoC: cs42l42: Do not claim to support 192k (bsc#1203699). - ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699). - ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699). - ASoC: cs42l42: Handle system suspend (bsc#1203699). - ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699). - ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699). - ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699). - ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699). - ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes). - ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699). - ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699). - ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699). - ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699). - ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699). - ASoC: cs42l42: Report initial jack state (bsc#1203699). - ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699). - ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699). - ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699). - ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699). - ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699). - ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699). - ASoC: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes). - ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699). - ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes). - ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_asrc: force cast the asrc_format type (git-fixes). - ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes). - ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: imx-audmux: Silence a clang warning (git-fixes). - ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes). - ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes). - ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes). - ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes). - ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes). - ASoC: mt6359: Fix refcount leak bug (git-fixes). - ASoC: mt6359: fix tests for platform_get_irq() failure (git-fixes). - ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes). - ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes). - ASoC: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes). - ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes). - ASoC: qcom: sm8250: add missing module owner (git-fixes). - ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes). - ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes). - ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes). - ASoC: samsung: change neo1973_audio from a global to static (git-fixes). - ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Allow mono streams (git-fixes). - ASoC: tas2764: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2764: Fix mute/unmute (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Allow mono streams (git-fixes). - ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes). - ASoC: tas2770: Fix handling of mute/unmute (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Reinit regcache on reset (git-fixes). - ASoC: tas2770: Set correct FSYNC polarity (git-fixes). - ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes). - ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes). - ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes). - ASoC: wm_adsp: Add support for "toggle" preloaders (bsc#1203699). - ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699). - ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699). - ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699). - ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699). - ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699). - ASoC: wm_adsp: Fix event for preloader (bsc#1203699). - ASoC: wm_adsp: Handle optional legacy support (git-fixes). - ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699). - ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699). - ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699). - ASoC: wm_adsp: Move check for control existence (bsc#1203699). - ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699). - ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699). - ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699). - ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699). - ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699). - ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699). - ASoC: wm_adsp: Rename generic DSP support (bsc#1203699). - ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699). - ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699). - ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699). - ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699). - ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699). - ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699). - ASoC: wm_adsp: move firmware loading to client (bsc#1203699). - ASoC: wm_adsp: remove a repeated including (bsc#1203699). - ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Add bt_skb_sendmmsg helper (git-fixes). - Bluetooth: Add bt_skb_sendmsg helper (git-fixes). - Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: Fix passing NULL to PTR_ERR (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix build errors in some archs (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes). - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes). - Bluetooth: L2CAP: Fix user-after-free (git-fixes). - Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes). - Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes). - Bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes). - Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes). - Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes). - Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes). - Bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes). - Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes). - Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes). - Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes). - Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes). - Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes). - Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes). - Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes). - Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes). - Bluetooth: virtio_bt: Use skb_put to set length (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Documentation: ACPI: EINJ: Fix obsolete example (git-fixes). - Documentation: PM: Drop pme_interrupt reference (git-fixes). - Documentation: add description for net.core.gro_normal_batch (git-fixes). - Documentation: add description for net.sctp.ecn_enable (git-fixes). - Documentation: add description for net.sctp.intl_enable (git-fixes). - Documentation: add description for net.sctp.reconf_enable (git-fixes). - Documentation: devres: add missing I2C helper (git-fixes). - Documentation: dm writecache: Render status list as list (git-fixes). - Documentation: fix sctp_wmem in ip-sysctl.rst (git-fixes). - Documentation: fix udp_wmem_min in ip-sysctl.rst (git-fixes). - Documentation: move watch_queue to core-api (git-fixes). - Documentation: siphash: Fix typo in the name of offsetofend macro (git-fixes). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017). - Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017). - Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497). - EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768). - Enable livepatching related packages on -RT (jsc#PED-1706) - HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes). - HID: add Lenovo Yoga C630 battery quirk (git-fixes). - HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes). - HID: amd_sfh: Add NULL check for hid device (git-fixes). - HID: amd_sfh: Handle condition of "no sensors" (git-fixes). - HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes). - HID: hid-input: add Surface Go battery quirk (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hidraw: fix memory leak in hidraw_release() (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes). - HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes). - HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes). - HID: multitouch: Add memory barriers (git-fixes). - HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: roccat: Fix use-after-free in roccat_read() (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies). - HID: thrustmaster: Add sparco wheel and fix array length (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Do not register pad_input for touch switch (git-fixes). - HID: wacom: Only report rotation for art pen (git-fixes). - HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes). - HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/core: Fix a nested dead lock as part of ODP flow (git-fixes) - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes). - Input: goodix - add compatible string for GT1158 (git-fixes). - Input: goodix - add support for GT1158 (git-fixes). - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes). - Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: i8042 - fix refount leak on sparc (git-fixes). - Input: i8042 - merge quirk tables (git-fies). - Input: i8042 - move __initconst to fix code styling warning (git-fies). - Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes). - Input: iqs62x-keys - drop unused device node references (git-fixes). - Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: rk805-pwrkey - fix module autoloading (git-fixes). - Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - Input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes). - Input: xpad - add supported devices as contributed on github (git-fixes). - Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes). - KABI: cgroup: Restore KABI of css_set (bsc#1201610). - KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes). - KVM-x86-Avoid-theoretical-NULL-pointer-dereference-i.patch - KVM-x86-Check-lapic_in_kernel-before-attempting-to-s.patch - KVM-x86-Forbid-VMM-to-set-SYNIC-STIMER-MSRs-when-Syn.patch - KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes). - KVM: MMU: shadow nested paging does not have PKU (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869). - KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395). - KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869). - KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395). - KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869). - KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869). - KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395). - KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes). - KVM: SVM: Do not intercept #GP for SEV guests (git-fixes). - KVM: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails" (git-fixes). - KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes). - KVM: SVM: fix tsc scaling cache logic (bsc#1203263). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes). - KVM: VMX: Inject #PF on ENCLS as "emulated" #PF (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: Print VM-instruction error as unsigned (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes). - KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes). - KVM: X86: Fix when shadow_root_level=5 && guest root_level<4 (git-fixes). - KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes). - KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes). - KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442) - KVM: fix avic_set_running for preemptable kernels (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes). - KVM: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes). - KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes). - KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes). - KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes). - KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes). - KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" (git-fixes). - KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: s390x: fix SCK locking (git-fixes). - KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes). - KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes). - KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes). - KVM: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes). - KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root() (git-fixes). - KVM: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes). - KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes). - KVM: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - KVM: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes). - KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes). - KVM: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes). - KVM: x86: Always set kvm_run->if_flag (git-fixes). - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes). - KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes). - KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes). - KVM: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes). - KVM: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes). - KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes). - KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Update vPMCs when retiring branch instructions (git-fixes). - KVM: x86: Update vPMCs when retiring instructions (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes). - KVM: x86: do not report preemption if the steal time cache is stale (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes). - KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes). - KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes). - KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes). - KVM: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes). - KVM: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes). - KVM: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes). - KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes). - KVM: x86: revalidate steal time cache if MSR value changes (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes). - NFS: Fix another fsync() issue after a server reboot (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: Clean up the show_nf_flags() macro (git-fixes). - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes). - NFSD: Fix ia_size underflow (git-fixes). - NFSD: Fix offset type in I/O trace points (git-fixes). - NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes). - NFSD: prevent integer overflow on 32 bit systems (git-fixes). - NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes). - NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes). - NFSv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes). - NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes). - NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes). - NFSv4.2 fix problems with __nfs42_ssc_open (git-fixes). - NFSv4.2: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes). - NFSv4: Fix races in the legacy idmapper upcall (git-fixes). - NFSv4: Fixes for nfs4_inode_return_delegation() (git-fixes). - NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes). - NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes). - PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes). - PCI/AER: Iterate over error counters instead of error strings (git-fixes). - PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes). - PCI/ASPM: Ignore L1 PM Substates if device lacks capability (git-fixes). - PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387). - PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes). - PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes). - PCI: Correct misspelled words (git-fixes). - PCI: Disable MSI for Tegra234 Root Ports (git-fixes). - PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). - PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes). - PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes). - PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes). - PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists (git-fixes). - PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes). - PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes). - PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes). - PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes). - PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017). - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845). - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017). - PCI: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes). - PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes). - PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes). - PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes). - PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes). - PCI: tegra194: Fix Root Port interrupt handling (git-fixes). - PCI: tegra194: Fix link up retry sequence (git-fixes). - PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes). - PM: domains: Fix handling of unavailable/disabled idle states (git-fixes). - PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes). - PM: hibernate: defer device probing when resuming from hibernation (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Fix arguments order in net device validation (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Add the detection for CMDQ status in the device initialization process (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Add support for address handle re-use (git-fixes) - RDMA/irdma: Align AE id codes to correct flush code and event (git-fixes) - RDMA/irdma: Do not advertise 1GB page size for x722 (git-fixes) - RDMA/irdma: Fix VLAN connection with wildcard address (git-fixes) - RDMA/irdma: Fix a window for use-after-free (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes) - RDMA/irdma: Fix sleep from invalid context BUG (git-fixes) - RDMA/irdma: Move union irdma_sockaddr to header file (git-fixes) - RDMA/irdma: Remove the unnecessary variable saddr (git-fixes) - RDMA/irdma: Report RNR NAK generation in device caps (git-fixes) - RDMA/irdma: Report the correct max cqes from query device (git-fixes) - RDMA/irdma: Return correct WC error for bind operation failure (git-fixes) - RDMA/irdma: Return error on MR deregister CQP failure (git-fixes) - RDMA/irdma: Use net_type to check network type (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/irdma: Validate udata inlen and outlen (git-fixes) - RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes) - RDMA/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes) - RDMA/qedr: Fix reporting QP timeout attribute (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Fix "kernel NULL pointer dereference" error (git-fixes) - RDMA/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes) - RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes) - RDMA/rxe: Fix mw bind to allow any consumer key portion (git-fixes) - RDMA/rxe: Fix resize_finish() in rxe_queue.c (git-fixes) - RDMA/rxe: Fix rnr retry behavior (git-fixes) - RDMA/rxe: Fix the error caused by qp->sk (git-fixes) - RDMA/rxe: For invalidate compare according to set keys in mr (git-fixes) - RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes) - RDMA/siw: Fix QP destroy to wait for all references dropped. (git-fixes) - RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes) - RDMA/siw: Pass a pointer to virt_to_page() (git-fixes) - RDMA/srp: Fix srp_abort() (git-fixes) - RDMA/srp: Handle dev_set_name() failure (git-fixes) - RDMA/srp: Rework the srp_add_port() error path (git-fixes) - RDMA/srp: Set scmnd->result only when scmnd is not NULL (git-fixes) - RDMA/srp: Support more than 255 rdma ports (git-fixes) - RDMA/srp: Use the attribute group mechanism for sysfs attributes (git-fixes) - RDMA/srpt: Duplicate port name members (git-fixes) - RDMA/srpt: Fix a use-after-free (git-fixes) - RDMA/srpt: Introduce a reference count in struct srpt_device (git-fixes) - RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) - RDMA: remove useless condition in siw_create_cq() (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - Refresh nvme in-band authentication patches (bsc#1199086) - Refresh patches.suse/iommu-vt-d-Acquiring-lock-in-domain-ID-allocation-helpers Fix spin deadlock in intel_iommu (bsc#1203505) - Refresh patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1202131) Now iwlwifi queries *-72.ucode, but again, this is non-existing version. Correct to the existing *-71.ucode - Refresh patches.suse/ppc64-kdump-Limit-kdump-base-to-512MB.patch to upstream version. - Remove doubly applied amdgpu patches - Replace the in-house patch by the above upstream version, patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch. - Revert "ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations" (bsc#1203699). - Revert "ALSA: usb-audio: Split endpoint setups for hw_params and prepare" (git-fixes). - Revert "SUNRPC: Remove unreachable error condition" (git-fixes). - Revert "arm64: Mitigate MTE issues with str{n}cmp()" (git-fixes) - Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" (git-fixes). - Revert "constraints: increase disk space for all architectures" (bsc#1203693). This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca. - Revert "crypto: qat - reduce size of mapped region" (git-fixes). - Revert "drivers/video/backlight/platform_lcd.c: add support for device tree based probe" (git-fixes). - Revert "drm/amdgpu: use dirty framebuffer helper" (git-fixes). - Revert "drm/i915: Hold reference to intel_context over life of i915_request" (git-fixes). - Revert "drm/udl: Kill pending URBs at suspend and disconnect" (bsc#1195917). - Revert "drm/vc4: hvs: Reset muxes at probe time (git-fixes)." (bsc#1202341) This reverts commit 303122d0f2160411fa1068220bc59849d848550d. The reverted change clears hardware state on the RPi4, which leaves the screen blank. Without it, the display works correctly. - Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" (git-fixes). - Revert "firmware: arm_scmi: Add clock management to the SCMI power domain" (git-fixes). - Revert "ice: Hide bus-info in ethtool for PRs in switchdev mode" (git-fixes). - Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values" (bsc#1202989). - Revert "net: phy: meson-gxl: improve link-up behavior" (git-fixes). - Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" (git-fixes). - Revert "pNFS: nfs3_set_ds_client should set NFS_CS_NOPING" (git-fixes). - Revert "powerpc/rtas: Implement reentrant rtas call" (bsc#1203664 ltc#199236). - Revert "scripts/mod/modpost.c: permit '.cranges' secton for sh64 architecture." (git-fixes). - Revert "tty: n_gsm: avoid call of sleeping functions from atomic context" (git-fixes). - Revert "tty: n_gsm: replace kicktimer with delayed_work" (git-fixes). - Revert "usb: add quirks for Lenovo OneLink+ Dock" (git-fixes). - Revert "usb: dwc3: disable USB core PHY management" (git-fixes). - Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio" (git-fixes). - Revert "usb: storage: Add quirk for Samsung Fit flash" (git-fixes). - Revert "workqueue: remove unused cancel_work()" (bsc#1204933). - Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV" (bsc#1190497). - Revert selftest patches that have been reverted in stable-5.15.y - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes). - SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes). - SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes). - SUNRPC: Fix READ_PLUS crasher (git-fixes). - SUNRPC: Fix xdr_encode_bool() (git-fixes). - SUNRPC: Prevent immediate close+reconnect (git-fixes). - SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes). - SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes). - USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes). - USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes). - USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes). - USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes). - USB: core: Fix RST error in hub.c (git-fixes). - USB: core: Prevent nested device-reset calls (git-fixes). - USB: serial: ch314: use usb_control_msg_recv() (git-fixes). - USB: serial: ch341: fix disabled rx timer on older devices (git-fixes). - USB: serial: ch341: fix lost character on LCR updates (git-fixes). - USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes). - USB: serial: cp210x: add Decagon UCA device id (git-fixes). - USB: serial: fix tty-port initialized comments (git-fixes). - USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes). - USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes). - USB: serial: option: add Quectel EM060K modem (git-fixes). - USB: serial: option: add Quectel RM520N (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes). - USB: serial: option: add support for OPPO R11 diag port (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes). - XArray: Update the LRU list in xas_split() (git-fixes). - add another bug reference to some hyperv changes (bsc#1205617). - apparmor: Fix failed mount permission check error message (git-fixes). - apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes). - apparmor: fix aa_label_asxprint return check (git-fixes). - apparmor: fix absroot causing audited secids to begin with = (git-fixes). - apparmor: fix overlapping attachment computation (git-fixes). - apparmor: fix quiet_denied for file rules (git-fixes). - apparmor: fix reference count leak in aa_pivotroot() (git-fixes). - apparmor: fix setting unconfined mode on a loaded profile (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes) - arm64/mm: Consolidate TCR_EL1 fields (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Do not forget syscall when starting a new thread (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes). - arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes). - arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes). - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes). - arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes). - arm64: dts: mt8192: Fix idle-states entry-method (git-fixes). - arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes). - arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes). - arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes). - arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes). - arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes). - arm64: dts: renesas: beacon: Fix regulator node names (git-fixes). - arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes). - arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes). - arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes). - arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes). - arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default. - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes). - arm64: fix rodata=full (git-fixes). - arm64: fix rodata=full again (git-fixes) - arm64: ftrace: fix module PLTs with mcount (git-fixes). - arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags" (git-fixes). - arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444). - arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) - arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes). - arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) - arm64: set UXN on swapper page tables (git-fixes). - arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes). - arm64: tegra: Fixup SYSRAM references (git-fixes). - arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes). - arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes). - arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes). - arm64: topology: move store_cpu_topology() to shared code (git-fixes). - arm_pmu: Validate single/group leader events (git-fixes). - asm-generic: remove a broken and needless ifdef conditional (git-fixes). - asm-generic: sections: refactor memory_intersects (git-fixes). - ata: ahci-imx: Fix MODULE_ALIAS (git-fixes). - ata: fix ata_id_has_devslp() (git-fixes). - ata: fix ata_id_has_dipm() (git-fixes). - ata: fix ata_id_has_ncq_autosense() (git-fixes). - ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes). - ata: libahci_platform: Sanity check the DT child nodes number (git-fixes). - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-eh: Add missing command name (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes). - ath10k: do not enforce interrupt trigger type (git-fixes). - ath11k: Fix incorrect debug_mask mappings (git-fixes). - ath11k: fix netdev open race (git-fixes). - atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes). - audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - ax25: Fix ax25 session cleanup problems (git-fixes). - batman-adv: Fix hang up with small MTU hard-interface (git-fixes). - bitfield.h: Fix "type of reg too small for mask" test (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - block: Fix fsync always failed if once failed (bsc#1202779). - block: Fix wrong offset in bio_truncate() (bsc#1202780). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781). - block: only mark bio as tracked if it really is tracked (bsc#1202782). - bnx2x: Invalidate fastpath HSI version for VFs (git-fixes). - bnx2x: Utilize firmware 7.13.21.0 (git-fixes). - bnx2x: fix built-in kernel driver load failure (git-fixes). - bnx2x: fix driver load from initrd (git-fixes). - bnxt_en: Fix bnxt_refclk_read() (git-fixes). - bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes). - bnxt_en: fix livepatch query (git-fixes). - bnxt_en: reclaim max resources if sriov enable fails (git-fixes). - bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes). - bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs-fix-deadlock-between-quota-enable-and-other-qu.patch: (bsc#1205521). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360). - btrfs: fix space cache corruption and potential double allocations (bsc#1203361). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: Break loopback loop on loopback documentation (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes). - can: error: specify the values of data[5..7] of CAN error frames (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes). - can: hi311x: do not report txerr and rxerr during bus-off (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes). - can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes). - can: kvaser_usb: Fix possible completions during init_completion (git-fixes). - can: kvaser_usb: Fix use of uninitialized completion (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes). - can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes). - can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes). - can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes). - can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: mcp251x: Fix race condition on receive interrupt (git-fixes). - can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes). - can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes). - can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes). - can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes). - can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes). - can: pch_can: do not report txerr and rxerr during bus-off (git-fixes). - can: pch_can: pch_can_error(): initialize errc before using it (git-fixes). - can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes). - can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes). - can: sja1000: do not report txerr and rxerr during bus-off (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes). - can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823). - ceph: do not truncate file in atomic_open (bsc#1202824). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - ceph: use correct index when encoding client supported features (bsc#1202822). - cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131). - cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753). - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869). - cgroup: Fix race condition at rebind_subsystems() (bsc#1203902). - cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock (bsc#1196869). - cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610). - cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix reconnect on smb3 mount types (bsc#1201427). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove "cifs_" prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clk: ast2600: BCLK comes from EPLL (git-fixes). - clk: at91: fix the build with binutils 2.27 (git-fixes). - clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes). - clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes). - clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes). - clk: bcm2835: Make peripheral PLLC critical (git-fixes). - clk: bcm2835: Round UART input clock up (bsc#1188238) - clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes). - clk: bcm: rpi: Add support for VEC clock (bsc#1196632) - clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes). - clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). - clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes). - clk: berlin: Add of_node_put() for of_get_parent() (git-fixes). - clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes). - clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes). - clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes). - clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes). - clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes). - clk: iproc: Do not rely on node name for correct PLL setup (git-fixes). - clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes). - clk: mediatek: reset: Fix written reset bit offset (git-fixes). - clk: meson: Hold reference returned by of_get_parent() (git-fixes). - clk: oxnas: Hold reference returned by of_get_parent() (git-fixes). - clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes). - clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes). - clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes). - clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes). - clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes). - clk: qcom: clk-krait: unlock spin after mux completion (git-fixes). - clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes). - clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes). - clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes). - clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes). - clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes). - clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes). - clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes). - clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes). - clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes). - clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes). - clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes). - clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes). - clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes). - clk: qoriq: Hold reference returned by of_get_parent() (git-fixes). - clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes). - clk: sprd: Hold reference returned by of_get_parent() (git-fixes). - clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes). - clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes). - clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes). - clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes). - clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes). - clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes). - clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes). - constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit. - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpufreq: qcom: fix memory leak in error path (git-fixes). - cpufreq: qcom: fix writes in read-only memory region (git-fixes). - cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - crypto: akcipher - default implementation for setting a private key (git-fixes). - crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) - crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes). - crypto: cavium - prevent integer overflow loading firmware (git-fixes). - crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes). - crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes). - crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes). - crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes). - crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes). - crypto: hisilicon/sec - do not sleep when in softirq (git-fixes). - crypto: hisilicon/sec - fix auth key size error (git-fixes). - crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes). - crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes). - crypto: inside-secure - Change swab to swab32 (git-fixes). - crypto: inside-secure - Replace generic aes with libaes (git-fixes). - crypto: marvell/octeontx - prevent integer overflows (git-fixes). - crypto: qat - fix default value of WDT timer (git-fixes). - crypto: sahara - do not sleep when in softirq (git-fixes). - crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes). - crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes). - crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes). - cs-dsp and serial-multi-instantiate enablement (bsc#1203699) - device property: Check fwnode->secondary when finding properties (git-fixes). - device property: Fix documentation for *_match_string() APIs (git-fixes). - devlink: Fix use-after-free after a failed reload (git-fixes). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix KASAN warning in raid5_add_disks (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes). - dma-debug: make things less spammy under memory pressure (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes). - dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes). - dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes). - dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes). - dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes). - dmaengine: hisilicon: Fix CQ head update (git-fixes). - dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682). - dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). - dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664). - dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679). - dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682). - dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679). - dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664). - dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). - dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes). - dmaengine: idxd: force wq context cleanup on device disable path (git-fixes). - dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682). - dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682). - dmaengine: idxd: int handle management refactoring (jsc#PED-682). - dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes). - dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). - dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682). - dmaengine: idxd: set defaults for wq configs (jsc#PED-688). - dmaengine: idxd: update IAA definitions for user header (jsc#PED-763). - dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes). - dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: mxs: use platform_driver_register (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes). - dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes). - dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes). - dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes). - dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes). - dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes). - dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed (git-fixes). - docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes). - docs: i2c: i2c-topology: fix incorrect heading (git-fixes). - docs: zh_CN: fix a broken reference (git-fixes). - dpaa2-eth: fix ethtool statistics (git-fixes). - dpaa2-eth: trace the allocated address instead of page struct (git-fixes). - dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). - driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes). - driver core: fix potential deadlock in __driver_attach (git-fixes). - drivers/iio: Remove all strcpy() uses (git-fixes). - drivers: serial: jsm: fix some leaks in probe (git-fixes). - drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes). - drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes). - drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes). - drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes). - drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes). - drm/amd/display: Avoid MPC infinite loop (git-fixes). - drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories - drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes). - drm/amd/display: Correct MPC split policy for DCN301 (git-fixes). - drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes). - drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes). - drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes). - drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes). - drm/amd/display: Fix pixel clock programming (git-fixes). - drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes). - drm/amd/display: Fix vblank refcount in vrr transition (git-fixes). - drm/amd/display: For stereo keep "FLIP_ANY_FRAME" (git-fixes). - drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes). - drm/amd/display: Limit user regamma to a valid value (git-fixes). - drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes). - drm/amd/display: Optimize bandwidth on following fast update (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes). - drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes). - drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes). - drm/amd/display: Reset DMCUB before HW init (git-fixes). - drm/amd/display: Revert "drm/amd/display: turn DPMS off on connector unplug" (git-fixes). - drm/amd/display: avoid doing vm_init multiple time (git-fixes). - drm/amd/display: clear optc underflow before turn off odm clock (git-fixes). - drm/amd/display: skip audio setup when audio stream is enabled (git-fixes). - drm/amd/display: update gamut remap if plane has changed (git-fixes). - drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes). - drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes). - drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes). - drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes). - drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch - drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants - drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes). - drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes). - drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes). - drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes). - drm/amdgpu: Remove one duplicated ef removal (git-fixes). - drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes). - drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes). - drm/amdgpu: fix initial connector audio value (git-fixes). - drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes). - drm/amdgpu: make sure to init common IP before gmc (git-fixes). - drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes). - drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes). - drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes). - drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes). - drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid in SRIOV case (git-fixes). - drm/amdgpu: use dirty framebuffer helper (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/bridge: Avoid uninitialized variable warning (git-fixes). - drm/bridge: display-connector: implement bus fmts callbacks (git-fixes). - drm/bridge: lt8912b: add vsync hsync (git-fixes). - drm/bridge: lt8912b: fix corrupted image output (git-fixes). - drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes). - drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes). - drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes). - drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes). - drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes). - drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes). - drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes). - drm/doc: Fix comment typo (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes). - drm/gem: Fix GEM handle release errors (git-fixes). - drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes). - drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes). - drm/i915/ehl: Update MOCS table for EHL (git-fixes). - drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes). - drm/i915/gt: Restrict forced preemption to the active context (git-fixes). - drm/i915/gt: Skip TLB invalidations once wedged (git-fixes). - drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes). - drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489) Backporting notes: * update additional patch on top - drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/i915: Implement WaEdpLinkRateDataReload (git-fixes). - drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes). - drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). - drm/i915: fix null pointer dereference (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes). - drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes). - drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes). - drm/mediatek: Allow commands to be sent during video mode (git-fixes). - drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes). - drm/mediatek: Modify dsi funcs to atomic operations (git-fixes). - drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes). - drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes). - drm/mediatek: dpi: Remove output format of YUV (git-fixes). - drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes). - drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes). - drm/meson: Correct OSD1 global alpha value (git-fixes). - drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes). - drm/meson: Fix overflow implicit truncation warnings (git-fixes). - drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes). - drm/meson: explicitly remove aggregate driver at module unload time (git-fixes). - drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes). - drm/mipi-dsi: Detach devices when removing the host (git-fixes). - drm/msm/dp: Silence inconsistent indent warning (git-fixes). - drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes). - drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes). - drm/msm/dp: fix IRQ lifetime (git-fixes). - drm/msm/dpu: Fix comment typo (git-fixes). - drm/msm/dpu: Fix for non-visible planes (git-fixes). - drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes). - drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes). - drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes). - drm/msm/dsi: fix memory corruption with too many bridges (git-fixes). - drm/msm/dsi: fix the inconsistent indenting (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes). - drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes). - drm/msm/mdp5: Fix global state lock backoff (git-fixes). - drm/msm/rd: Fix FIFO-full deadlock (git-fixes). - drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes). - drm/msm: Fix dirtyfb refcounting (git-fixes). - drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes). - drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes). - drm/msm: fix use-after-free on probe deferral (git-fixes). - drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes). - drm/nouveau/kms/nv140-: Disable interlacing (git-fixes). - drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes). - drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes). - drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes). - drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes). - drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes). - drm/nouveau: recognise GA103 (git-fixes). - drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes - drm/omap: dss: Fix refcount leak bugs (git-fixes). - drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes). - drm/radeon: add a force flush to delay work when radeon (git-fixes). - drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes). - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes). - drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes). - drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes). - drm/scheduler: quieten kernel-doc warnings (git-fixes). - drm/shmem-helper: Add missing vunmap on error (git-fixes). - drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes). - drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes). - drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes). - drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes). - drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes). - drm/udl: Add parameter to set number of URBs (bsc#1195917). - drm/udl: Add reset_resume (bsc#1195917) - drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917). - drm/udl: Drop unneeded alignment (bsc#1195917). - drm/udl: Enable damage clipping (bsc#1195917). - drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917). - drm/udl: Fix potential URB leaks (bsc#1195917). - drm/udl: Increase the default URB list size to 20 (bsc#1195917). - drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917). - drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917). - drm/udl: Replace semaphore with a simple wait queue (bsc#1195917). - drm/udl: Restore display mode on resume (bsc#1195917) - drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917). - drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917). - drm/udl: Sync pending URBs at the end of suspend (bsc#1195917). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes). - drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes). - drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes). - drm/vc4: dsi: Correct DSI divider calculations (git-fixes). - drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes). - drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes). - drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes). - drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes). - drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes). - drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes). - drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes). - drm/vc4: plane: Remove subpixel positioning check (git-fixes). - drm/virtio: Check whether transferred 2D BO is shmem (git-fixes). - drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes). - drm: Use size_t type for len variable in drm_copy_field() (git-fixes). - drm: adv7511: override i2c address of cec before accessing it (git-fixes). - drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes). - drm: bridge: adv7511: fix CEC power down control register offset (git-fixes). - drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes). - drm: bridge: sii8620: fix possible off-by-one (git-fixes). - drm: fix drm_mipi_dbi build errors (git-fixes). - drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes). - drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes). - dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing clocks properties (git-fixes). - dt-bindings: PCI: microchip,pcie-host: fix missing dma-ranges (git-fixes). - dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes). - dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes). - dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes). - dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes). - dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes). - dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes). - dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes). - dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to be optional (git-fixes). - dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes). - dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes). - dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes). - dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes). - dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages. - dyndbg: fix module.dyndbg handling (git-fixes). - dyndbg: fix static_branch manipulation (git-fixes). - dyndbg: let query-modname override actual module name (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: Correct Macmini DMI match in uefi cert quirk (git-fixes). - efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes). - efi: libstub: Disable struct randomization (git-fixes). - efi: libstub: drop pointless get_memory_map() call (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - erofs: fix deadlock when shrink erofs slab (git-fixes). - eth: alx: take rtnl_lock on resume (git-fixes). - eth: sun: cassini: remove dead code (git-fixes). - ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies). - exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725). - exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725). - exfat: Drop superfluous new line for error messages (bsc#1201725). - exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725). - exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix referencing wrong parent directory information after renaming (git-fixes). - exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes). - exfat: use updated exfat_chain directly during renaming (git-fixes). - export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783). - ext4: add reserved GDT blocks check (bsc#1202712). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759). - ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771). - ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762). - ext4: fix bug_on in ext4_writepages (bsc#1200872). - ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769). Refresh ext4-fix-race-condition-between-ext4_write-and-ext4_.patch - ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757). - ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768). - ext4: fix incorrect type issue during replay_del_range (bsc#1202867). - ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764). - ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869). - ext4: fix race when reusing xattr blocks (bsc#1198971). - ext4: fix super block checksum incorrect after mount (bsc#1202773). - ext4: fix symlink file size not match to file content (bsc#1200868). - ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871). - ext4: fix use-after-free in ext4_search_dir (bsc#1202710). - ext4: fix warning in ext4_handle_inode_extension (bsc#1202711). - ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870). - ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761). - ext4: mark group as trimmed only if it was fully scanned (bsc#1202770). - ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766). - ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765). - ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713). - ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971). - ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971). - ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758). - fat: add ratelimit to fat*_ent_bread() (git-fixes). - fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config - fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472) - fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes). - fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes). - fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes). - fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes). - fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes). - fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes). - filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774). - firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes). - firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes). - firmware: arm_scmi: Harden accesses to the reset domains (git-fixes). - firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes). - firmware: arm_scmi: Improve checks in the info_get operations (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699). - firmware: cs_dsp: Add memory chunk helpers (bsc#1203699). - firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699). - firmware: cs_dsp: Add pre_run callback (bsc#1203699). - firmware: cs_dsp: Add pre_stop callback (bsc#1203699). - firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699). - firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699). - firmware: cs_dsp: Allow creation of event controls (bsc#1203699). - firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699). - firmware: cs_dsp: Clear core reset for cache (bsc#1203699). - firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699). - firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699). - firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699). - firmware: cs_dsp: Print messages from bin files (bsc#1203699). - firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699). - firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699). - firmware: google: Test spinlock on panic path to avoid lockups (git-fixes). - firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes). - firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes). - fix race between exit_itimers() and /proc/pid/timers (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes). - fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes). - fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873). - fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes). - ftrace/x86: Add back ftrace_expected assignment (git-fixes). - ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes). - ftrace: Fix char print issue in print_ip_ins() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes). - fuse: Remove the control interface for virtio-fs (bsc#1203798). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533). - fuse: fix readdir cache race (bsc#1205331). - fuse: ioctl: translate ENOSYS (bsc#1203139). - fuse: limit nsec (bsc#1203138). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gadgetfs: ep_io - wait until IRQ finishes (git-fixes). - gcov: support GCC 12.1 and newer compilers (git-fixes). - geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes). - geneve: fix TOS inheriting for ipv4 (git-fixes). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes). - gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes). - gpio: mockup: remove gpio debugfs when remove device (git-fixes). - gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes). - gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes). - gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes). - gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes). - gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes). - gve: Fix GFP flags when allocing pages (git-fixes). - habanalabs/gaudi: fix shift out of bounds (git-fixes). - habanalabs/gaudi: mask constant value before cast (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes). - hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes). - hinic: Avoid some over memory allocation (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon/coretemp: Handle large core ID value (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes). - hwmon: (drivetemp) Add module alias (git-fixes). - hwmon: (gpio-fan) Fix array out of bounds access (git-fixes). - hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - hwmon: (mr75203) enable polling for all VM channels (git-fixes). - hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" not defined (git-fixes). - hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). - hwmon: (mr75203) fix voltage equation for negative source input (git-fixes). - hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes). - hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes). - hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes). - hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes). - hwmon: (tps23861) fix byte order in resistance register (git-fixes). - i2c: Fix a potential use after free (git-fixes). - i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699). - i2c: cadence: Support PEC for SMBus block read (git-fixes). - i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes). - i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634). - i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732). - i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes). - i2c: imx: Make sure to unregister adapter on remove() (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: mlxbf: Fix frequency calculation (git-fixes). - i2c: mlxbf: incorrect base address passed during io write (git-fixes). - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes). - i2c: mlxbf: support lock mechanism (git-fixes). - i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes). - i2c: mxs: Silence a clang warning (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: npcm: Capitalize the one-line comment (git-fixes). - i2c: npcm: Correct slave role behavior (git-fixes). - i2c: npcm: Remove own slave addresses 2:10 (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - i40e: Fix call trace in setup_tx_descriptors (git-fixes). - i40e: Fix dropped jumbo frames statistics (git-fixes). - i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes). - iavf: Fix adminq error handling (git-fixes). - iavf: Fix handling of dummy receive descriptors (git-fixes). - iavf: Fix reset error handling (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ice: Allow operation with reduced device MSI-X (bsc#1201987). - ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes). - ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes). - ice: Fix race during aux device (un)plugging (git-fixes). - ice: Fix switchdev rules book keeping (git-fixes). - ice: Match on all profiles in slow-path (git-fixes). - ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes). - ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes). - ice: do not setup vlan for loopback VSI (git-fixes). - ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes). - ice: fix crash when writing timestamp on RX rings (git-fixes). - ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes). - ieee80211: add EHT 1K aggregation definitions (bsc#1202131). - ieee80211: change HE nominal packet padding value defines (bsc#1202131). - ieee802154/adf7242: defer destroy_workqueue call (git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes). - igb: Make DMA faster when CPU is active on the PCIe link (git-fixes). - igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes). - igb: skip phy status check where unavailable (git-fixes). - iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes). - iio: accel: bma220: Fix alignment for DMA safety (git-fixes). - iio: accel: bma400: Fix the scale min and max macro values (git-fixes). - iio: accel: bma400: Reordering of header files (git-fixes). - iio: accel: sca3000: Fix alignment for DMA safety (git-fixes). - iio: accel: sca3300: Fix alignment for DMA safety (git-fixes). - iio: ad7292: Prevent regulator double disable (git-fixes). - iio: adc: ad7266: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7292: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7298: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7476: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7766: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7887: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: Fix alignment for DMA safety (git-fixes). - iio: adc: ad7923: fix channel readings for some variants (git-fixes). - iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes). - iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes). - iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes). - iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: hi8435: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes). - iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes). - iio: adc: max1027: Fix alignment for DMA safety (git-fixes). - iio: adc: max11100: Fix alignment for DMA safety (git-fixes). - iio: adc: max1118: Fix alignment for DMA safety (git-fixes). - iio: adc: max1241: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes). - iio: adc: mcp3911: make use of the sign bit (git-fixes). - iio: adc: mcp3911: use correct formula for AD conversion (git-fixes). - iio: adc: mcp3911: use correct id bits (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes). - iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes). - iio: adxl372: Fix unsafe buffer attributes (git-fixes). - iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes). - iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes). - iio: common: ssp: Fix alignment for DMA safety (git-fixes). - iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: dac: ad5064: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5360: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5421: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5449: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5504: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes). - iio: dac: ad5755: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5761: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5764: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5766: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes). - iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes). - iio: dac: ad7303: Fix alignment for DMA safety (git-fixes). - iio: dac: ad8801: Fix alignment for DMA safety (git-fixes). - iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes). - iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes). - iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes). - iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes). - iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes). - iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes). - iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes). - iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes). - iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes). - iio: inkern: only release the device node when done with it (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: light: tsl2583: Fix module unloading (git-fixes). - iio: ltc2497: Fix reading conversion results (git-fixes). - iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes). - iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes). - iio: pressure: dps310: Refactor startup procedure (git-fixes). - iio: pressure: dps310: Reset chip after timeout (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: proximity: as3935: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes). - iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes). - iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes). - iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes). - iio: temperature: ltc2983: allocate iio channels once (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes). - inet_diag: fix kernel-infoleak for UDP sockets (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - intel_th: Fix a resource leak in an error handling path (git-fixes). - intel_th: msu-sink: Potential dereference of null pointer (git-fixes). - intel_th: msu: Fix vmalloced buffers (git-fixes). - intel_th: pci: Add Meteor Lake-P support (git-fixes). - intel_th: pci: Add Raptor Lake-S CPU support (git-fixes). - intel_th: pci: Add Raptor Lake-S PCH support (git-fixes). - interconnect: imx: fix max_node_id (git-fixes). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: add a schedule point in io_add_buffers() (git-fixes). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes). - iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes). - iommu/amd: Enable swiotlb in all cases (git-fixes). - iommu/amd: Fix I/O page table memory leak (git-fixes). - iommu/amd: Recover from event log overflow (git-fixes). - iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes). - iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes). - iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes). - iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes). - iommu/dart: Add missing module owner to ops structure (git-fixes). - iommu/dart: check return value after calling platform_get_resource() (git-fixes). - iommu/exynos: Handle failed IOMMU device registration properly (git-fixes). - iommu/iova: Improve 32-bit free space estimate (git-fixes). - iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes). - iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes). - iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes). - iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes). - iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes). - iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes). - iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes). - iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes). - iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes). - iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301). - iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes). - iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947). - iommu/vt-d: Drop stop marker messages (git-fixes). - iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes). - iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes). - iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301). - iommu/vt-d: Refactor iommu information of each domain (bsc#1200301). - iommu/vt-d: Remove global g_iommus array (bsc#1200301). - iommu/vt-d: Remove intel_iommu::domains (bsc#1200301). - iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301). - iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301). - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes). - iommu: Fix potential use-after-free during probe (git-fixes). - iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes). - iov_iter: fix build issue due to possible type mis-match (git-fixes). - ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes). - ipmi: fix initialization when workqueue allocation fails (git-fixes). - ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes). - irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes). - irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes). - isdn: mISDN: netjet: fix wrong check of device registration (git-fixes). - iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131). - iwlwifi: Add support for getting rf id with blank otp (bsc#1202131). - iwlwifi: Add support for more BZ HWs (bsc#1202131). - iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131). - iwlwifi: BZ Family SW reset support (bsc#1202131). - iwlwifi: Configure FW debug preset via module param (bsc#1202131). - iwlwifi: Fix FW name for gl (bsc#1202131). - iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131). - iwlwifi: Fix syntax errors in comments (bsc#1202131). - iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131). - iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131). - iwlwifi: Start scratch debug register for Bz family (bsc#1202131). - iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131). - iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131). - iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131). - iwlwifi: add new Qu-Hr device (bsc#1202131). - iwlwifi: add new ax1650 killer device (bsc#1202131). - iwlwifi: add new device id 7F70 (bsc#1202131). - iwlwifi: add new pci SoF with JF (bsc#1202131). - iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131). - iwlwifi: add support for BNJ HW (bsc#1202131). - iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131). - iwlwifi: add support for Bz-Z HW (bsc#1202131). - iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131). - iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131). - iwlwifi: allow rate-limited error messages (bsc#1202131). - iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131). - iwlwifi: api: remove ttl field from TX command (bsc#1202131). - iwlwifi: api: remove unused RX status bits (bsc#1202131). - iwlwifi: avoid variable shadowing (bsc#1202131). - iwlwifi: avoid void pointer arithmetic (bsc#1202131). - iwlwifi: bump FW API to 67 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 68 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 69 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 70 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 71 for AX devices (bsc#1202131). - iwlwifi: bump FW API to 72 for AX devices (bsc#1202131). - iwlwifi: cfg: add support for 1K BA queue (bsc#1202131). - iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131). - iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131). - iwlwifi: dbg: check trigger data before access (bsc#1202131). - iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131). - iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131). - iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131). - iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131). - iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131). - iwlwifi: de-const properly where needed (bsc#1202131). - iwlwifi: debugfs: remove useless double condition (bsc#1202131). - iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131). - iwlwifi: do not use __unused as variable name (bsc#1202131). - iwlwifi: drv: load tlv debug data earlier (bsc#1202131). - iwlwifi: dump CSR scratch from outer function (bsc#1202131). - iwlwifi: dump RCM error tables (bsc#1202131). - iwlwifi: dump both TCM error tables if present (bsc#1202131). - iwlwifi: dump host monitor data when NIC does not init (bsc#1202131). - iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131). - iwlwifi: eeprom: clean up macros (bsc#1202131). - iwlwifi: fix LED dependencies (bsc#1202131). - iwlwifi: fix debug TLV parsing (bsc#1202131). - iwlwifi: fix fw/img.c license statement (bsc#1202131). - iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131). - iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131). - iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131). - iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131). - iwlwifi: fw: add support for splitting region type bits (bsc#1202131). - iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131). - iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131). - iwlwifi: fw: fix some scan kernel-doc (bsc#1202131). - iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131). - iwlwifi: fw: make dump_start callback void (bsc#1202131). - iwlwifi: fw: remove dead error log code (bsc#1202131). - iwlwifi: implement reset flow for Bz devices (bsc#1202131). - iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131). - iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131). - iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131). - iwlwifi: make some functions friendly to sparse (bsc#1202131). - iwlwifi: move symbols into a separate namespace (bsc#1202131). - iwlwifi: mvm/api: define system control command (bsc#1202131). - iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131). - iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131). - iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131). - iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131). - iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131). - iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131). - iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131). - iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131). - iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131). - iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131). - iwlwifi: mvm: Remove antenna c references (bsc#1202131). - iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131). - iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131). - iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131). - iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131). - iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131). - iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131). - iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131). - iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131). - iwlwifi: mvm: add a flag to reduce power command (bsc#1202131). - iwlwifi: mvm: add additional info for boot info failures (bsc#1202131). - iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131). - iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131). - iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131). - iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131). - iwlwifi: mvm: add some missing command strings (bsc#1202131). - iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131). - iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131). - iwlwifi: mvm: add support for IMR based on platform (bsc#1202131). - iwlwifi: mvm: add support for OCE scan (bsc#1202131). - iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131). - iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131). - iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131). - iwlwifi: mvm: always remove the session protection after association (bsc#1202131). - iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131). - iwlwifi: mvm: always use 4K RB size by default (bsc#1202131). - iwlwifi: mvm: change old-SN drop threshold (bsc#1202131). - iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131). - iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131). - iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131). - iwlwifi: mvm: correctly set channel flags (bsc#1202131). - iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131). - iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131). - iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131). - iwlwifi: mvm: d3: use internal data representation (bsc#1202131). - iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131). - iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131). - iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131). - iwlwifi: mvm: do not trust hardware queue number (bsc#1202131). - iwlwifi: mvm: drop too short packets silently (bsc#1202131). - iwlwifi: mvm: extend session protection on association (bsc#1202131). - iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131). - iwlwifi: mvm: fix a stray tab (bsc#1202131). - iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131). - iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131). - iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131). - iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131). - iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131). - iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131). - iwlwifi: mvm: improve log when processing CSA (bsc#1202131). - iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131). - iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131). - iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131). - iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131). - iwlwifi: mvm: optionally suppress assert log (bsc#1202131). - iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131). - iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131). - iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131). - iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131). - iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131). - iwlwifi: mvm: remove card state notification code (bsc#1202131). - iwlwifi: mvm: remove cipher scheme support (bsc#1202131). - iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131). - iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131). - iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131). - iwlwifi: mvm: remove session protection on disassoc (bsc#1202131). - iwlwifi: mvm: remove session protection upon station removal (bsc#1202131). - iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131). - iwlwifi: mvm: rfi: update rfi table (bsc#1202131). - iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131). - iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131). - iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131). - iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131). - iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131). - iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131). - iwlwifi: mvm: support RLC configuration command (bsc#1202131). - iwlwifi: mvm: support new BAID allocation command (bsc#1202131). - iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131). - iwlwifi: mvm: support v3 of station HE context command (bsc#1202131). - iwlwifi: mvm: update BAID allocation command again (bsc#1202131). - iwlwifi: mvm: update RFI TLV (bsc#1202131). - iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131). - iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131). - iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131). - iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131). - iwlwifi: nvm: Correct HE capability (bsc#1202131). - iwlwifi: parse debug exclude data from firmware file (bsc#1202131). - iwlwifi: parse error tables from debug TLVs (bsc#1202131). - iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131). - iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131). - iwlwifi: pcie: add support for MS devices (bsc#1202131). - iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131). - iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131). - iwlwifi: pcie: fix constant-conversion warning (bsc#1202131). - iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131). - iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131). - iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131). - iwlwifi: pcie: refactor dev_info lookup (bsc#1202131). - iwlwifi: pcie: remove duplicate entry (bsc#1202131). - iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131). - iwlwifi: pcie: retake ownership after reset (bsc#1202131). - iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131). - iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131). - iwlwifi: pcie: try to grab NIC access early (bsc#1202131). - iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131). - iwlwifi: pnvm: print out the version properly (bsc#1202131). - iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131). - iwlwifi: propagate (const) type qualifier (bsc#1202131). - iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131). - iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131). - iwlwifi: remove command ID argument from queue allocation (bsc#1202131). - iwlwifi: remove contact information (bsc#1202131). - iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131). - iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131). - iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131). - iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131). - iwlwifi: remove unused macros (bsc#1202131). - iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131). - iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131). - iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131). - iwlwifi: scan: Modify return value of a function (bsc#1202131). - iwlwifi: support 4-bits in MAC step value (bsc#1202131). - iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131). - iwlwifi: support new queue allocation command (bsc#1202131). - iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131). - iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131). - iwlwifi: use 4k queue size for Bz A-step (bsc#1202131). - iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131). - iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131). - iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131). - iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131). - iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131). - iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131). - iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131). - iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131). - iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131). - iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131). - iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131). - iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131). - iwlwifi: yoyo: support for ROM usniffer (bsc#1202131). - ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes). - ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes). - ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775). - jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716). - jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715). - kABI workaround for spi changes (bsc#1203699). - kABI: Add back removed struct paca member (bsc#1203664 ltc#199236). - kABI: Fix after adding trace_iterator.wait_index (git-fixes). - kABI: Fix kABI after "KVM: x86/pmu: Use different raw event masks for AMD and Intel" (git-fixes). - kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814). - kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes). - kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes). - kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes). - kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes). - kABI: fix adding another field to scsi_device (bsc#1203039). - kABI: reintroduce a non-inline usleep_range (git-fixes). - kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410). - kabi/severities: Exclude ppc kvm - kabi/severities: add Qlogic qed symbols - kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471 - kabi/severities: add hisilicon hns3 symbols - kabi/severities: add microchip dsa drivers - kabi/severities: ignore CS35L41-specific exports (bsc#1203699) - kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules. - kabi/severities: octeontx2 driver (jsc#SLE-24682) - kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kbuild: disable header exports for UML in a straightforward way (git-fixes). - kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes). - kbuild: fix the modules order between drivers and libs (git-fixes). - kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes). - kbuild: remove the target in signal traps when interrupted (git-fixes). - kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes). - kcm: fix strp_init() order and cleanup (git-fies). - kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages - kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals. - kernfs: fix use-after-free in __kernfs_remove (git-fixes). - kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444). - kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444). - kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444). - kexec: drop weak attribute from functions (bsc#1196444). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - kexec_file: drop weak attribute from functions (bsc#1196444). - kfifo: fix kfifo_to_user() return type (git-fixes). - kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes). - kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes). - kselftest/vm: fix tests build with old libc (git-fixes). - kselftest: Fix vdso_test_abi return status (git-fixes). - kselftest: signal all child processes (git-fixes). - kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes). - l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes). - landlock: Add clang-format exceptions (git-fixes). - landlock: Change landlock_add_rule(2) argument check ordering (git-fixes). - landlock: Change landlock_restrict_self(2) check ordering (git-fixes). - landlock: Create find_rule() from unmask_layers() (git-fixes). - landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes). - landlock: Fix landlock_add_rule(2) documentation (git-fixes). - landlock: Fix same-layer rule unions (git-fixes). - landlock: Format with clang-format (git-fixes). - landlock: Reduce the maximum number of layers to 16 (git-fixes). - landlock: Use square brackets around "landlock-ruleset" (git-fixes). - lib/list_debug.c: Detect uninitialized lists (git-fixes). - lib/raid6/test: fix multiple definition linking error (git-fixes). - lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes). - lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes). - libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes). - livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995). - livepatch: fix race between fork and KLP transition (bsc#1071995). - lkdtm: Disable return thunks in rodata.c (bsc#1190497). - lockd: detect and reject lock arguments that overflow (git-fixes). - lockdep: Correct lock_classes index mapping (git-fixes). - locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes). - locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes). - locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes). - loop: Check for overflow while configuring loop (git-fies). - loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes). - loop: use sysfs_emit() in the sysfs xxx show() (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mISDN: fix possible memory leak in mISDN_register_device() (git-fixes). - mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes). - mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes). - mac80211: fix a memory leak where sta_info is not freed (git-fixes). - mac80211: introduce channel switch disconnect function (bsc#1202131). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: Fix LQI recording (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix NULL deref in macsec_add_rxsa (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - macsec: limit replay window size with XPN (git-fixes). - macvlan: enforce a consistent minimal mtu (git-fixes). - mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes). - mailbox: mpfs: account for mbox offsets while sending (git-fixes). - mailbox: mpfs: fix handling of the reg property (git-fixes). - marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682). - mbcache: add functions to delete entry if unused (bsc#1198971). - mbcache: do not reclaim used entries (bsc#1198971). - md-raid10: fix KASAN warning (git-fixes). - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158). - md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes). - md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - md: call __md_stop_writes in md_stop (git-fixes). - md: unlock mddev before reap sync_thread in action_store (bsc#1197659). - media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes). - media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes). - media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes). - media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes). - media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes). - media: cedrus: Set the platform driver data earlier (git-fixes). - media: cedrus: h265: Fix flag name (git-fixes). - media: cedrus: hevc: Add check for invalid timestamp (git-fixes). - media: coda: Add more H264 levels for CODA960 (git-fixes). - media: coda: Fix reported H264 profile (git-fixes). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes). - media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: dvb_vb2: fix possible out of bound access (git-fixes). - media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes). - media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes). - media: flexcop-usb: fix endpoint type check (git-fixes). - media: hantro: postproc: Fix motion vector space size (git-fixes). - media: hdpvr: fix error value returns in hdpvr_read (git-fixes). - media: hevc: Embedded indexes in RPS (git-fixes). - media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes). - media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes). - media: imx-jpeg: Correct some definition according specification (git-fixes). - media: imx-jpeg: Disable slot interrupt when frame done (git-fixes). - media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes). - media: imx-jpeg: Leave a blank space before the configuration data (git-fixes). - media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes). - media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes). - media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes). - media: mceusb: Use new usb_control_msg_*() routines (git-fixes). - media: mceusb: set timeout to at least timeout provided (git-fixes). - media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment. - media: pvrusb2: fix memory leak in pvr_probe (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: rkvdec: Disable H.264 error detection (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes). - media: tw686x: Fix memory leak in tw686x_video_init (git-fixes). - media: tw686x: Register the irq at the end of probe (git-fixes). - media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes). - media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes). - media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes). - media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes). - media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes). - media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - media: venus: dec: Handle the case where find_format fails (git-fixes). - media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes). - media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes). - media: vivid: s_fbuf: add more sanity checks (git-fixes). - media: vivid: set num_in/outputs to 0 if not supported (git-fixes). - media: vsp1: Fix offset calculation for plane cropping. - media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes). - mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes). - mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes). - memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes). - memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes). - memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes). - memstick/ms_block: Fix a memory leak (git-fixes). - memstick/ms_block: Fix some incorrect memory allocation (git-fixes). - meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes). - mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes). - mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes). - mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634). - mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes). - mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes). - mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes). - mfd: sm501: Add check for platform_driver_register() (git-fixes). - mfd: t7l66xb: Drop platform disable callback (git-fixes). - minix: fix bug when opening a file with O_DIRECT (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - misc: cs35l41: Remove unused pdn variable (bsc#1203699). - misc: fastrpc: fix memory corruption on open (git-fixes). - misc: fastrpc: fix memory corruption on probe (git-fixes). - misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes). - misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes). - misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes). - misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes). - mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there. - mlxsw: i2c: Fix initialization error flow (git-fixes). - mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes). - mlxsw: spectrum_cnt: Reorder counter pools (git-fixes). - mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes). - mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575). - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes). kABI: Fix kABI after "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse" (git-fixes). - mm: Fix PASID use-after-free issue (bsc#1203908). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447). - mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159). - mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes). - mmc: block: Add single read for 4k sector cards (git-fixes). - mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes). - mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes). - mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes). - mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes). - mmc: core: Replace with already defined values for readability (git-fixes). - mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: hsq: Fix data stomping during mmc recovery (git-fixes). - mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes). - mmc: mxcmmc: Silence a clang warning (git-fixes). - mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes). - mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes). - mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes). - mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes). - mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix minimum clock limit (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: tmio: avoid glitches when resetting (git-fixes). - mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - msft-hv-2570-hv_netvsc-Add-support-for-XDP_REDIRECT.patch: (bsc#1199364). - mt76: mt7615: do not update pm stats in case of error (git-fixes). - mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes). - mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes). - mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes). - mtd: dataflash: Add SPI ID table (git-fixes). - mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes). - mtd: maps: Fix refcount leak in ap_flash_init (git-fixes). - mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes). - mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes). - mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes). - mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes). - mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes). - mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes). - mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes). - mtd: rawnand: gpmi: validate controller clock rate (git-fixes). - mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes). - mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes). - mtd: rawnand: intel: Remove undocumented compatible string (git-fixes). - mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes). - mtd: rawnand: meson: Fix a potential double free issue (git-fixes). - mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes). - mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes). - mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes). - musb: fix USB_MUSB_TUSB6010 dependency (git-fixes). - mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes). - mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes). - n_gsm: remove unused parameters from gsm_error() (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes). - net/ice: fix initializing the bitmap in the switch code (git-fixes). - net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes). - net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes). - net/mlx5: Drain fw_reset when removing device (git-fixes). - net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes). - net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes). - net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes). - net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes). - net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). - net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes). - net/mlx5e: Remove HW-GRO from reported features (git-fixes). - net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes). - net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes). - net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes). - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes). - net/mlx5e: Update netdev features after changing XDP state (git-fixes). - net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes). - net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes). - net: asix: fix "can't send until first packet is send" issue (git-fixes). - net: atlantic: fix aq_vec index out of range error (git-fixes). - net: axienet: fix RX ring refill allocation failure handling (git-fixes). - net: axienet: reset core on initialization prior to MDIO access (git-fixes). - net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes). - net: bcmgenet: Revert "Use stronger register read/writes to assure ordering" (git-fixes). - net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes). - net: bcmgenet: hide status block before TX timestamping (git-fixes). - net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes). - net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes). - net: bgmac: support MDIO described in DT (git-fixes). - net: bonding: fix possible NULL deref in rlb code (git-fixes). - net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes). - net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes). - net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes). - net: dp83822: disable false carrier interrupt (git-fixes). - net: dp83822: disable rx error interrupt (git-fixes). - net: dsa: b53: Add SPI ID table (git-fixes). - net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes). - net: dsa: bcm_sf2: force pause link settings (git-fixes). - net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes). - net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes). - net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes). - net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies). - net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). - net: dsa: hellcreek: Add STP forwarding rule (git-fixes). - net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes). - net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes). - net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes). - net: dsa: introduce helpers for iterating through ports using dp (git-fixes). - net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes). - net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes). - net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes). - net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes). - net: dsa: microchip: fix bridging with more than two member ports (git-fixes). - net: dsa: microchip: implement multi-bridge support (git-fixes). - net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes). - net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes). - net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes). - net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes). - net: dsa: mv88e6060: prevent crash on an unused port (git-fixes). - net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes). - net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes). - net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes). - net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes). - net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes). - net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes). - net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes). - net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes). - net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes). - net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes). - net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes). - net: dsa: mv88e6xxx: fix "do not use PHY_DETECT on internal PHY's" (git-fixes). - net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes). - net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes). - net: dsa: qca8k: fix MTU calculation (git-fixes). - net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes). - net: dsa: seville: register the mdiobus under devres (git-fixes). - net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes). - net: dsa: sja1105: silent spi_device_id warnings (git-fixes). - net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies). - net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes). - net: emaclite: Add error handling for of_address_to_resource() (git-fixes). - net: enetc: Use pci_release_region() to release some resources (git-fixes). - net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes). - net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes). - net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes). - net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes). - net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes). - net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes). - net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes). - net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes). - net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes). - net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes). - net: ftgmac100: access hardware register after clock ready (git-fixes). - net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes). - net: hns3: clean residual vf config after disable sriov (git-fixes). - net: hns3: do not push link state to VF if unalive (git-fixes). - net: hns3: fix the concurrency between functions reading debugfs (git-fixes). - net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes). - net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: ieee802154: return -EINVAL for unknown addr type (git-fixes). - net: ipa: do not assume SMEM is page-aligned (git-fixes). - net: ipa: get rid of a duplicate initialization (git-fixes). - net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes). - net: ipa: record proper RX transaction count (git-fixes). - net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes). - net: macb: Fix PTP one step sync support (git-fixes). - net: macb: Increment rx bd head after allocating skb and buffer (git-fixes). - net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes). - net: mana: Add rmb after checking owner bits (git-fixes). - net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529). - net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: marvell: prestera: fix incorrect structure access (git-fixes). - net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes). - net: moxa: pass pdev instead of ndev to DMA functions (git-fixes). - net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes). - net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes). - net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes). - net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes). - net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes). - net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes). - net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes). - net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes). - net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). - net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes). - net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes). - net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes). - net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes). - net: mscc: ocelot: set up traps for PTP packets (git-fixes). - net: openvswitch: do not send internal clone attribute to the userspace (git-fixes). - net: openvswitch: fix leak of nested actions (git-fixes). - net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes). - net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes). - net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes). - net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes). - net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes). - net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes). - net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes). - net: phy: at803x: move page selection fix to config_init (git-fixes). - net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes). - net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes). - net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes). - net: rose: fix netdev reference changes (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes). - net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). - net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). - net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes). - net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes). - net: stmmac: clean up impossible condition (git-fixes). - net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904). - net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904). - net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes). - net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes). - net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes). - net: stmmac: enhance XDP ZC driver level switching performance (git-fixes). - net: stmmac: fix dma queue left shift overflow issue (git-fixes). - net: stmmac: fix leaks in probe (git-fixes). - net: stmmac: fix off-by-one error in sanity check (git-fixes). - net: stmmac: fix out-of-bounds access in a selftest (git-fixes). - net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes). - net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes). - net: stmmac: only enable DMA interrupts when ready (git-fixes). - net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes). - net: stmmac: remove redunctant disable xPCS EEE call (git-fixes). - net: stmmac: remove unused get_addr() callback (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes). - net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes). - net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes). - net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: Correct PHY handling of smsc95xx (git-fixes). - net: usb: Correct reset handling of smsc95xx (git-fixes). - net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes). - net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes). - net: usb: make USB_RTL8153_ECM non user configurable (git-fixes). - net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes). - net: usb: qmi_wwan: add Quectel RM520N (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes). - net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431). - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431). - net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431). - net: wwan: iosm: Call mutex_init before locking it (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - net: wwan: iosm: remove pointless null check (git-fixes). - net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes). - net_sched: cls_route: disallow handle of 0 (bsc#1202393). - netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes). - nfsd: eliminate the NFSD_FILE_BREAK_* flags (git-fixes). - nfsd: fix use-after-free due to delegation race (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes). - nilfs2: fix lockdep warnings during disk space reclamation (git-fixes). - nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)). - nouveau/svm: Fix to migrate all requested pages (git-fixes). - nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113). - nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265). - nvme-auth: retry command if DNR bit is not set (bsc#1201675). - nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865). - nvme-rdma: Handle number of queue changes (bsc#1201865). - nvme-tcp: Handle number of queue changes (bsc#1201865). - nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489). - nvme: consider also host_iface when checking ip options (bsc#1199670). - nvme: do not print verbose errors for internal passthrough requests (bsc#1202187). - nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636). - nvme: implement In-Band authentication (jsc#SLE-20183). - nvme: kabi fixes for in-band authentication (bsc#1199086). - nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241). - nvmet-auth: expire authentication sessions (jsc#SLE-20183). - nvmet: Expose max queues to configfs (bsc#1201865). - nvmet: implement basic In-Band Authentication (jsc#SLE-20183). - ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778). - ocfs2: fix a deadlock when commit trans (bsc#1202776). - octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682). - octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682). - octeontx2-af: Add SDP interface support (jsc#SLE-24682). - octeontx2-af: Add debug messages for failures (jsc#SLE-24682). - octeontx2-af: Add external ptp input clock (jsc#SLE-24682). - octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682). - octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682). - octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682). - octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682). - octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682). - octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682). - octeontx2-af: Apply tx nibble fixup always (git-fixes). - octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682). - octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682). - octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682). - octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682). - octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682). - octeontx2-af: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-af: Fix interrupt name strings (jsc#SLE-24682). - octeontx2-af: Fix key checking for source mac (git-fixes). - octeontx2-af: Fix mcam entry resource leak (git-fixes). - octeontx2-af: Fix spelling mistake "Makesure" -> "Make sure" (jsc#SLE-24682). - octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682). - octeontx2-af: Flow control resource management (jsc#SLE-24682). - octeontx2-af: Handle return value in block reset (jsc#SLE-24682). - octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682). - octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682). - octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682). - octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682). - octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682). - octeontx2-af: Modify install flow error codes (jsc#SLE-24682). - octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682). - octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682). - octeontx2-af: Priority flow control configuration support (jsc#SLE-24682). - octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682). - octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682). - octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682). - octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682). - octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682). - octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682). - octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682). - octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682). - octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682). - octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682). - octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682). - octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682). - octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682). - octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682). - octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682). - octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682). - octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682). - octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682). - octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682). - octeontx2-af: debugfs: Minor changes (jsc#SLE-24682). - octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682). - octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682). - octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682). - octeontx2-af: fix array bound error (jsc#SLE-24682). - octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682). - octeontx2-af: initialize action variable (jsc#SLE-24682). - octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682). - octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682). - octeontx2-af: suppress external profile loading warning (git-fixes). - octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682). - octeontx2-af: verify CQ context updates (jsc#SLE-24682). - octeontx2-nic: fix mixed module build (jsc#SLE-24682). - octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682). - octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682). - octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682). - octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682). - octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682). - octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682). - octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682). - octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682). - octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682). - octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682). - octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes). - octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes). - octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682). - octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682). - octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682). - octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682). - octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682). - octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682). - octeontx2-pf: Unify flow management variables (jsc#SLE-24682). - octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682). - octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682). - octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682). - octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682). - octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes). - octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682). - octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682). - octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682). - octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682). - octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682). - octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682). - of/device: Fix up of_dma_configure_id() stub (git-fixes). - of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes). - openvswitch: Fix double reporting of drops in dropwatch (git-fixes). - openvswitch: Fix overreporting of drops in dropwatch (git-fixes). - openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes). - openvswitch: Fixed nd target mask field in the flow dump (git-fixes). - openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes). - openvswitch: always update flow key after nat (git-fixes). - openvswitch: switch from WARN to pr_warn (git-fixes). - optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes). - overflow.h: restore __ab_c_size (git-fixes). - overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211). - pNFS/flexfiles: Report RDMA connection errors to the server (git-fixes). - padata: Fix list iterator in padata_do_serial() (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parisc/sticon: fix reverse colors (bsc#1152489) - parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489) - parisc/stifb: Implement fb_is_primary_device() (bsc#1152489) - parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489) - parport_pc: Avoid FIFO port location truncation (git-fixes). - perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes). - phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes). - phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes). - pinctrl: Ingenic: JZ4755 bug fixes (git-fixes). - pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676). - pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634). - pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676). - pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes). - pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes). - pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes). - pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes). - pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes). - pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes). - pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes). - pinctrl: intel: Save and restore pins in "direct IRQ" mode (git-fixes). - pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes). - pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes). - pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes). - pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes). - pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes). - pinctrl: qcom: sm8250: Fix PDC map (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes). - pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes). - platform/chrome: cros_ec: Always expose last resume result (git-fixes). - platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes). - platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes). - platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes). - platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes). - platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes). - platform/chrome: fix memory corruption in ioctl (git-fixes). - platform/olpc: Fix uninitialized data in debugfs write (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes). - platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes). - platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes). - platform/x86: msi-laptop: Fix resource cleanup (git-fixes). - platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes). - platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes). - platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699). - platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699). - platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - plip: avoid rcu debug splat (git-fixes). - power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes). - powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch. - powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch. - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes). - powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176). - powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176). - powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176). - powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176). - powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176). - powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176). - powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074). - powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/mm/64s: Drop pgd_huge() (bsc#1065729). - powerpc/pci_dn: Add missing of_node_put() (bsc#1065729). - powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395). - powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729). - powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729). - powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729). - powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729). - powerpc/powernv: wire up rng during setup_arch (bsc#1065729). - powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869). - powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). - powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176). - powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130). - powerpc/pseries: wire up rng during setup_arch() (bsc#1065729). - powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess). - powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869). - powerpc: Enable execve syscall exit tracepoint (bsc#1065729). - powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176). - powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files. - powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176). - powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729). - ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). - printk: add missing memory barrier to wake_up_klogd() (bsc#1204934). - printk: use atomic updates for klogd work (bsc#1204934). - printk: wake waiters for safe and NMI contexts (bsc#1204934). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: fix a dentry lock race between release_task and lookup (git-fixes). - proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - profiling: fix shift too large makes kernel panic (git-fixes). - pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes). - pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes). - pwm: lpc18xx: Fix period handling (git-fixes). - qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes). - r8152: add PID for the Lenovo OneLink+ Dock (git-fixes). - r8152: fix the RX FIFO settings when suspending (git-fixes). - r8152: fix the units of some registers for RTL8156A (git-fixes). - random: remove useless header comment (git-fixes). - ratelimit: Fix data-races in ___ratelimit() (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: Clean up on enable failure (git-fixes). - regulator: core: Prevent integer underflow (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes). - regulator: pca9450: Remove restrictions for regulator-name (git-fixes). - regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes). - regulator: qcom_rpm: Fix circular deferral regression (git-fixes). - regulator: qcom_smd: Fix pm8916_pldo range (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Simplify some error message (git-fixes). - remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes). - remoteproc: qcom: pas: Check if coredump is enabled (git-fixes). - remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes). - remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes). - remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes). - remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes). - reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes). - restore m_can_lec_type (git-fixes). - ring-buffer: Add ring_buffer_wake_waiters() (git-fixes). - ring-buffer: Allow splice to read previous partially read pages (git-fixes). - ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705). - ring-buffer: Check pending waiters when doing wake ups as well (git-fixes). - ring-buffer: Fix race between reset page and reading page (git-fixes). - ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes). - rose: check NULL rose_loopback_neigh->loopback (git-fixes). - rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support). - rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128. - rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+. - rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious. - rpm/kernel-source.spec.in: simplify finding of broken symlinks "find -xtype l" will report them, so use that to make the search a bit faster (without using shell). - rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes). - rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes). - rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes). - rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes). - rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - s390/boot: fix absolute zero lowcore corruption on boot (git-fixes). - s390/cpumf: Handle events cycles and instructions identical (git-fixes). - s390/crash: fix incorrect number of bytes to copy to user space (git-fixes). - s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes). - s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes). - s390/hypfs: avoid error message under KVM (bsc#1032323). - s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes). - s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes). - s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322). - s390/smp: enforce lowcore protection on CPU restart (git-fixes). - s390/stp: clock_delta should be signed (git-fixes). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390/zcore: fix race when reading from hardware system area (git-fixes). - s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895). - s390: fix nospec table alignments (git-fixes). - samples/landlock: Add clang-format exceptions (git-fixes). - samples/landlock: Fix path_list memory leak (git-fixes). - samples/landlock: Format with clang-format (git-fixes). - sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes). - sbitmap: fix possible io hung due to lost wakeup (git-fixes). - sched-core-Do-not-requeue-task-on-CPU-excluded-from-cpus_mask.patch - sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)). - sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes) - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)). - sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)). - sched/fair: Remove redundant word " *" (bnc#1189999 (Scheduler functional and performance backports)). - sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes) - sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes) - sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)). - sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh - sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)). - scripts/dtc: Call pkg-config POSIXly correct (git-fixes). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes). - scripts/gdb: change kernel config dumping method (git-fixes). - scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes). - scripts: sphinx-pre-install: add required ctex dependency (git-fixes). - scsi: Revert "scsi: qla2xxx: Fix disk failure to rediscover" (git-fixes). - scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039). - scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471). - scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410). - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes). - scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939). - scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939). - scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939). - scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063). - scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063). - scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956). - scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063). - scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957). - scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939). - scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956). - scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957). - scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956). - scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939). - scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957). - scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939). - scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063). - scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956). - scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939). - scsi: lpfc: Fix spelling mistake "unsolicted" -> "unsolicited" (bsc#1204957). - scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956). - scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063). - scsi: lpfc: Fix various issues reported by tools (bsc#1203939). - scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957). - scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939). Dropped: patches.suse/lpfc-decouple-port_template-and-vport_template.patch - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956). - scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956). - scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956). - scsi: lpfc: Remove SANDiags related code (bsc#1203063). - scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956). - scsi: lpfc: Remove the unneeded result variable (bsc#1203939). - scsi: lpfc: Remove unneeded result variable (bsc#1203939). - scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939). - scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939). - scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956). - scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939). - scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063). - scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939). - scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956). - scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957). - scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956). - scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063). - scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939). - scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957). - scsi: lpfc: Update the obsolete adapter list (bsc#1204142). - scsi: megaraid: Clear READ queue map's nr_queues (git-fixes). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: mpt3sas: Fix use-after-free warning (git-fixes). - scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935). - scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935). - scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935). - scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935). - scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958). - scsi: qla2xxx: Define static symbols (bsc#1203935). - scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935). - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935). - scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935). - scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958). - scsi: qla2xxx: Fix disk failure to rediscover (git-fixes). - scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958). - scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958). - scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958). - scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935). - scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963). - scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958). - scsi: qla2xxx: Fix spelling mistake "definiton" -> "definition" (bsc#1203935). - scsi: qla2xxx: Log message "skipping scsi_scan_host()" as informational (bsc#1203935). - scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935). - scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935). - scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935). - scsi: qla2xxx: Revert "scsi: qla2xxx: Fix response queue handler reading stale packets" (bsc#1203935). - scsi: qla2xxx: Update manufacturer details (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958). - scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935). - scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963). - scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958). - scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958). - scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: sg: Allow waiting for commands to complete on removed device (git-fixes). - scsi: smartpqi: Add module param to disable managed ints (bsc#1203893). - scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes). - scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous "to" in a comment (git-fixes). - scsi: ufs: core: Fix another task management completion race (git-fixes). - scsi: ufs: core: Fix task management completion timeout race (git-fixes). - scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707). - scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes). - seccomp: Invalidate seccomp mode to catch death failures (git-fixes). - selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes). - selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130). - selftest/vm: fix map_fixed_noreplace test failure (git-fixes). - selftest/vm: verify mmap addr in mremap_test (git-fixes). - selftest/vm: verify remap destination address in mremap_test (git-fixes). - selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes). - selftests, x86: fix how check_cc.sh is being invoked (git-fixes). - selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes). - selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes). - selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes). - selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes). - selftests/ftrace: make kprobe profile testcase description unique (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests/landlock: Add clang-format exceptions (git-fixes). - selftests/landlock: Add tests for O_PATH (git-fixes). - selftests/landlock: Add tests for unknown access rights (git-fixes). - selftests/landlock: Extend access right tests to directories (git-fixes). - selftests/landlock: Extend tests for minimal valid attribute size (git-fixes). - selftests/landlock: Format with clang-format (git-fixes). - selftests/landlock: Fully test file rename with "remove" access (git-fixes). - selftests/landlock: Make tests build with old libc (git-fixes). - selftests/landlock: Normalize array assignment (git-fixes). - selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes). - selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995). - selftests/memfd: clean up mapping in mfd_fail_write (git-fixes). - selftests/memfd: remove unused variable (git-fixes). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes). - selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes). - selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes). - selftests/net: timestamping: Fix bind_phc check (git-fixes). - selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes). - selftests/pidfd_test: Remove the erroneous ',' (git-fixes). - selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes). - selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes). - selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes). - selftests/resctrl: Fix null pointer dereference on open failed (git-fixes). - selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes). - selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store (git-fixes). - selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes). - selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes). - selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes). - selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes). - selftests/rseq: Introduce rseq_get_abi() helper (git-fixes). - selftests/rseq: Introduce thread pointer getters (git-fixes). - selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes). - selftests/rseq: Remove useless assignment to cpu variable (git-fixes). - selftests/rseq: Remove volatile from __rseq_abi (git-fixes). - selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes). - selftests/rseq: introduce own copy of rseq uapi header (git-fixes). - selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes). - selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes). - selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes). - selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes). - selftests/seccomp: Fix compile warning when CC=clang (git-fixes). - selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes). - selftests/sgx: Treat CC as one argument (git-fixes). - selftests/vm/transhuge-stress: fix ram size thinko (git-fixes). - selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes). - selftests/x86: Add validity check and allow field splitting (git-fixes). - selftests/zram01.sh: Fix compression ratio calculation (git-fixes). - selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes). - selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes). - selftests: Add duplicate config only for MD5 VRF tests (git-fixes). - selftests: Fix IPv6 address bind tests (git-fixes). - selftests: Fix raw socket bind tests with VRF (git-fixes). - selftests: Fix the if conditions of in test_extra_filter() (git-fixes). - selftests: add ping test with ping_group_range tuned (git-fixes). - selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes). - selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes). - selftests: cgroup: Test open-time credential usage for migration checks (git-fixes). - selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes). - selftests: fixup build warnings in pidfd / clone3 tests (git-fixes). - selftests: forwarding: Fix failing tests with old libnet (git-fixes). - selftests: forwarding: add shebang for sch_red.sh (git-fixes). - selftests: forwarding: fix error message in learning_test (git-fixes). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes). - selftests: futex: Use variable MAKE instead of make (git-fixes). - selftests: gpio: fix gpio compiling error (git-fixes). - selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes). - selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes). - selftests: kvm: set rax before vmcall (git-fixes). - selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes). - selftests: mlxsw: resource_scale: Fix return value (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes). - selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes). - selftests: mptcp: add csum mib check for mptcp_connect (git-fixes). - selftests: mptcp: fix diag instability (git-fixes). - selftests: mptcp: fix ipv6 routing setup (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable diag tests (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: net: Correct case name (git-fixes). - selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes). - selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes). - selftests: net: tls: remove unused variable and code (git-fixes). - selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes). - selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes). - selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes). - selftests: netfilter: add a vrf+conntrack testcase (git-fixes). - selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes). - selftests: netfilter: disable rp_filter on router (git-fixes). - selftests: netfilter: fix exit value for nft_concat_range (git-fixes). - selftests: nft_concat_range: add test for reload with no element add/del (git-fixes). - selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes). - selftests: openat2: Add missing dependency in Makefile (git-fixes). - selftests: openat2: Print also errno in failure messages (git-fixes). - selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes). - selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes). - selftests: rtc: Increase test timeout so that all tests run (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes). - selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes). - selftests: timers: clocksource-switch: fix passing errors from child (git-fixes). - selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes). - selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes). - selftests: vm: fix clang build error multiple output files (git-fixes). - selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes). - selinux: Add boundary check in put_entry() (git-fixes). - selinux: access superblock_security_struct in LSM blob way (git-fixes). - selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes). - selinux: check return value of sel_make_avc_files (git-fixes). - selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes). - selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes). - selinux: fix double free of cond_list on error paths (git-fixes). - selinux: fix memleak in security_read_state_kernel() (git-fixes). - selinux: fix misuse of mutex_is_locked() (git-fixes). - selinux: use "grep -E" instead of "egrep" (git-fixes). - selinux: use correct type for context length (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes). - serial: 8250: Export ICR access helpers for internal use (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Fix restoring termios speed after suspend (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes). - serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes). - serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes). - serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes). - serial: Create uart_xmit_advance() (git-fixes). - serial: atmel: remove redundant assignment in rs485_config (git-fixes). - serial: core: move RS485 configuration tasks from drivers into core (git-fixes). - serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes). - serial: fsl_lpuart: Reset prior to registration (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - serial: mvebu-uart: uart2 error bits clearing (git-fixes). - serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes). - sfc: disable softirqs for ptp TX (git-fixes). - sfc: fix kernel panic when creating VF (git-fixes). - sfc: fix use after free when disabling sriov (git-fixes). - signal: break out of wait loops on kthread_stop() (bsc#1204926). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: qcom-ngd: cleanup in probe error path (git-fixes). - slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes). - soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes). - soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes). - soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes). - soc: fsl: guts: machine variable might be unset (git-fixes). - soc: fsl: select FSL_GUTS driver for DPIO (git-fixes). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soc: imx: gpcv2: Assert reset before ungating clock (git-fixes). - soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes). - soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes). - soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes). - soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes). - soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes). - soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes). - soc: sunxi: sram: Actually claim SRAM regions (git-fixes). - soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes). - soc: sunxi: sram: Fix probe function ordering issues (git-fixes). - soc: sunxi: sram: Prevent the driver from being unbound (git-fixes). - soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). - soundwire: bus_type: fix remove and shutdown support (git-fixes). - soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: intel: fix error handling on dai registration issues (git-fixes). - soundwire: qcom: Check device status before reading devid (git-fixes). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: fix device status array range (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes). - spi: Add API to count spi acpi resources (bsc#1203699). - spi: Create helper API to lookup ACPI info for spi device (bsc#1203699). - spi: Ensure that sg_table won't be used after being freed (git-fixes). - spi: Fix incorrect cs_setup delay handling (git-fixes). - spi: Fix simplification of devm_spi_register_controller (git-fixes). - spi: Return deferred probe error when controller isn't yet available (bsc#1203699). - spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699). - spi: dt-bindings: cadence: add missing 'required' (git-fixes). - spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes). - spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes). - spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes). - spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes). - spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699). - spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732). - spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes). - spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes). - spi: s3c64xx: Fix large transfers with DMA (git-fixes). - spi: spi-altera-dfl: Fix an error handling path (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: synquacer: Add missing clk_disable_unprepare() (git-fixes). - spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes). - spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes). - spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes). - staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes). - staging: rtl8712: fix use after free bugs (git-fixes). - staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes). - staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes). - staging: vt6655: fix potential memory leak (git-fixes). - staging: vt6655: fix some erroneous memory clean-up loops (git-fixes). - stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes). - stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes). - struct ehci_hcd: hide new element going into a hole (git-fixes). - struct xhci_hcd: restore member now dynamically allocated (git-fixes). - sunrpc: fix expiry of auth creds (git-fixes). - supported.conf: Add cs_dsp firmware module (bsc#1203699) - supported.conf: Add drivers/virt/coco/sevguest/sevguest - supported.conf: added drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp and changed all octeontx2 modules as supported (jsc#SLE-24682) - supported.conf: mark drivers/nvme/common as supported (jsc#SLE-20183) - supported.conf: mark lib/objagg supported as dependency of mlxsw - supported.conf: mark mlxsw modules supported (jsc#SLE-23766) - supported.conf: mark spi-pxa2xx-platform as supported (bsc#1203699) It's required for the sound on recent Intel machines - tee: optee: do not check memref size on return from Secure World (git-fixes). - tee: tee_get_drvdata(): fix description of return value (git-fixes). - testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes). - testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes). - testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes). - tests: fix idmapped mount_setattr test (git-fixes). - thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes). - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308). - thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes). - thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes). - thermal: int340x: Mode setting with new OS handshake (jsc#PED-678). - thermal: int340x: Update OS policy capability handshake (jsc#PED-678). - thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes). - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes). - thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes). - thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes). - thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes). - thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634). - thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes). - thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes). - thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes). - thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes). - thunderbolt: Use the actual buffer in tb_async_error() (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes). - tools/nolibc: fix incorrect truncation of exit code (git-fixes). - tools/nolibc: i386: fix initial stack alignment (git-fixes). - tools/nolibc: x86-64: Fix startup code bug (git-fixes). - tools/testing/scatterlist: add missing defines (git-fixes). - tools/thermal: Fix possible path truncations (git-fixes). - tools: hv: Remove an extraneous "the" (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes). - trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes). - trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes). - tracing/histograms: Fix memory leak problem (git-fixes). - tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes). - tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Add "(fault)" name injection to kernel probes (git-fixes). - tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Add ustring operation to filtering string pointers (git-fixes). - tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes). - tracing: Do not free snapshot if tracer is on cmdline (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix reading strings from synthetic events (git-fixes). - tracing: Fix sleeping while atomic in kdb ftdump (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Have filter accept "common_cpu" to be consistent (git-fixes). - tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes). - tracing: Replace deprecated CPU-hotplug functions (git-fixes). - tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes). - tracing: Use a struct alignof to determine trace event field alignment (git-fixes). - tracing: Wake up ring buffer waiters on closing of the file (git-fixes). - tracing: Wake up waiters when tracing is disabled (git-fixes). - tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes). - tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Make gen test module work in arm and riscv (git-fixes). - tty: 8250: Add support for Brainboxes PX cards (git-fixes). - tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes). - tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes). - tty: n_gsm: Modify CR,PF bit when config requester (git-fixes). - tty: n_gsm: Modify cr bit value when config requester (git-fixes). - tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes). - tty: n_gsm: Save dlci address open status when config requester (git-fixes). - tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes). - tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes). - tty: n_gsm: clean up dead code in gsm_queue() (git-fixes). - tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes). - tty: n_gsm: clean up indenting in gsm_queue() (git-fixes). - tty: n_gsm: fix DM command (git-fixes). - tty: n_gsm: fix broken virtual tty handling (git-fixes). - tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes). - tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes). - tty: n_gsm: fix decoupled mux resource (git-fixes). - tty: n_gsm: fix encoding of command/response bit (git-fixes). - tty: n_gsm: fix flow control handling in tx path (git-fixes). - tty: n_gsm: fix frame reception handling (git-fixes). - tty: n_gsm: fix incorrect UA handling (git-fixes). - tty: n_gsm: fix insufficient txframe size (git-fixes). - tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes). - tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes). - tty: n_gsm: fix malformed counter for out of frame data (git-fixes). - tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes). - tty: n_gsm: fix missing explicit ldisc flush (git-fixes). - tty: n_gsm: fix missing mux reset on config change at responder (git-fixes). - tty: n_gsm: fix missing timer to handle stalled links (git-fixes). - tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes). - tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes). - tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes). - tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes). - tty: n_gsm: fix non flow control frames during mux flow off (git-fixes). - tty: n_gsm: fix packet re-transmission without open control channel (git-fixes). - tty: n_gsm: fix race condition in gsmld_write() (git-fixes). - tty: n_gsm: fix reset fifo race condition (git-fixes). - tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes). - tty: n_gsm: fix restart handling via CLD command (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: n_gsm: fix software flow control handling (git-fixes). - tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes). - tty: n_gsm: fix tty registration before control channel open (git-fixes). - tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes). - tty: n_gsm: fix wrong DLCI release order (git-fixes). - tty: n_gsm: fix wrong T1 retry count handling (git-fixes). - tty: n_gsm: fix wrong command frame length field encoding (git-fixes). - tty: n_gsm: fix wrong command retry handling (git-fixes). - tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes). - tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes). - tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes). - tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes). - tty: n_gsm: replace kicktimer with delayed_work (git-fixes). - tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes). - tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes). - tty: serial: fsl_lpuart: correct the count of break characters (git-fixes). - tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes). - tty: vt: initialize unicode screen buffer (git-fixes). - tty: xilinx_uartps: Fix the ignore_status (git-fixes). - tun: avoid double free in tun_free_netdev (git-fixes). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes). - tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes). - uaccess: fix type mismatch warnings from access_ok() (git-fixes). - uas: add no-uas quirk for Hiksemi usb_disk (git-fixes). - uas: ignore UAS for Thinkplus chips (git-fixes). - ucounts: Base set_cred_ucounts changes on the real user (git-fixes). - ucounts: Fix rlimit max values check (git-fixes). - ucounts: Fix systemd LimitNPROC with private users regression (git-fixes). - ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes). - ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes). - udf: Fix crash after seekdir (bsc#1194592). - udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes). - udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes). - udmabuf: add back sanity check (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes). - usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes). - usb.h: struct usb_device: hide new member (git-fixes). - usb/hcd: Fix dma_map_sg error check (git-fixes). - usb: Drop commas after SoC match table sentinels (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: add quirks for Lenovo OneLink+ Dock (git-fixes). - usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes). - usb: bdc: change state when port disconnected (git-fixes). - usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes). - usb: cdns3 fix use-after-free at workaround 2 (git-fixes). - usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes). - usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes). - usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes). - usb: cdns3: fix random warning message when driver load (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: common: debug: Check non-standard control requests (git-fixes). - usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes). - usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes). - usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes). - usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes). - usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes). - usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes). - usb: dwc3: disable USB core PHY management (git-fixes). - usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes). - usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes). - usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes). - usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes). - usb: dwc3: gadget: Refactor pullup() (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: dwc3: gadget: fix high speed multiplier setting (git-fixes). - usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes). - usb: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). - usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes). - usb: dwc3: qcom: fix missing optional irq warnings (git-fixes). - usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes). - usb: ehci: Fix a function name in comments (git-fixes). - usb: gadget: bdc: fix typo in comment (git-fixes). - usb: gadget: f_fs: stricter integer overflow checks (git-fixes). - usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes). - usb: gadget: f_uac2: fix superspeed transfer (git-fixes). - usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes). - usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes). - usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes). - usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes). - usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes). - usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes). - usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes). - usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes). - usb: host: xhci-plat: suspend and resume clocks (git-fixes). - usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes). - usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes). - usb: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes). - usb: host: xhci: use ffs() in xhci_mem_init() (git-fixes). - usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes). - usb: hub: avoid warm port reset during USB3 disconnect (git-fixes). - usb: idmouse: fix an uninit-value in idmouse_open (git-fixes). - usb: mon: make mmapped memory read only (git-fixes). - usb: mtu3: fix failed runtime suspend in host only mode (git-fixes). - usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes). - usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes). - usb: renesas: Fix refcount leak bug (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes). - usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes). - usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes). - usb: typec: tcpm: fix typo in comment (git-fixes). - usb: typec: tipd: Add an additional overflow check (git-fixes). - usb: typec: tipd: Do not read/write more bytes than required (git-fixes). - usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes). - usb: typec: ucsi: Remove incorrect warning (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes). - usb: xhci: tegra: Fix error check (git-fixes). - usbnet: Fix linkwatch use-after-free on disconnect (git-fixes). - usbnet: Fix memory leak in usbnet_disconnect() (git-fixes). - usbnet: Run unregister_netdev() before unbind() again (git-fixes). - usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes). - usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes). - usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes). - userfaultfd/selftests: fix hugetlb area allocations (git-fixes). - v3 of "PCI: hv: Only reuse existing IRTE allocation for Multi-MSI" - vboxguest: Do not use devm for irq (git-fixes). - vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes). - venus: pm_helpers: Fix warning in OPP during probe (git-fixes). - vfio/ccw: Do not change FSM state in subchannel event (git-fixes). - vfio/ccw: Remove UUID from s390 debug log (git-fixes). - vfio/type1: Unpin zero pages (git-fixes). - vfio: Clear the caps->buf to NULL after free (git-fixes). - vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes). - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes). - video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes). - video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes). - video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes). - video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes). - video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes). - video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes). - virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814). - virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814). - virt: vbox: convert to use dev_groups (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes). - virtio-net: fix the race between refill work and close (git-fixes). - virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes). - vmxnet3: Implement ethtool's get_channels command (bsc#1200431). - vmxnet3: Record queue number to incoming packets (bsc#1200431). - vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431). - vmxnet3: add command to set ring buffer sizes (bsc#1200431). - vmxnet3: add support for capability registers (bsc#1200431). - vmxnet3: add support for large passthrough BAR register (bsc#1200431). - vmxnet3: add support for out of order rx completion (bsc#1200431). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431). - vmxnet3: do not reschedule napi for rx processing (bsc#1200431). - vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431). - vmxnet3: prepare for version 7 changes (bsc#1200431). - vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431). - vmxnet3: update to version 7 (bsc#1200431). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431). - vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes). - vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes). - vsock/virtio: enable VQs early on probe (git-fixes). - vsock/virtio: initialize vdev->priv before using VQs (git-fixes). - vsock/virtio: read the negotiated features before using VQs (git-fixes). - vsock: Fix memory leak in vsock_connect() (git-fixes). - vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes). - vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes). - vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes). - vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes). - vt: Clear selection before changing the font (git-fixes). - watch-queue: remove spurious double semicolon (git-fixes). - watch_queue: Fix missing locking in add_watch_to_object() (git-fixes). - watch_queue: Fix missing rcu annotation (git-fixes). - watchdog-export-lockup_detector_reconfigure.patch. - watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes). - watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes). - watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes). - watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes). - watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes). - watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023). - watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes). - wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes). - wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes). - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes). - wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes). - wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes). - wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes). - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes). - wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes). - wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes). - wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: allow bw change during channel switch in mesh (git-fixes). - wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes). - wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211: fix probe req HE capabilities access (git-fixes). - wifi: mac80211: fix regression with non-QoS drivers (git-fixes). - wifi: mac80211: limit A-MSDU subframes for client too (git-fixes). - wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes). - wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes). - wifi: mac80211_hwsim: check length for virtio packets (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes). - wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes). - wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes). - wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes). - wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes). - wifi: mt76: sdio: fix transmitting packet hangs (git-fixes). - wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes). - wifi: p54: add missing parentheses in p54_flush() (git-fixes). - wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes). - wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes). - wifi: rt2x00: set SoC wmac clock register (git-fixes). - wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes). - wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes). - wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes). - wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes). - wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes). - wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes). - wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes). - wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes). - wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes). - wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes). - wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies). - wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes). - wifi: rtw88: check the return value of alloc_workqueue() (git-fixes). - wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes). - wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes). - wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131). - workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes). - wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes). - x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970). - x86/boot: Fix the setup data types max limit (bsc#1204970). - x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814). - x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970). - x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/ibt,ftrace: Make function-graph play nice (bsc#1203969). - x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814). - x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/kexec: fix memory leak of elf header buffer (bsc#1196444). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814). - x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814). - x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes). - x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497). - x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814). - x86/sev: Annotate stack change in the #VC handler (bsc#1204970). - x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497). - x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970). - x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Remove duplicated assignment to variable info (bsc#1204970). - x86/sev: Save the negotiated GHCB version (bsc#1190497). - x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814). - x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - x86/xen: Remove undefined behavior in setup_features() (git-fixes). - xen-blkback: Advertise feature-persistent as user requested (git-fixes). - xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkback: fix persistent grants negotiation (git-fixes). - xen-blkfront: Advertise feature-persistent as user requested (git-fixes). - xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes). - xen-blkfront: Cache feature_persistent value before advertisement (git-fixes). - xen-blkfront: Handle NULL gendisk (git-fixes). - xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes). - xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes). - xen/gntdev: Prevent leaking grants (git-fixes). - xen/gntdev: fix unmap notification order (git-fixes). - xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes). - xen/usb: do not use arbitrary_virt_to_machine() (git-fixes). - xen/xenbus: fix return type in xenbus_file_read() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xen: detect uninitialized xenbus in xenbus_init (git-fixes). - xen: do not continue xenstore initialization in case of errors (git-fixes). - xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes). - xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes). - xfs: fix use-after-free in xattr node block inactivation (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: fold perag loop iteration logic into helper function (git-fixes). - xfs: make xfs_rtalloc_query_range input parameters const (git-fixes). - xfs: only bother with sync_filesystem during readonly remount (git-fixes). - xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes). - xfs: prevent a UAF when log IO errors race with unmount (git-fixes). - xfs: remove incorrect ASSERT in xfs_rename (git-fixes). - xfs: rename the next_agno perag iteration variable (git-fixes). - xfs: reorder iunlink remove operation in xfs_ifree (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). - xfs: revert "xfs: actually bump warning counts when we send warnings" (git-fixes). - xfs: terminate perag iteration reliably on agcount (git-fixes). - xfs: use invalidate_lock to check the state of mmap_lock (git-fixes). - xfs: use kmem_cache_free() for kmem_cache objects (git-fixes). - xfs: use setattr_copy to set vfs inode attributes (git-fixes). - xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes). - xhci: Add quirk to reset host back to default state at shutdown (git-fixes). - xhci: Allocate separate command structures for each LPM command (git-fixes). - xhci: Do not show warning for reinit on known broken suspend (git-fixes). - xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). - xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes). - xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes). - xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes). - xhci: dbc: refactor xhci_dbc_init() (git-fixes). - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). - zonefs: Clear inode information flags on inode creation (git-fixes). - zonefs: Fix management of open zones (git-fixes). - zonefs: add MODULE_ALIAS_FS (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4617=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4617=1 - SUSE Linux Enterprise Module for Realtime 15-SP4: zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2022-4617=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4617=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4617=1 Package List: - openSUSE Leap Micro 5.3 (x86_64): kernel-rt-5.14.21-150400.15.5.1 kernel-rt-debuginfo-5.14.21-150400.15.5.1 kernel-rt-debugsource-5.14.21-150400.15.5.1 - openSUSE Leap 15.4 (noarch): kernel-devel-rt-5.14.21-150400.15.5.1 kernel-source-rt-5.14.21-150400.15.5.1 - openSUSE Leap 15.4 (x86_64): cluster-md-kmp-rt-5.14.21-150400.15.5.1 cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.5.1 dlm-kmp-rt-5.14.21-150400.15.5.1 dlm-kmp-rt-debuginfo-5.14.21-150400.15.5.1 gfs2-kmp-rt-5.14.21-150400.15.5.1 gfs2-kmp-rt-debuginfo-5.14.21-150400.15.5.1 kernel-rt-5.14.21-150400.15.5.1 kernel-rt-debuginfo-5.14.21-150400.15.5.1 kernel-rt-debugsource-5.14.21-150400.15.5.1 kernel-rt-devel-5.14.21-150400.15.5.1 kernel-rt-devel-debuginfo-5.14.21-150400.15.5.1 kernel-rt_debug-5.14.21-150400.15.5.1 kernel-rt_debug-debuginfo-5.14.21-150400.15.5.1 kernel-rt_debug-debugsource-5.14.21-150400.15.5.1 kernel-rt_debug-devel-5.14.21-150400.15.5.1 kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.5.1 kernel-syms-rt-5.14.21-150400.15.5.1 ocfs2-kmp-rt-5.14.21-150400.15.5.1 ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.5.1 - SUSE Linux Enterprise Module for Realtime 15-SP4 (noarch): kernel-devel-rt-5.14.21-150400.15.5.1 kernel-source-rt-5.14.21-150400.15.5.1 - SUSE Linux Enterprise Module for Realtime 15-SP4 (x86_64): cluster-md-kmp-rt-5.14.21-150400.15.5.1 cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.5.1 dlm-kmp-rt-5.14.21-150400.15.5.1 dlm-kmp-rt-debuginfo-5.14.21-150400.15.5.1 gfs2-kmp-rt-5.14.21-150400.15.5.1 gfs2-kmp-rt-debuginfo-5.14.21-150400.15.5.1 kernel-rt-5.14.21-150400.15.5.1 kernel-rt-debuginfo-5.14.21-150400.15.5.1 kernel-rt-debugsource-5.14.21-150400.15.5.1 kernel-rt-devel-5.14.21-150400.15.5.1 kernel-rt-devel-debuginfo-5.14.21-150400.15.5.1 kernel-rt_debug-5.14.21-150400.15.5.1 kernel-rt_debug-debuginfo-5.14.21-150400.15.5.1 kernel-rt_debug-debugsource-5.14.21-150400.15.5.1 kernel-rt_debug-devel-5.14.21-150400.15.5.1 kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.5.1 kernel-syms-rt-5.14.21-150400.15.5.1 ocfs2-kmp-rt-5.14.21-150400.15.5.1 ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.5.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (x86_64): kernel-livepatch-5_14_21-150400_15_5-rt-1-150400.1.3.1 kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-1-150400.1.3.1 kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-1-150400.1.3.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): kernel-rt-5.14.21-150400.15.5.1 kernel-rt-debuginfo-5.14.21-150400.15.5.1 kernel-rt-debugsource-5.14.21-150400.15.5.1 References: https://www.suse.com/security/cve/CVE-2016-3695.html https://www.suse.com/security/cve/CVE-2020-16119.html https://www.suse.com/security/cve/CVE-2020-36516.html https://www.suse.com/security/cve/CVE-2021-33135.html https://www.suse.com/security/cve/CVE-2021-4037.html https://www.suse.com/security/cve/CVE-2022-1184.html https://www.suse.com/security/cve/CVE-2022-1263.html https://www.suse.com/security/cve/CVE-2022-1882.html https://www.suse.com/security/cve/CVE-2022-20368.html https://www.suse.com/security/cve/CVE-2022-20369.html https://www.suse.com/security/cve/CVE-2022-2153.html https://www.suse.com/security/cve/CVE-2022-2586.html https://www.suse.com/security/cve/CVE-2022-2588.html https://www.suse.com/security/cve/CVE-2022-2602.html https://www.suse.com/security/cve/CVE-2022-26373.html https://www.suse.com/security/cve/CVE-2022-2639.html https://www.suse.com/security/cve/CVE-2022-2663.html https://www.suse.com/security/cve/CVE-2022-28356.html https://www.suse.com/security/cve/CVE-2022-28693.html https://www.suse.com/security/cve/CVE-2022-2873.html https://www.suse.com/security/cve/CVE-2022-28748.html https://www.suse.com/security/cve/CVE-2022-2905.html https://www.suse.com/security/cve/CVE-2022-2938.html https://www.suse.com/security/cve/CVE-2022-2959.html https://www.suse.com/security/cve/CVE-2022-2964.html https://www.suse.com/security/cve/CVE-2022-2977.html https://www.suse.com/security/cve/CVE-2022-2978.html https://www.suse.com/security/cve/CVE-2022-3028.html https://www.suse.com/security/cve/CVE-2022-3078.html https://www.suse.com/security/cve/CVE-2022-3114.html https://www.suse.com/security/cve/CVE-2022-3169.html https://www.suse.com/security/cve/CVE-2022-3176.html https://www.suse.com/security/cve/CVE-2022-3202.html https://www.suse.com/security/cve/CVE-2022-32250.html https://www.suse.com/security/cve/CVE-2022-32296.html https://www.suse.com/security/cve/CVE-2022-3239.html https://www.suse.com/security/cve/CVE-2022-3303.html https://www.suse.com/security/cve/CVE-2022-33981.html https://www.suse.com/security/cve/CVE-2022-3424.html https://www.suse.com/security/cve/CVE-2022-3435.html https://www.suse.com/security/cve/CVE-2022-3521.html https://www.suse.com/security/cve/CVE-2022-3524.html https://www.suse.com/security/cve/CVE-2022-3526.html https://www.suse.com/security/cve/CVE-2022-3535.html https://www.suse.com/security/cve/CVE-2022-3542.html https://www.suse.com/security/cve/CVE-2022-3545.html https://www.suse.com/security/cve/CVE-2022-3565.html https://www.suse.com/security/cve/CVE-2022-3566.html https://www.suse.com/security/cve/CVE-2022-3567.html https://www.suse.com/security/cve/CVE-2022-3577.html https://www.suse.com/security/cve/CVE-2022-3586.html https://www.suse.com/security/cve/CVE-2022-3594.html https://www.suse.com/security/cve/CVE-2022-3619.html https://www.suse.com/security/cve/CVE-2022-3621.html https://www.suse.com/security/cve/CVE-2022-3625.html https://www.suse.com/security/cve/CVE-2022-3628.html https://www.suse.com/security/cve/CVE-2022-3629.html https://www.suse.com/security/cve/CVE-2022-3633.html https://www.suse.com/security/cve/CVE-2022-3635.html https://www.suse.com/security/cve/CVE-2022-3640.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-3646.html https://www.suse.com/security/cve/CVE-2022-3649.html https://www.suse.com/security/cve/CVE-2022-36879.html https://www.suse.com/security/cve/CVE-2022-36946.html https://www.suse.com/security/cve/CVE-2022-3707.html https://www.suse.com/security/cve/CVE-2022-3903.html https://www.suse.com/security/cve/CVE-2022-39188.html https://www.suse.com/security/cve/CVE-2022-39189.html https://www.suse.com/security/cve/CVE-2022-39190.html https://www.suse.com/security/cve/CVE-2022-40476.html https://www.suse.com/security/cve/CVE-2022-40768.html https://www.suse.com/security/cve/CVE-2022-4095.html https://www.suse.com/security/cve/CVE-2022-41218.html https://www.suse.com/security/cve/CVE-2022-4129.html https://www.suse.com/security/cve/CVE-2022-4139.html https://www.suse.com/security/cve/CVE-2022-41674.html https://www.suse.com/security/cve/CVE-2022-41848.html https://www.suse.com/security/cve/CVE-2022-41849.html https://www.suse.com/security/cve/CVE-2022-41850.html https://www.suse.com/security/cve/CVE-2022-41858.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-42703.html https://www.suse.com/security/cve/CVE-2022-42719.html https://www.suse.com/security/cve/CVE-2022-42720.html https://www.suse.com/security/cve/CVE-2022-42721.html https://www.suse.com/security/cve/CVE-2022-42722.html https://www.suse.com/security/cve/CVE-2022-42895.html https://www.suse.com/security/cve/CVE-2022-42896.html https://www.suse.com/security/cve/CVE-2022-43750.html https://www.suse.com/security/cve/CVE-2022-4378.html https://www.suse.com/security/cve/CVE-2022-43945.html https://www.suse.com/security/cve/CVE-2022-45869.html https://www.suse.com/security/cve/CVE-2022-45888.html https://www.suse.com/security/cve/CVE-2022-45934.html https://bugzilla.suse.com/1023051 https://bugzilla.suse.com/1032323 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1164051 https://bugzilla.suse.com/1177471 https://bugzilla.suse.com/1184350 https://bugzilla.suse.com/1185032 https://bugzilla.suse.com/1188238 https://bugzilla.suse.com/1189297 https://bugzilla.suse.com/1189999 https://bugzilla.suse.com/1190256 https://bugzilla.suse.com/1190497 https://bugzilla.suse.com/1190969 https://bugzilla.suse.com/1192968 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1194023 https://bugzilla.suse.com/1194592 https://bugzilla.suse.com/1194869 https://bugzilla.suse.com/1194904 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195917 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196444 https://bugzilla.suse.com/1196616 https://bugzilla.suse.com/1196632 https://bugzilla.suse.com/1196867 https://bugzilla.suse.com/1196869 https://bugzilla.suse.com/1197158 https://bugzilla.suse.com/1197391 https://bugzilla.suse.com/1197659 https://bugzilla.suse.com/1197755 https://bugzilla.suse.com/1197756 https://bugzilla.suse.com/1197757 https://bugzilla.suse.com/1197763 https://bugzilla.suse.com/1198189 https://bugzilla.suse.com/1198410 https://bugzilla.suse.com/1198577 https://bugzilla.suse.com/1198702 https://bugzilla.suse.com/1198971 https://bugzilla.suse.com/1199086 https://bugzilla.suse.com/1199364 https://bugzilla.suse.com/1199515 https://bugzilla.suse.com/1199670 https://bugzilla.suse.com/1199904 https://bugzilla.suse.com/1200015 https://bugzilla.suse.com/1200058 https://bugzilla.suse.com/1200268 https://bugzilla.suse.com/1200288 https://bugzilla.suse.com/1200301 https://bugzilla.suse.com/1200313 https://bugzilla.suse.com/1200431 https://bugzilla.suse.com/1200465 https://bugzilla.suse.com/1200494 https://bugzilla.suse.com/1200544 https://bugzilla.suse.com/1200567 https://bugzilla.suse.com/1200622 https://bugzilla.suse.com/1200644 https://bugzilla.suse.com/1200651 https://bugzilla.suse.com/1200692 https://bugzilla.suse.com/1200788 https://bugzilla.suse.com/1200845 https://bugzilla.suse.com/1200868 https://bugzilla.suse.com/1200869 https://bugzilla.suse.com/1200870 https://bugzilla.suse.com/1200871 https://bugzilla.suse.com/1200872 https://bugzilla.suse.com/1200873 https://bugzilla.suse.com/1201019 https://bugzilla.suse.com/1201308 https://bugzilla.suse.com/1201309 https://bugzilla.suse.com/1201310 https://bugzilla.suse.com/1201361 https://bugzilla.suse.com/1201427 https://bugzilla.suse.com/1201442 https://bugzilla.suse.com/1201455 https://bugzilla.suse.com/1201489 https://bugzilla.suse.com/1201610 https://bugzilla.suse.com/1201675 https://bugzilla.suse.com/1201725 https://bugzilla.suse.com/1201726 https://bugzilla.suse.com/1201768 https://bugzilla.suse.com/1201865 https://bugzilla.suse.com/1201940 https://bugzilla.suse.com/1201941 https://bugzilla.suse.com/1201948 https://bugzilla.suse.com/1201954 https://bugzilla.suse.com/1201956 https://bugzilla.suse.com/1201958 https://bugzilla.suse.com/1202095 https://bugzilla.suse.com/1202096 https://bugzilla.suse.com/1202097 https://bugzilla.suse.com/1202113 https://bugzilla.suse.com/1202131 https://bugzilla.suse.com/1202154 https://bugzilla.suse.com/1202187 https://bugzilla.suse.com/1202262 https://bugzilla.suse.com/1202265 https://bugzilla.suse.com/1202312 https://bugzilla.suse.com/1202341 https://bugzilla.suse.com/1202346 https://bugzilla.suse.com/1202347 https://bugzilla.suse.com/1202385 https://bugzilla.suse.com/1202393 https://bugzilla.suse.com/1202447 https://bugzilla.suse.com/1202471 https://bugzilla.suse.com/1202558 https://bugzilla.suse.com/1202623 https://bugzilla.suse.com/1202636 https://bugzilla.suse.com/1202672 https://bugzilla.suse.com/1202681 https://bugzilla.suse.com/1202685 https://bugzilla.suse.com/1202686 https://bugzilla.suse.com/1202700 https://bugzilla.suse.com/1202710 https://bugzilla.suse.com/1202711 https://bugzilla.suse.com/1202712 https://bugzilla.suse.com/1202713 https://bugzilla.suse.com/1202715 https://bugzilla.suse.com/1202716 https://bugzilla.suse.com/1202757 https://bugzilla.suse.com/1202758 https://bugzilla.suse.com/1202759 https://bugzilla.suse.com/1202761 https://bugzilla.suse.com/1202762 https://bugzilla.suse.com/1202763 https://bugzilla.suse.com/1202764 https://bugzilla.suse.com/1202765 https://bugzilla.suse.com/1202766 https://bugzilla.suse.com/1202767 https://bugzilla.suse.com/1202768 https://bugzilla.suse.com/1202769 https://bugzilla.suse.com/1202770 https://bugzilla.suse.com/1202771 https://bugzilla.suse.com/1202773 https://bugzilla.suse.com/1202774 https://bugzilla.suse.com/1202775 https://bugzilla.suse.com/1202776 https://bugzilla.suse.com/1202778 https://bugzilla.suse.com/1202779 https://bugzilla.suse.com/1202780 https://bugzilla.suse.com/1202781 https://bugzilla.suse.com/1202782 https://bugzilla.suse.com/1202783 https://bugzilla.suse.com/1202822 https://bugzilla.suse.com/1202823 https://bugzilla.suse.com/1202824 https://bugzilla.suse.com/1202860 https://bugzilla.suse.com/1202867 https://bugzilla.suse.com/1202872 https://bugzilla.suse.com/1202874 https://bugzilla.suse.com/1202898 https://bugzilla.suse.com/1202914 https://bugzilla.suse.com/1202960 https://bugzilla.suse.com/1202989 https://bugzilla.suse.com/1202992 https://bugzilla.suse.com/1202993 https://bugzilla.suse.com/1203002 https://bugzilla.suse.com/1203008 https://bugzilla.suse.com/1203036 https://bugzilla.suse.com/1203039 https://bugzilla.suse.com/1203041 https://bugzilla.suse.com/1203063 https://bugzilla.suse.com/1203066 https://bugzilla.suse.com/1203067 https://bugzilla.suse.com/1203098 https://bugzilla.suse.com/1203101 https://bugzilla.suse.com/1203107 https://bugzilla.suse.com/1203116 https://bugzilla.suse.com/1203117 https://bugzilla.suse.com/1203138 https://bugzilla.suse.com/1203139 https://bugzilla.suse.com/1203159 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203197 https://bugzilla.suse.com/1203208 https://bugzilla.suse.com/1203229 https://bugzilla.suse.com/1203263 https://bugzilla.suse.com/1203290 https://bugzilla.suse.com/1203338 https://bugzilla.suse.com/1203360 https://bugzilla.suse.com/1203361 https://bugzilla.suse.com/1203389 https://bugzilla.suse.com/1203391 https://bugzilla.suse.com/1203410 https://bugzilla.suse.com/1203435 https://bugzilla.suse.com/1203505 https://bugzilla.suse.com/1203511 https://bugzilla.suse.com/1203514 https://bugzilla.suse.com/1203552 https://bugzilla.suse.com/1203606 https://bugzilla.suse.com/1203664 https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1203699 https://bugzilla.suse.com/1203767 https://bugzilla.suse.com/1203769 https://bugzilla.suse.com/1203770 https://bugzilla.suse.com/1203794 https://bugzilla.suse.com/1203798 https://bugzilla.suse.com/1203802 https://bugzilla.suse.com/1203829 https://bugzilla.suse.com/1203893 https://bugzilla.suse.com/1203902 https://bugzilla.suse.com/1203906 https://bugzilla.suse.com/1203908 https://bugzilla.suse.com/1203922 https://bugzilla.suse.com/1203935 https://bugzilla.suse.com/1203939 https://bugzilla.suse.com/1203960 https://bugzilla.suse.com/1203969 https://bugzilla.suse.com/1203987 https://bugzilla.suse.com/1203992 https://bugzilla.suse.com/1203994 https://bugzilla.suse.com/1204017 https://bugzilla.suse.com/1204051 https://bugzilla.suse.com/1204059 https://bugzilla.suse.com/1204060 https://bugzilla.suse.com/1204092 https://bugzilla.suse.com/1204125 https://bugzilla.suse.com/1204132 https://bugzilla.suse.com/1204142 https://bugzilla.suse.com/1204166 https://bugzilla.suse.com/1204168 https://bugzilla.suse.com/1204170 https://bugzilla.suse.com/1204171 https://bugzilla.suse.com/1204183 https://bugzilla.suse.com/1204228 https://bugzilla.suse.com/1204241 https://bugzilla.suse.com/1204289 https://bugzilla.suse.com/1204290 https://bugzilla.suse.com/1204291 https://bugzilla.suse.com/1204292 https://bugzilla.suse.com/1204353 https://bugzilla.suse.com/1204354 https://bugzilla.suse.com/1204355 https://bugzilla.suse.com/1204402 https://bugzilla.suse.com/1204405 https://bugzilla.suse.com/1204413 https://bugzilla.suse.com/1204414 https://bugzilla.suse.com/1204415 https://bugzilla.suse.com/1204417 https://bugzilla.suse.com/1204424 https://bugzilla.suse.com/1204428 https://bugzilla.suse.com/1204431 https://bugzilla.suse.com/1204432 https://bugzilla.suse.com/1204439 https://bugzilla.suse.com/1204470 https://bugzilla.suse.com/1204479 https://bugzilla.suse.com/1204486 https://bugzilla.suse.com/1204498 https://bugzilla.suse.com/1204533 https://bugzilla.suse.com/1204569 https://bugzilla.suse.com/1204574 https://bugzilla.suse.com/1204575 https://bugzilla.suse.com/1204576 https://bugzilla.suse.com/1204619 https://bugzilla.suse.com/1204624 https://bugzilla.suse.com/1204631 https://bugzilla.suse.com/1204635 https://bugzilla.suse.com/1204636 https://bugzilla.suse.com/1204637 https://bugzilla.suse.com/1204646 https://bugzilla.suse.com/1204647 https://bugzilla.suse.com/1204650 https://bugzilla.suse.com/1204653 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204705 https://bugzilla.suse.com/1204719 https://bugzilla.suse.com/1204728 https://bugzilla.suse.com/1204745 https://bugzilla.suse.com/1204753 https://bugzilla.suse.com/1204780 https://bugzilla.suse.com/1204810 https://bugzilla.suse.com/1204850 https://bugzilla.suse.com/1204868 https://bugzilla.suse.com/1204926 https://bugzilla.suse.com/1204933 https://bugzilla.suse.com/1204934 https://bugzilla.suse.com/1204947 https://bugzilla.suse.com/1204957 https://bugzilla.suse.com/1204963 https://bugzilla.suse.com/1204970 https://bugzilla.suse.com/1205007 https://bugzilla.suse.com/1205100 https://bugzilla.suse.com/1205111 https://bugzilla.suse.com/1205113 https://bugzilla.suse.com/1205128 https://bugzilla.suse.com/1205130 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1205153 https://bugzilla.suse.com/1205220 https://bugzilla.suse.com/1205257 https://bugzilla.suse.com/1205264 https://bugzilla.suse.com/1205282 https://bugzilla.suse.com/1205313 https://bugzilla.suse.com/1205331 https://bugzilla.suse.com/1205332 https://bugzilla.suse.com/1205427 https://bugzilla.suse.com/1205428 https://bugzilla.suse.com/1205473 https://bugzilla.suse.com/1205496 https://bugzilla.suse.com/1205507 https://bugzilla.suse.com/1205514 https://bugzilla.suse.com/1205521 https://bugzilla.suse.com/1205567 https://bugzilla.suse.com/1205616 https://bugzilla.suse.com/1205617 https://bugzilla.suse.com/1205653 https://bugzilla.suse.com/1205671 https://bugzilla.suse.com/1205679 https://bugzilla.suse.com/1205683 https://bugzilla.suse.com/1205700 https://bugzilla.suse.com/1205705 https://bugzilla.suse.com/1205709 https://bugzilla.suse.com/1205711 https://bugzilla.suse.com/1205744 https://bugzilla.suse.com/1205764 https://bugzilla.suse.com/1205796 https://bugzilla.suse.com/1205882 https://bugzilla.suse.com/1205993 https://bugzilla.suse.com/1206035 https://bugzilla.suse.com/1206036 https://bugzilla.suse.com/1206037 https://bugzilla.suse.com/1206045 https://bugzilla.suse.com/1206046 https://bugzilla.suse.com/1206047 https://bugzilla.suse.com/1206048 https://bugzilla.suse.com/1206049 https://bugzilla.suse.com/1206050 https://bugzilla.suse.com/1206051 https://bugzilla.suse.com/1206056 https://bugzilla.suse.com/1206057 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206147 https://bugzilla.suse.com/1206149 https://bugzilla.suse.com/1206207 https://bugzilla.suse.com/1206273 https://bugzilla.suse.com/1206391 From sle-updates at lists.suse.com Fri Dec 23 15:31:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Dec 2022 16:31:01 +0100 (CET) Subject: SUSE-RU-2022:4618-1: moderate: Recommended update for catatonit Message-ID: <20221223153101.57DA8FCC9@maintenance.suse.de> SUSE Recommended Update: Recommended update for catatonit ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4618-1 Rating: moderate References: PED-2771 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP3-BCL SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4618=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4618=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4618=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4618=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2022-4618=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2022-4618=1 - SUSE Linux Enterprise Server 15-SP3-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-BCL-2022-4618=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4618=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-4618=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4618=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4618=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4618=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2022-4618=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2022-4618=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4618=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise Server 15-SP3-BCL (x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): catatonit-0.1.7-150300.10.3.1 catatonit-debuginfo-0.1.7-150300.10.3.1 catatonit-debugsource-0.1.7-150300.10.3.1 References: From sle-updates at lists.suse.com Tue Dec 27 08:20:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2022 09:20:55 +0100 (CET) Subject: SUSE-SU-2022:4619-1: moderate: Security update for vim Message-ID: <20221227082055.BED0AFCC9@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4619-1 Rating: moderate References: #1070955 #1173256 #1174564 #1176549 #1182324 #1190533 #1190570 #1191770 #1191893 #1192167 #1192478 #1192481 #1192902 #1192903 #1192904 #1193294 #1193298 #1193466 #1193905 #1194093 #1194216 #1194217 #1194388 #1194556 #1194872 #1194885 #1195004 #1195066 #1195126 #1195202 #1195203 #1195332 #1195354 #1195356 #1196361 #1198596 #1198748 #1199331 #1199333 #1199334 #1199651 #1199655 #1199693 #1199745 #1199747 #1199936 #1200010 #1200011 #1200012 #1200270 #1200697 #1200698 #1200700 #1200701 #1200732 #1200884 #1200902 #1200903 #1200904 #1201132 #1201133 #1201134 #1201135 #1201136 #1201150 #1201151 #1201152 #1201153 #1201154 #1201155 #1201249 #1201356 #1201359 #1201363 #1201620 #1201863 #1202046 #1202049 #1202050 #1202051 #1202414 #1202420 #1202421 #1202511 #1202512 #1202515 #1202552 #1202599 #1202687 #1202689 #1202862 #1202962 #1203110 #1203152 #1203155 #1203194 #1203272 #1203508 #1203509 #1203796 #1203797 #1203799 #1203820 #1203924 #1204779 Cross-References: CVE-2009-0316 CVE-2016-1248 CVE-2017-17087 CVE-2017-5953 CVE-2017-6349 CVE-2017-6350 CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903 CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974 CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213 CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696 CVE-2022-1381 CVE-2022-1420 CVE-2022-1616 CVE-2022-1619 CVE-2022-1620 CVE-2022-1720 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771 CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898 CVE-2022-1927 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946 CVE-2022-2980 CVE-2022-2982 CVE-2022-3016 CVE-2022-3037 CVE-2022-3099 CVE-2022-3134 CVE-2022-3153 CVE-2022-3234 CVE-2022-3235 CVE-2022-3278 CVE-2022-3296 CVE-2022-3297 CVE-2022-3324 CVE-2022-3352 CVE-2022-3705 CVSS scores: CVE-2016-1248 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-17087 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2017-17087 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-5953 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-5953 (SUSE): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-6349 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-6350 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3778 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3778 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-3796 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H CVE-2021-3796 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-3872 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3872 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3875 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3875 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3903 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3903 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2021-3927 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3927 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L CVE-2021-3928 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3928 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L CVE-2021-3968 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3973 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3974 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3974 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3984 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3984 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4019 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4019 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4069 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4069 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVE-2021-4136 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4136 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4166 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2021-4166 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2021-4192 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4192 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2021-4193 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-4193 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-46059 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0128 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0128 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-0213 (NVD) : 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0213 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0261 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0261 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0318 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0319 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-0319 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-0351 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0351 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-0359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0359 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0361 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0392 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0392 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2022-0407 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0407 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0413 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0413 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0696 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0696 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1381 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1381 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1420 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-1420 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1616 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1616 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1619 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1619 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1620 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1620 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1720 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1733 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1733 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-1735 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1735 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1771 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-1771 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1785 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1785 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1796 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1796 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1851 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1851 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1897 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1897 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1898 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1898 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-1927 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1927 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L CVE-2022-1968 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1968 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2022-2124 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2124 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2125 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2125 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2126 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2126 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2129 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2129 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2175 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2175 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2182 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2182 (SUSE): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L CVE-2022-2183 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2183 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2022-2206 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2206 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2022-2207 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2207 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2208 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2210 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2210 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-2231 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2231 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2257 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2257 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2264 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2264 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2284 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2284 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2285 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2285 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2022-2286 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2286 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2287 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-2287 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2304 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2304 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-2343 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2343 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2344 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2345 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2345 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2522 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2522 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2571 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2571 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-2580 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2580 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-2581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2581 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-2598 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2598 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2816 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2816 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2817 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2817 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2819 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2819 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2845 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2845 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2849 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2849 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2862 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2862 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L CVE-2022-2874 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2874 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2889 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2889 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2923 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2923 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2946 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2946 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-2980 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-2980 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-2982 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-2982 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3016 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3016 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3037 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3099 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3099 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-3134 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3134 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3153 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3153 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3234 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3235 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3235 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3278 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3278 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3296 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3296 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-3297 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3297 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3324 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3324 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3352 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3352 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-3705 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3705 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 104 vulnerabilities and has one errata is now available. Description: This update for vim fixes the following issues: Updated to version 9.0.0814: * Fixing bsc#1192478 VUL-1: CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1203508 VUL-0: CVE-2022-3234: vim: Heap-based Buffer Overflow prior to 9.0.0483. * Fixing bsc#1203509 VUL-1: CVE-2022-3235: vim: Use After Free in GitHub prior to 9.0.0490. * Fixing bsc#1203820 VUL-0: CVE-2022-3324: vim: Stack-based Buffer Overflow in prior to 9.0.0598. * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c * Fixing bsc#1203152 VUL-1: CVE-2022-2982: vim: use after free in qf_fill_buffer() * Fixing bsc#1203796 VUL-1: CVE-2022-3296: vim: stack out of bounds read in ex_finally() in ex_eval.c * Fixing bsc#1203797 VUL-1: CVE-2022-3297: vim: use-after-free in process_next_cpt_value() at insexpand.c * Fixing bsc#1203110 VUL-1: CVE-2022-3099: vim: Use After Free in ex_docmd.c * Fixing bsc#1203194 VUL-1: CVE-2022-3134: vim: use after free in do_tag() * Fixing bsc#1203272 VUL-1: CVE-2022-3153: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. * Fixing bsc#1203799 VUL-1: CVE-2022-3278: vim: NULL pointer dereference in eval_next_non_blank() in eval.c * Fixing bsc#1203924 VUL-1: CVE-2022-3352: vim: vim: use after free * Fixing bsc#1203155 VUL-1: CVE-2022-2980: vim: null pointer dereference in do_mouse() * Fixing bsc#1202962 VUL-1: CVE-2022-3037: vim: Use After Free in vim prior to 9.0.0321 * Fixing bsc#1200884 Vim: Error on startup * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32 * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37 * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37 * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl() * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044 * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045 * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046. * Fixing bsc#1201620 vim: SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock() * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar() * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote() * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent() * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both() * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name() * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc() * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len() * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes() * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk() * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite() * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int() * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check() * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs() * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special() * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr() * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line() * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string() * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr() * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails() * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet() * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function() * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len() * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar() * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240 * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00 * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use After Free * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open() in src/ex_docmd.c * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in init_ccline() in ex_getln.c * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in Conda vim prior to 8.2. * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow in skip_range * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in append_command * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in function cmdline_erase_chars * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in function vim_regexec_string * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in find_pattern_in_path * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior to 8.2 * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior to 8.2 * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a .swp file to the editor's primary group, which allows local users to obtain sensitive information * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to Out-of-bounds Read * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow in vim prior to 8.2 * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in vim prior to 8.2 * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in cindent.c * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior to 8.2. * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read * Fixing bsc#1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c * Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in win_redr_status() drawscreen.c * Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to Stack-based Buffer Overflow * Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to Heap-based Buffer Overflow * Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting could lead to Heap Buffer Overflow * Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c * Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read * Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which causes a denial of service. * Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim prior to 8.2. * Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7() * Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim prior to 8.2. * Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4619=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4619=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4619=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4619=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4619=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-4619=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4619=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): vim-data-9.0.0814-17.9.1 vim-data-common-9.0.0814-17.9.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): gvim-9.0.0814-17.9.1 gvim-debuginfo-9.0.0814-17.9.1 vim-9.0.0814-17.9.1 vim-debuginfo-9.0.0814-17.9.1 vim-debugsource-9.0.0814-17.9.1 - SUSE OpenStack Cloud 9 (noarch): vim-data-9.0.0814-17.9.1 vim-data-common-9.0.0814-17.9.1 - SUSE OpenStack Cloud 9 (x86_64): gvim-9.0.0814-17.9.1 gvim-debuginfo-9.0.0814-17.9.1 vim-9.0.0814-17.9.1 vim-debuginfo-9.0.0814-17.9.1 vim-debugsource-9.0.0814-17.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gvim-9.0.0814-17.9.1 gvim-debuginfo-9.0.0814-17.9.1 vim-9.0.0814-17.9.1 vim-debuginfo-9.0.0814-17.9.1 vim-debugsource-9.0.0814-17.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): vim-data-9.0.0814-17.9.1 vim-data-common-9.0.0814-17.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gvim-9.0.0814-17.9.1 gvim-debuginfo-9.0.0814-17.9.1 vim-9.0.0814-17.9.1 vim-debuginfo-9.0.0814-17.9.1 vim-debugsource-9.0.0814-17.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): vim-data-9.0.0814-17.9.1 vim-data-common-9.0.0814-17.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gvim-9.0.0814-17.9.1 gvim-debuginfo-9.0.0814-17.9.1 vim-9.0.0814-17.9.1 vim-debuginfo-9.0.0814-17.9.1 vim-debugsource-9.0.0814-17.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): vim-data-9.0.0814-17.9.1 vim-data-common-9.0.0814-17.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): vim-data-9.0.0814-17.9.1 vim-data-common-9.0.0814-17.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gvim-9.0.0814-17.9.1 gvim-debuginfo-9.0.0814-17.9.1 vim-9.0.0814-17.9.1 vim-debuginfo-9.0.0814-17.9.1 vim-debugsource-9.0.0814-17.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): vim-data-9.0.0814-17.9.1 vim-data-common-9.0.0814-17.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gvim-9.0.0814-17.9.1 gvim-debuginfo-9.0.0814-17.9.1 vim-9.0.0814-17.9.1 vim-debuginfo-9.0.0814-17.9.1 vim-debugsource-9.0.0814-17.9.1 References: https://www.suse.com/security/cve/CVE-2009-0316.html https://www.suse.com/security/cve/CVE-2016-1248.html https://www.suse.com/security/cve/CVE-2017-17087.html https://www.suse.com/security/cve/CVE-2017-5953.html https://www.suse.com/security/cve/CVE-2017-6349.html https://www.suse.com/security/cve/CVE-2017-6350.html https://www.suse.com/security/cve/CVE-2021-3778.html https://www.suse.com/security/cve/CVE-2021-3796.html https://www.suse.com/security/cve/CVE-2021-3872.html https://www.suse.com/security/cve/CVE-2021-3875.html https://www.suse.com/security/cve/CVE-2021-3903.html https://www.suse.com/security/cve/CVE-2021-3927.html https://www.suse.com/security/cve/CVE-2021-3928.html https://www.suse.com/security/cve/CVE-2021-3968.html https://www.suse.com/security/cve/CVE-2021-3973.html https://www.suse.com/security/cve/CVE-2021-3974.html https://www.suse.com/security/cve/CVE-2021-3984.html https://www.suse.com/security/cve/CVE-2021-4019.html https://www.suse.com/security/cve/CVE-2021-4069.html https://www.suse.com/security/cve/CVE-2021-4136.html https://www.suse.com/security/cve/CVE-2021-4166.html https://www.suse.com/security/cve/CVE-2021-4192.html https://www.suse.com/security/cve/CVE-2021-4193.html https://www.suse.com/security/cve/CVE-2021-46059.html https://www.suse.com/security/cve/CVE-2022-0128.html https://www.suse.com/security/cve/CVE-2022-0213.html https://www.suse.com/security/cve/CVE-2022-0261.html https://www.suse.com/security/cve/CVE-2022-0318.html https://www.suse.com/security/cve/CVE-2022-0319.html https://www.suse.com/security/cve/CVE-2022-0351.html https://www.suse.com/security/cve/CVE-2022-0359.html https://www.suse.com/security/cve/CVE-2022-0361.html https://www.suse.com/security/cve/CVE-2022-0392.html https://www.suse.com/security/cve/CVE-2022-0407.html https://www.suse.com/security/cve/CVE-2022-0413.html https://www.suse.com/security/cve/CVE-2022-0696.html https://www.suse.com/security/cve/CVE-2022-1381.html https://www.suse.com/security/cve/CVE-2022-1420.html https://www.suse.com/security/cve/CVE-2022-1616.html https://www.suse.com/security/cve/CVE-2022-1619.html https://www.suse.com/security/cve/CVE-2022-1620.html https://www.suse.com/security/cve/CVE-2022-1720.html https://www.suse.com/security/cve/CVE-2022-1733.html https://www.suse.com/security/cve/CVE-2022-1735.html https://www.suse.com/security/cve/CVE-2022-1771.html https://www.suse.com/security/cve/CVE-2022-1785.html https://www.suse.com/security/cve/CVE-2022-1796.html https://www.suse.com/security/cve/CVE-2022-1851.html https://www.suse.com/security/cve/CVE-2022-1897.html https://www.suse.com/security/cve/CVE-2022-1898.html https://www.suse.com/security/cve/CVE-2022-1927.html https://www.suse.com/security/cve/CVE-2022-1968.html https://www.suse.com/security/cve/CVE-2022-2124.html https://www.suse.com/security/cve/CVE-2022-2125.html https://www.suse.com/security/cve/CVE-2022-2126.html https://www.suse.com/security/cve/CVE-2022-2129.html https://www.suse.com/security/cve/CVE-2022-2175.html https://www.suse.com/security/cve/CVE-2022-2182.html https://www.suse.com/security/cve/CVE-2022-2183.html https://www.suse.com/security/cve/CVE-2022-2206.html https://www.suse.com/security/cve/CVE-2022-2207.html https://www.suse.com/security/cve/CVE-2022-2208.html https://www.suse.com/security/cve/CVE-2022-2210.html https://www.suse.com/security/cve/CVE-2022-2231.html https://www.suse.com/security/cve/CVE-2022-2257.html https://www.suse.com/security/cve/CVE-2022-2264.html https://www.suse.com/security/cve/CVE-2022-2284.html https://www.suse.com/security/cve/CVE-2022-2285.html https://www.suse.com/security/cve/CVE-2022-2286.html https://www.suse.com/security/cve/CVE-2022-2287.html https://www.suse.com/security/cve/CVE-2022-2304.html https://www.suse.com/security/cve/CVE-2022-2343.html https://www.suse.com/security/cve/CVE-2022-2344.html https://www.suse.com/security/cve/CVE-2022-2345.html https://www.suse.com/security/cve/CVE-2022-2522.html https://www.suse.com/security/cve/CVE-2022-2571.html https://www.suse.com/security/cve/CVE-2022-2580.html https://www.suse.com/security/cve/CVE-2022-2581.html https://www.suse.com/security/cve/CVE-2022-2598.html https://www.suse.com/security/cve/CVE-2022-2816.html https://www.suse.com/security/cve/CVE-2022-2817.html https://www.suse.com/security/cve/CVE-2022-2819.html https://www.suse.com/security/cve/CVE-2022-2845.html https://www.suse.com/security/cve/CVE-2022-2849.html https://www.suse.com/security/cve/CVE-2022-2862.html https://www.suse.com/security/cve/CVE-2022-2874.html https://www.suse.com/security/cve/CVE-2022-2889.html https://www.suse.com/security/cve/CVE-2022-2923.html https://www.suse.com/security/cve/CVE-2022-2946.html https://www.suse.com/security/cve/CVE-2022-2980.html https://www.suse.com/security/cve/CVE-2022-2982.html https://www.suse.com/security/cve/CVE-2022-3016.html https://www.suse.com/security/cve/CVE-2022-3037.html https://www.suse.com/security/cve/CVE-2022-3099.html https://www.suse.com/security/cve/CVE-2022-3134.html https://www.suse.com/security/cve/CVE-2022-3153.html https://www.suse.com/security/cve/CVE-2022-3234.html https://www.suse.com/security/cve/CVE-2022-3235.html https://www.suse.com/security/cve/CVE-2022-3278.html https://www.suse.com/security/cve/CVE-2022-3296.html https://www.suse.com/security/cve/CVE-2022-3297.html https://www.suse.com/security/cve/CVE-2022-3324.html https://www.suse.com/security/cve/CVE-2022-3352.html https://www.suse.com/security/cve/CVE-2022-3705.html https://bugzilla.suse.com/1070955 https://bugzilla.suse.com/1173256 https://bugzilla.suse.com/1174564 https://bugzilla.suse.com/1176549 https://bugzilla.suse.com/1182324 https://bugzilla.suse.com/1190533 https://bugzilla.suse.com/1190570 https://bugzilla.suse.com/1191770 https://bugzilla.suse.com/1191893 https://bugzilla.suse.com/1192167 https://bugzilla.suse.com/1192478 https://bugzilla.suse.com/1192481 https://bugzilla.suse.com/1192902 https://bugzilla.suse.com/1192903 https://bugzilla.suse.com/1192904 https://bugzilla.suse.com/1193294 https://bugzilla.suse.com/1193298 https://bugzilla.suse.com/1193466 https://bugzilla.suse.com/1193905 https://bugzilla.suse.com/1194093 https://bugzilla.suse.com/1194216 https://bugzilla.suse.com/1194217 https://bugzilla.suse.com/1194388 https://bugzilla.suse.com/1194556 https://bugzilla.suse.com/1194872 https://bugzilla.suse.com/1194885 https://bugzilla.suse.com/1195004 https://bugzilla.suse.com/1195066 https://bugzilla.suse.com/1195126 https://bugzilla.suse.com/1195202 https://bugzilla.suse.com/1195203 https://bugzilla.suse.com/1195332 https://bugzilla.suse.com/1195354 https://bugzilla.suse.com/1195356 https://bugzilla.suse.com/1196361 https://bugzilla.suse.com/1198596 https://bugzilla.suse.com/1198748 https://bugzilla.suse.com/1199331 https://bugzilla.suse.com/1199333 https://bugzilla.suse.com/1199334 https://bugzilla.suse.com/1199651 https://bugzilla.suse.com/1199655 https://bugzilla.suse.com/1199693 https://bugzilla.suse.com/1199745 https://bugzilla.suse.com/1199747 https://bugzilla.suse.com/1199936 https://bugzilla.suse.com/1200010 https://bugzilla.suse.com/1200011 https://bugzilla.suse.com/1200012 https://bugzilla.suse.com/1200270 https://bugzilla.suse.com/1200697 https://bugzilla.suse.com/1200698 https://bugzilla.suse.com/1200700 https://bugzilla.suse.com/1200701 https://bugzilla.suse.com/1200732 https://bugzilla.suse.com/1200884 https://bugzilla.suse.com/1200902 https://bugzilla.suse.com/1200903 https://bugzilla.suse.com/1200904 https://bugzilla.suse.com/1201132 https://bugzilla.suse.com/1201133 https://bugzilla.suse.com/1201134 https://bugzilla.suse.com/1201135 https://bugzilla.suse.com/1201136 https://bugzilla.suse.com/1201150 https://bugzilla.suse.com/1201151 https://bugzilla.suse.com/1201152 https://bugzilla.suse.com/1201153 https://bugzilla.suse.com/1201154 https://bugzilla.suse.com/1201155 https://bugzilla.suse.com/1201249 https://bugzilla.suse.com/1201356 https://bugzilla.suse.com/1201359 https://bugzilla.suse.com/1201363 https://bugzilla.suse.com/1201620 https://bugzilla.suse.com/1201863 https://bugzilla.suse.com/1202046 https://bugzilla.suse.com/1202049 https://bugzilla.suse.com/1202050 https://bugzilla.suse.com/1202051 https://bugzilla.suse.com/1202414 https://bugzilla.suse.com/1202420 https://bugzilla.suse.com/1202421 https://bugzilla.suse.com/1202511 https://bugzilla.suse.com/1202512 https://bugzilla.suse.com/1202515 https://bugzilla.suse.com/1202552 https://bugzilla.suse.com/1202599 https://bugzilla.suse.com/1202687 https://bugzilla.suse.com/1202689 https://bugzilla.suse.com/1202862 https://bugzilla.suse.com/1202962 https://bugzilla.suse.com/1203110 https://bugzilla.suse.com/1203152 https://bugzilla.suse.com/1203155 https://bugzilla.suse.com/1203194 https://bugzilla.suse.com/1203272 https://bugzilla.suse.com/1203508 https://bugzilla.suse.com/1203509 https://bugzilla.suse.com/1203796 https://bugzilla.suse.com/1203797 https://bugzilla.suse.com/1203799 https://bugzilla.suse.com/1203820 https://bugzilla.suse.com/1203924 https://bugzilla.suse.com/1204779 From sle-updates at lists.suse.com Tue Dec 27 11:21:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2022 12:21:11 +0100 (CET) Subject: SUSE-RU-2022:4623-1: moderate: Recommended update for rust, rust1.66 Message-ID: <20221227112111.17A53FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust, rust1.66 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4623-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for rust, rust1.66 fixes the following issues: This update ships rust 1.66. Version 1.66.0 (2022-12-15) ========================== Language -------- - Permit specifying explicit discriminants on all `repr(Int)` enums ```rust #[repr(u8)] enum Foo { A(u8) = 0, B(i8) = 1, C(bool) = 42, } ``` - Allow transmutes between the same type differing only in lifetimes - Change constant evaluation errors from a deny-by-default lint to a hard error - Trigger `must_use` on `impl Trait` for supertraits This makes `impl ExactSizeIterator` respect the existing `#[must_use]` annotation on `Iterator`. - Allow `..X` and `..=X` in patterns - Uplift `clippy::for_loops_over_fallibles` lint into rustc - Stabilize `sym` operands in inline assembly - Update to Unicode 15 - Opaque types no longer imply lifetime bounds This is a soundness fix which may break code that was erroneously relying on this behavior. Compiler -------- - Add armv5te-none-eabi and thumbv5te-none-eabi tier 3 targets - Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. - Add support for linking against macOS universal libraries Libraries --------- - Fix `#[derive(Default)]` on a generic `#[default]` enum adding unnecessary `Default` bounds - Update to Unicode 15 Stabilized APIs --------------- - `proc_macro::Span::source_text`](https://doc.rust-lang.org/stable/proc_macr o/struct.Span.html#method.source_text) - `uX::{checked_add_signed, overflowing_add_signed, saturating_add_signed, wrapping_add_signed}`](https://doc.rust-lang.org/stable/std/primitive.u8.ht ml#method.checked_add_signed) - `iX::{checked_add_unsigned, overflowing_add_unsigned, saturating_add_unsigned, wrapping_add_unsigned}`](https://doc.rust-lang.org/stable/std/primitive.i8. html#method.checked_add_unsigned) - `iX::{checked_sub_unsigned, overflowing_sub_unsigned, saturating_sub_unsigned, wrapping_sub_unsigned}`](https://doc.rust-lang.org/stable/std/primitive.i8. html#method.checked_sub_unsigned) - `BTreeSet::{first, last, pop_first, pop_last}`](https://doc.rust-lang.org/stable/std/collections/struct.BTreeSe t.html#method.first) - `BTreeMap::{first_key_value, last_key_value, first_entry, last_entry, pop_first, pop_last}`](https://doc.rust-lang.org/stable/std/collections/struct.BTreeMa p.html#method.first_key_value) - Add `AsFd` implementations for stdio lock types on WASI. - `impl TryFrom> for Box<[T; N]>`](https://doc.rust-lang.org/stable/std/boxed/struct.Box.html#impl-TryFr om%3CVec%3CT%2C%20Global%3E%3E-for-Box%3C%5BT%3B%20N%5D%2C%20Global%3E) - `core::hint::black_box`](https://doc.rust-lang.org/stable/std/hint/fn.black _box.html) - `Duration::try_from_secs_{f32,f64}`](https://doc.rust-lang.org/stable/std/t ime/struct.Duration.html#method.try_from_secs_f32) - `Option::unzip`](https://doc.rust-lang.org/stable/std/option/enum.Option.ht ml#method.unzip) - `std::os::fd`](https://doc.rust-lang.org/stable/std/os/fd/index.html) Rustdoc ------- - Add Rustdoc warning for invalid HTML tags in the documentation Cargo ----- - Added `cargo remove` to remove dependencies from Cargo.toml](https://doc.rust-lang.org/nightly/cargo/commands/cargo-remove.h tml) - `cargo publish` now waits for the new version to be downloadable before exiting See [detailed release notes] for more. Compatibility Notes ------------------- - Only apply `ProceduralMasquerade` hack to older versions of `rental`] - Don't export `__heap_base` and `__data_end` on wasm32-wasi.] - Don't export `__wasm_init_memory` on WebAssembly.] - Only export `__tls_*` on wasm32-unknown-unknown.] - Don't link to `libresolv` in libstd on Darwin] - Update libstd's libc to 0.2.135 (to make `libstd` no longer pull in `libiconv.dylib` on Darwin)] - Opaque types no longer imply lifetime bounds] This is a soundness fix which may break code that was erroneously relying on this behavior. - Make `order_dependent_trait_objects` show up in future-breakage reports] - Change std::process::Command spawning to default to inheriting the parent's signal mask] Changes in rust: - Update to version 1.66.0 - for details see the rust1.66 package Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4623=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4623=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo-1.66.0-150400.24.3.1 cargo1.66-1.66.0-150400.9.3.1 cargo1.66-debuginfo-1.66.0-150400.9.3.1 rust-1.66.0-150400.24.3.1 rust1.66-1.66.0-150400.9.3.1 rust1.66-debuginfo-1.66.0-150400.9.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo-1.66.0-150400.24.3.1 cargo1.66-1.66.0-150400.9.3.1 cargo1.66-debuginfo-1.66.0-150400.9.3.1 rust-1.66.0-150400.24.3.1 rust1.66-1.66.0-150400.9.3.1 rust1.66-debuginfo-1.66.0-150400.9.3.1 References: From sle-updates at lists.suse.com Tue Dec 27 11:22:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2022 12:22:00 +0100 (CET) Subject: SUSE-SU-2022:4620-1: important: Security update for freeradius-server Message-ID: <20221227112200.B1C4FFD84@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4620-1 Rating: important References: #1180525 #1184016 #1206204 #1206205 #1206206 Cross-References: CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 CVSS scores: CVE-2022-41859 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-41860 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41861 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD (bsc#1206204). - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM (bsc#1206205). - CVE-2022-41861: Fixes a crash on invalid abinary data (bsc#1206206). - move logrotate options into specific parts for each log as "global" options will persist past and clobber global options in the main logrotate config (bsc#1180525) - Fixed plaintext password entries in logfiles (bsc#1184016). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4620=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4620=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4620=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4620=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4620=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4620=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4620=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4620=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4620=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4620=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 - SUSE CaaS Platform 4.0 (x86_64): freeradius-server-3.0.16-150000.3.13.1 freeradius-server-debuginfo-3.0.16-150000.3.13.1 freeradius-server-debugsource-3.0.16-150000.3.13.1 freeradius-server-devel-3.0.16-150000.3.13.1 freeradius-server-krb5-3.0.16-150000.3.13.1 freeradius-server-krb5-debuginfo-3.0.16-150000.3.13.1 freeradius-server-ldap-3.0.16-150000.3.13.1 freeradius-server-ldap-debuginfo-3.0.16-150000.3.13.1 freeradius-server-libs-3.0.16-150000.3.13.1 freeradius-server-libs-debuginfo-3.0.16-150000.3.13.1 freeradius-server-mysql-3.0.16-150000.3.13.1 freeradius-server-mysql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-perl-3.0.16-150000.3.13.1 freeradius-server-perl-debuginfo-3.0.16-150000.3.13.1 freeradius-server-postgresql-3.0.16-150000.3.13.1 freeradius-server-postgresql-debuginfo-3.0.16-150000.3.13.1 freeradius-server-python-3.0.16-150000.3.13.1 freeradius-server-python-debuginfo-3.0.16-150000.3.13.1 freeradius-server-sqlite-3.0.16-150000.3.13.1 freeradius-server-sqlite-debuginfo-3.0.16-150000.3.13.1 freeradius-server-utils-3.0.16-150000.3.13.1 freeradius-server-utils-debuginfo-3.0.16-150000.3.13.1 References: https://www.suse.com/security/cve/CVE-2022-41859.html https://www.suse.com/security/cve/CVE-2022-41860.html https://www.suse.com/security/cve/CVE-2022-41861.html https://bugzilla.suse.com/1180525 https://bugzilla.suse.com/1184016 https://bugzilla.suse.com/1206204 https://bugzilla.suse.com/1206205 https://bugzilla.suse.com/1206206 From sle-updates at lists.suse.com Tue Dec 27 11:23:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2022 12:23:20 +0100 (CET) Subject: SUSE-SU-2022:4621-1: important: Security update for freeradius-server Message-ID: <20221227112320.79B80FD84@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4621-1 Rating: important References: #1206204 #1206205 #1206206 Cross-References: CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 CVSS scores: CVE-2022-41859 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-41860 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41861 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD (bsc#1206204). - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM (bsc#1206205). - CVE-2022-41861: Fixes a crash on invalid abinary data (bsc#1206206). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4621=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4621=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): freeradius-server-debuginfo-3.0.19-3.12.1 freeradius-server-debugsource-3.0.19-3.12.1 freeradius-server-devel-3.0.19-3.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.19-3.12.1 freeradius-server-debuginfo-3.0.19-3.12.1 freeradius-server-debugsource-3.0.19-3.12.1 freeradius-server-doc-3.0.19-3.12.1 freeradius-server-krb5-3.0.19-3.12.1 freeradius-server-krb5-debuginfo-3.0.19-3.12.1 freeradius-server-ldap-3.0.19-3.12.1 freeradius-server-ldap-debuginfo-3.0.19-3.12.1 freeradius-server-libs-3.0.19-3.12.1 freeradius-server-libs-debuginfo-3.0.19-3.12.1 freeradius-server-mysql-3.0.19-3.12.1 freeradius-server-mysql-debuginfo-3.0.19-3.12.1 freeradius-server-perl-3.0.19-3.12.1 freeradius-server-perl-debuginfo-3.0.19-3.12.1 freeradius-server-postgresql-3.0.19-3.12.1 freeradius-server-postgresql-debuginfo-3.0.19-3.12.1 freeradius-server-python-3.0.19-3.12.1 freeradius-server-python-debuginfo-3.0.19-3.12.1 freeradius-server-sqlite-3.0.19-3.12.1 freeradius-server-sqlite-debuginfo-3.0.19-3.12.1 freeradius-server-utils-3.0.19-3.12.1 freeradius-server-utils-debuginfo-3.0.19-3.12.1 References: https://www.suse.com/security/cve/CVE-2022-41859.html https://www.suse.com/security/cve/CVE-2022-41860.html https://www.suse.com/security/cve/CVE-2022-41861.html https://bugzilla.suse.com/1206204 https://bugzilla.suse.com/1206205 https://bugzilla.suse.com/1206206 From sle-updates at lists.suse.com Tue Dec 27 11:24:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2022 12:24:40 +0100 (CET) Subject: SUSE-SU-2022:4622-1: important: Security update for freeradius-server Message-ID: <20221227112440.B48FDFD84@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4622-1 Rating: important References: #1206204 #1206205 #1206206 Cross-References: CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 CVSS scores: CVE-2022-41859 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-41860 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41861 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD (bsc#1206204). - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM (bsc#1206205). - CVE-2022-41861: Fixes a crash on invalid abinary data (bsc#1206206). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4622=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-4622=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4622=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-4622=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4622=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-4622=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4622=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2022-4622=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4622=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2022-4622=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4622=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-4622=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2022-4622=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2022-4622=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4622=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4622=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4622=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-doc-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Manager Proxy 4.2 (x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Manager Proxy 4.1 (x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): freeradius-server-3.0.21-150200.3.12.1 freeradius-server-debuginfo-3.0.21-150200.3.12.1 freeradius-server-debugsource-3.0.21-150200.3.12.1 freeradius-server-devel-3.0.21-150200.3.12.1 freeradius-server-krb5-3.0.21-150200.3.12.1 freeradius-server-krb5-debuginfo-3.0.21-150200.3.12.1 freeradius-server-ldap-3.0.21-150200.3.12.1 freeradius-server-ldap-debuginfo-3.0.21-150200.3.12.1 freeradius-server-libs-3.0.21-150200.3.12.1 freeradius-server-libs-debuginfo-3.0.21-150200.3.12.1 freeradius-server-mysql-3.0.21-150200.3.12.1 freeradius-server-mysql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-perl-3.0.21-150200.3.12.1 freeradius-server-perl-debuginfo-3.0.21-150200.3.12.1 freeradius-server-postgresql-3.0.21-150200.3.12.1 freeradius-server-postgresql-debuginfo-3.0.21-150200.3.12.1 freeradius-server-python3-3.0.21-150200.3.12.1 freeradius-server-python3-debuginfo-3.0.21-150200.3.12.1 freeradius-server-sqlite-3.0.21-150200.3.12.1 freeradius-server-sqlite-debuginfo-3.0.21-150200.3.12.1 freeradius-server-utils-3.0.21-150200.3.12.1 freeradius-server-utils-debuginfo-3.0.21-150200.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-41859.html https://www.suse.com/security/cve/CVE-2022-41860.html https://www.suse.com/security/cve/CVE-2022-41861.html https://bugzilla.suse.com/1206204 https://bugzilla.suse.com/1206205 https://bugzilla.suse.com/1206206 From sle-updates at lists.suse.com Tue Dec 27 14:19:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2022 15:19:57 +0100 (CET) Subject: SUSE-SU-2022:4625-1: important: Security update for ca-certificates-mozilla Message-ID: <20221227141957.DBBA8FD2D@maintenance.suse.de> SUSE Security Update: Security update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4625-1 Rating: important References: #1206212 #1206622 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-4625=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-4625=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-4625=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4625=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-4625=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-4625=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): ca-certificates-mozilla-2.60-12.40.1 - SUSE OpenStack Cloud 9 (noarch): ca-certificates-mozilla-2.60-12.40.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): ca-certificates-mozilla-2.60-12.40.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): ca-certificates-mozilla-2.60-12.40.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): ca-certificates-mozilla-2.60-12.40.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): ca-certificates-mozilla-2.60-12.40.1 References: https://bugzilla.suse.com/1206212 https://bugzilla.suse.com/1206622 From sle-updates at lists.suse.com Tue Dec 27 17:19:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2022 18:19:13 +0100 (CET) Subject: SUSE-SU-2022:4627-1: important: Security update for systemd Message-ID: <20221227171913.9BB5DFD2D@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4627-1 Rating: important References: #1204423 #1205000 Cross-References: CVE-2022-4415 CVSS scores: CVE-2022-4415 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Restrict cpu rule to x86_64, and also update the rule files to make use of the "CONST{arch}" syntax (bsc#1204423). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-4627=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-4627=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.46.1 systemd-debuginfo-228-157.46.1 systemd-debugsource-228-157.46.1 systemd-devel-228-157.46.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.46.1 libsystemd0-debuginfo-228-157.46.1 libudev-devel-228-157.46.1 libudev1-228-157.46.1 libudev1-debuginfo-228-157.46.1 systemd-228-157.46.1 systemd-debuginfo-228-157.46.1 systemd-debugsource-228-157.46.1 systemd-devel-228-157.46.1 systemd-sysvinit-228-157.46.1 udev-228-157.46.1 udev-debuginfo-228-157.46.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.46.1 libsystemd0-debuginfo-32bit-228-157.46.1 libudev1-32bit-228-157.46.1 libudev1-debuginfo-32bit-228-157.46.1 systemd-32bit-228-157.46.1 systemd-debuginfo-32bit-228-157.46.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.46.1 References: https://www.suse.com/security/cve/CVE-2022-4415.html https://bugzilla.suse.com/1204423 https://bugzilla.suse.com/1205000 From sle-updates at lists.suse.com Tue Dec 27 17:20:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Dec 2022 18:20:02 +0100 (CET) Subject: SUSE-SU-2022:4626-1: important: Security update for freeradius-server Message-ID: <20221227172002.86950FD2D@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4626-1 Rating: important References: #1206204 #1206205 #1206206 SLE-11203 Cross-References: CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 CVSS scores: CVE-2022-41859 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-41860 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41861 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities, contains one feature is now available. Description: This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD (bsc#1206204). - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM (bsc#1206205). - CVE-2022-41861: Fixes a crash on invalid abinary data (bsc#1206206). - rebuild against the new net-snmp (jsc#SLE-11203). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4626=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4626=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.25-150400.4.4.1 freeradius-server-debuginfo-3.0.25-150400.4.4.1 freeradius-server-debugsource-3.0.25-150400.4.4.1 freeradius-server-devel-3.0.25-150400.4.4.1 freeradius-server-doc-3.0.25-150400.4.4.1 freeradius-server-krb5-3.0.25-150400.4.4.1 freeradius-server-krb5-debuginfo-3.0.25-150400.4.4.1 freeradius-server-ldap-3.0.25-150400.4.4.1 freeradius-server-ldap-debuginfo-3.0.25-150400.4.4.1 freeradius-server-ldap-schemas-3.0.25-150400.4.4.1 freeradius-server-libs-3.0.25-150400.4.4.1 freeradius-server-libs-debuginfo-3.0.25-150400.4.4.1 freeradius-server-mysql-3.0.25-150400.4.4.1 freeradius-server-mysql-debuginfo-3.0.25-150400.4.4.1 freeradius-server-perl-3.0.25-150400.4.4.1 freeradius-server-perl-debuginfo-3.0.25-150400.4.4.1 freeradius-server-postgresql-3.0.25-150400.4.4.1 freeradius-server-postgresql-debuginfo-3.0.25-150400.4.4.1 freeradius-server-python3-3.0.25-150400.4.4.1 freeradius-server-python3-debuginfo-3.0.25-150400.4.4.1 freeradius-server-sqlite-3.0.25-150400.4.4.1 freeradius-server-sqlite-debuginfo-3.0.25-150400.4.4.1 freeradius-server-utils-3.0.25-150400.4.4.1 freeradius-server-utils-debuginfo-3.0.25-150400.4.4.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.25-150400.4.4.1 freeradius-server-debuginfo-3.0.25-150400.4.4.1 freeradius-server-debugsource-3.0.25-150400.4.4.1 freeradius-server-devel-3.0.25-150400.4.4.1 freeradius-server-krb5-3.0.25-150400.4.4.1 freeradius-server-krb5-debuginfo-3.0.25-150400.4.4.1 freeradius-server-ldap-3.0.25-150400.4.4.1 freeradius-server-ldap-debuginfo-3.0.25-150400.4.4.1 freeradius-server-libs-3.0.25-150400.4.4.1 freeradius-server-libs-debuginfo-3.0.25-150400.4.4.1 freeradius-server-mysql-3.0.25-150400.4.4.1 freeradius-server-mysql-debuginfo-3.0.25-150400.4.4.1 freeradius-server-perl-3.0.25-150400.4.4.1 freeradius-server-perl-debuginfo-3.0.25-150400.4.4.1 freeradius-server-postgresql-3.0.25-150400.4.4.1 freeradius-server-postgresql-debuginfo-3.0.25-150400.4.4.1 freeradius-server-python3-3.0.25-150400.4.4.1 freeradius-server-python3-debuginfo-3.0.25-150400.4.4.1 freeradius-server-sqlite-3.0.25-150400.4.4.1 freeradius-server-sqlite-debuginfo-3.0.25-150400.4.4.1 freeradius-server-utils-3.0.25-150400.4.4.1 freeradius-server-utils-debuginfo-3.0.25-150400.4.4.1 References: https://www.suse.com/security/cve/CVE-2022-41859.html https://www.suse.com/security/cve/CVE-2022-41860.html https://www.suse.com/security/cve/CVE-2022-41861.html https://bugzilla.suse.com/1206204 https://bugzilla.suse.com/1206205 https://bugzilla.suse.com/1206206 From sle-updates at lists.suse.com Wed Dec 28 08:34:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2022 09:34:58 +0100 (CET) Subject: SUSE-CU-2022:3457-1: Security update of suse/sles12sp4 Message-ID: <20221228083458.95724FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3457-1 Container Tags : suse/sles12sp4:26.548 , suse/sles12sp4:latest Container Release : 26.548 Severity : important Type : security References : 1206212 1206622 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4625-1 Released: Tue Dec 27 09:47:49 2022 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 The following package changes have been done: - base-container-licenses-3.0-1.334 updated - ca-certificates-mozilla-2.60-12.40.1 updated From sle-updates at lists.suse.com Wed Dec 28 08:43:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2022 09:43:47 +0100 (CET) Subject: SUSE-CU-2022:3458-1: Security update of suse/sles12sp5 Message-ID: <20221228084347.B1B05FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3458-1 Container Tags : suse/sles12sp5:6.5.419 , suse/sles12sp5:latest Container Release : 6.5.419 Severity : important Type : security References : 1204423 1205000 1206212 1206622 CVE-2022-4415 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4625-1 Released: Tue Dec 27 09:47:49 2022 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4627-1 Released: Tue Dec 27 15:05:41 2022 Summary: Security update for systemd Type: security Severity: important References: 1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). The following package changes have been done: - ca-certificates-mozilla-2.60-12.40.1 updated - libsystemd0-228-157.46.1 updated - libudev1-228-157.46.1 updated From sle-updates at lists.suse.com Wed Dec 28 14:20:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2022 15:20:52 +0100 (CET) Subject: SUSE-SU-2022:4629-1: important: Security update for systemd Message-ID: <20221228142052.5A91EFD89@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4629-1 Rating: important References: #1200723 #1205000 Cross-References: CVE-2022-4415 CVSS scores: CVE-2022-4415 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4629=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4629=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4629=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4629=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libsystemd0-249.12-150400.8.16.1 libsystemd0-debuginfo-249.12-150400.8.16.1 libudev1-249.12-150400.8.16.1 libudev1-debuginfo-249.12-150400.8.16.1 systemd-249.12-150400.8.16.1 systemd-container-249.12-150400.8.16.1 systemd-container-debuginfo-249.12-150400.8.16.1 systemd-debuginfo-249.12-150400.8.16.1 systemd-debugsource-249.12-150400.8.16.1 systemd-journal-remote-249.12-150400.8.16.1 systemd-journal-remote-debuginfo-249.12-150400.8.16.1 systemd-sysvinit-249.12-150400.8.16.1 udev-249.12-150400.8.16.1 udev-debuginfo-249.12-150400.8.16.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.12-150400.8.16.1 libsystemd0-debuginfo-249.12-150400.8.16.1 libudev1-249.12-150400.8.16.1 libudev1-debuginfo-249.12-150400.8.16.1 nss-myhostname-249.12-150400.8.16.1 nss-myhostname-debuginfo-249.12-150400.8.16.1 nss-systemd-249.12-150400.8.16.1 nss-systemd-debuginfo-249.12-150400.8.16.1 systemd-249.12-150400.8.16.1 systemd-container-249.12-150400.8.16.1 systemd-container-debuginfo-249.12-150400.8.16.1 systemd-coredump-249.12-150400.8.16.1 systemd-coredump-debuginfo-249.12-150400.8.16.1 systemd-debuginfo-249.12-150400.8.16.1 systemd-debugsource-249.12-150400.8.16.1 systemd-devel-249.12-150400.8.16.1 systemd-doc-249.12-150400.8.16.1 systemd-experimental-249.12-150400.8.16.1 systemd-experimental-debuginfo-249.12-150400.8.16.1 systemd-journal-remote-249.12-150400.8.16.1 systemd-journal-remote-debuginfo-249.12-150400.8.16.1 systemd-network-249.12-150400.8.16.1 systemd-network-debuginfo-249.12-150400.8.16.1 systemd-portable-249.12-150400.8.16.1 systemd-portable-debuginfo-249.12-150400.8.16.1 systemd-sysvinit-249.12-150400.8.16.1 systemd-testsuite-249.12-150400.8.16.1 systemd-testsuite-debuginfo-249.12-150400.8.16.1 udev-249.12-150400.8.16.1 udev-debuginfo-249.12-150400.8.16.1 - openSUSE Leap 15.4 (x86_64): libsystemd0-32bit-249.12-150400.8.16.1 libsystemd0-32bit-debuginfo-249.12-150400.8.16.1 libudev1-32bit-249.12-150400.8.16.1 libudev1-32bit-debuginfo-249.12-150400.8.16.1 nss-myhostname-32bit-249.12-150400.8.16.1 nss-myhostname-32bit-debuginfo-249.12-150400.8.16.1 systemd-32bit-249.12-150400.8.16.1 systemd-32bit-debuginfo-249.12-150400.8.16.1 - openSUSE Leap 15.4 (noarch): systemd-lang-249.12-150400.8.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.12-150400.8.16.1 libsystemd0-debuginfo-249.12-150400.8.16.1 libudev1-249.12-150400.8.16.1 libudev1-debuginfo-249.12-150400.8.16.1 systemd-249.12-150400.8.16.1 systemd-container-249.12-150400.8.16.1 systemd-container-debuginfo-249.12-150400.8.16.1 systemd-coredump-249.12-150400.8.16.1 systemd-coredump-debuginfo-249.12-150400.8.16.1 systemd-debuginfo-249.12-150400.8.16.1 systemd-debugsource-249.12-150400.8.16.1 systemd-devel-249.12-150400.8.16.1 systemd-doc-249.12-150400.8.16.1 systemd-sysvinit-249.12-150400.8.16.1 udev-249.12-150400.8.16.1 udev-debuginfo-249.12-150400.8.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-lang-249.12-150400.8.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libsystemd0-32bit-249.12-150400.8.16.1 libsystemd0-32bit-debuginfo-249.12-150400.8.16.1 libudev1-32bit-249.12-150400.8.16.1 libudev1-32bit-debuginfo-249.12-150400.8.16.1 systemd-32bit-249.12-150400.8.16.1 systemd-32bit-debuginfo-249.12-150400.8.16.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsystemd0-249.12-150400.8.16.1 libsystemd0-debuginfo-249.12-150400.8.16.1 libudev1-249.12-150400.8.16.1 libudev1-debuginfo-249.12-150400.8.16.1 systemd-249.12-150400.8.16.1 systemd-container-249.12-150400.8.16.1 systemd-container-debuginfo-249.12-150400.8.16.1 systemd-debuginfo-249.12-150400.8.16.1 systemd-debugsource-249.12-150400.8.16.1 systemd-journal-remote-249.12-150400.8.16.1 systemd-journal-remote-debuginfo-249.12-150400.8.16.1 systemd-sysvinit-249.12-150400.8.16.1 udev-249.12-150400.8.16.1 udev-debuginfo-249.12-150400.8.16.1 References: https://www.suse.com/security/cve/CVE-2022-4415.html https://bugzilla.suse.com/1200723 https://bugzilla.suse.com/1205000 From sle-updates at lists.suse.com Wed Dec 28 14:22:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2022 15:22:34 +0100 (CET) Subject: SUSE-SU-2022:4631-1: important: Security update for vim Message-ID: <20221228142234.F065DFD89@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4631-1 Rating: important References: #1204779 #1205797 #1206028 #1206071 #1206072 #1206075 #1206077 Cross-References: CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVSS scores: CVE-2022-3491 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3491 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3520 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3520 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3591 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3591 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3705 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3705 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-4141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4141 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-4292 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4292 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4293 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-4293 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4631=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4631=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4631=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4631=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-4631=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4631=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-4631=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4631=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-4631=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4631=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2022-4631=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4631=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4631=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2022-4631=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4631=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4631=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-4631=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4631=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4631=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4631=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4631=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4631=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2022-4631=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2022-4631=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4631=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4631=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4631=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4631=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4631=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - openSUSE Leap Micro 5.3 (noarch): vim-data-common-9.0.1040-150000.5.31.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - openSUSE Leap Micro 5.2 (noarch): vim-data-common-9.0.1040-150000.5.31.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - openSUSE Leap 15.4 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - openSUSE Leap 15.3 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Manager Server 4.2 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Manager Server 4.1 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Manager Retail Branch Server 4.2 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Manager Retail Branch Server 4.1 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Manager Proxy 4.2 (x86_64): vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Manager Proxy 4.2 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Manager Proxy 4.1 (x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Manager Proxy 4.1 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Micro 5.3 (noarch): vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Micro 5.2 (noarch): vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise Micro 5.1 (noarch): vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 vim-small-9.0.1040-150000.5.31.1 vim-small-debuginfo-9.0.1040-150000.5.31.1 - SUSE Enterprise Storage 7.1 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Enterprise Storage 7 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 - SUSE Enterprise Storage 6 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE CaaS Platform 4.0 (noarch): vim-data-9.0.1040-150000.5.31.1 vim-data-common-9.0.1040-150000.5.31.1 - SUSE CaaS Platform 4.0 (x86_64): gvim-9.0.1040-150000.5.31.1 gvim-debuginfo-9.0.1040-150000.5.31.1 vim-9.0.1040-150000.5.31.1 vim-debuginfo-9.0.1040-150000.5.31.1 vim-debugsource-9.0.1040-150000.5.31.1 References: https://www.suse.com/security/cve/CVE-2022-3491.html https://www.suse.com/security/cve/CVE-2022-3520.html https://www.suse.com/security/cve/CVE-2022-3591.html https://www.suse.com/security/cve/CVE-2022-3705.html https://www.suse.com/security/cve/CVE-2022-4141.html https://www.suse.com/security/cve/CVE-2022-4292.html https://www.suse.com/security/cve/CVE-2022-4293.html https://bugzilla.suse.com/1204779 https://bugzilla.suse.com/1205797 https://bugzilla.suse.com/1206028 https://bugzilla.suse.com/1206071 https://bugzilla.suse.com/1206072 https://bugzilla.suse.com/1206075 https://bugzilla.suse.com/1206077 From sle-updates at lists.suse.com Wed Dec 28 14:24:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2022 15:24:26 +0100 (CET) Subject: SUSE-RU-2022:4632-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20221228142426.3C4ACFD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4632-1 Rating: moderate References: #1020320 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150000_150_101, 4_12_14-150000_150_104, 4_12_14-150100_197_123, 4_12_14-150100_197_126, 5_14_21-150400_24_21, 5_14_21-150400_24_28, 5_3_18-150200_24_129, 5_3_18-150200_24_134, 5_3_18-150300_59_93, 5_3_18-150300_59_98. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4632=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4632=1 Package List: - openSUSE Leap 15.4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.84.1 - openSUSE Leap 15.3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.84.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Wed Dec 28 14:25:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2022 15:25:11 +0100 (CET) Subject: SUSE-SU-2022:4628-1: moderate: Security update for sqlite3 Message-ID: <20221228142511.F2307FD89@maintenance.suse.de> SUSE Security Update: Security update for sqlite3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4628-1 Rating: moderate References: #1206337 Cross-References: CVE-2022-46908 CVSS scores: CVE-2022-46908 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2022-46908 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4628=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4628=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4628=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4628=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-4628=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4628=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4628=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4628=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4628=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.20.1 libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 sqlite3-debuginfo-3.39.3-150000.3.20.1 sqlite3-debugsource-3.39.3-150000.3.20.1 sqlite3-tcl-3.39.3-150000.3.20.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libsqlite3-0-3.39.3-150000.3.20.1 libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 sqlite3-debuginfo-3.39.3-150000.3.20.1 sqlite3-debugsource-3.39.3-150000.3.20.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.39.3-150000.3.20.1 libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 sqlite3-3.39.3-150000.3.20.1 sqlite3-debuginfo-3.39.3-150000.3.20.1 sqlite3-debugsource-3.39.3-150000.3.20.1 sqlite3-devel-3.39.3-150000.3.20.1 sqlite3-tcl-3.39.3-150000.3.20.1 - openSUSE Leap 15.4 (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.20.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 - openSUSE Leap 15.4 (noarch): sqlite3-doc-3.39.3-150000.3.20.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.39.3-150000.3.20.1 libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 sqlite3-3.39.3-150000.3.20.1 sqlite3-debuginfo-3.39.3-150000.3.20.1 sqlite3-debugsource-3.39.3-150000.3.20.1 sqlite3-devel-3.39.3-150000.3.20.1 sqlite3-tcl-3.39.3-150000.3.20.1 - openSUSE Leap 15.3 (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.20.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 - openSUSE Leap 15.3 (noarch): sqlite3-doc-3.39.3-150000.3.20.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libsqlite3-0-3.39.3-150000.3.20.1 libsqlite3-0-32bit-3.39.3-150000.3.20.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 sqlite3-3.39.3-150000.3.20.1 sqlite3-debuginfo-3.39.3-150000.3.20.1 sqlite3-debugsource-3.39.3-150000.3.20.1 sqlite3-devel-3.39.3-150000.3.20.1 sqlite3-tcl-3.39.3-150000.3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsqlite3-0-3.39.3-150000.3.20.1 libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 sqlite3-3.39.3-150000.3.20.1 sqlite3-debuginfo-3.39.3-150000.3.20.1 sqlite3-debugsource-3.39.3-150000.3.20.1 sqlite3-devel-3.39.3-150000.3.20.1 sqlite3-tcl-3.39.3-150000.3.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libsqlite3-0-32bit-3.39.3-150000.3.20.1 libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsqlite3-0-3.39.3-150000.3.20.1 libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 sqlite3-debuginfo-3.39.3-150000.3.20.1 sqlite3-debugsource-3.39.3-150000.3.20.1 sqlite3-tcl-3.39.3-150000.3.20.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsqlite3-0-3.39.3-150000.3.20.1 libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 sqlite3-debuginfo-3.39.3-150000.3.20.1 sqlite3-debugsource-3.39.3-150000.3.20.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsqlite3-0-3.39.3-150000.3.20.1 libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 sqlite3-debuginfo-3.39.3-150000.3.20.1 sqlite3-debugsource-3.39.3-150000.3.20.1 References: https://www.suse.com/security/cve/CVE-2022-46908.html https://bugzilla.suse.com/1206337 From sle-updates at lists.suse.com Wed Dec 28 14:26:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2022 15:26:03 +0100 (CET) Subject: SUSE-SU-2022:4633-1: moderate: Security update for curl Message-ID: <20221228142603.D712EFD89@maintenance.suse.de> SUSE Security Update: Security update for curl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4633-1 Rating: moderate References: #1206309 Cross-References: CVE-2022-43552 CVSS scores: CVE-2022-43552 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 openSUSE Leap 15.3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4633=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4633=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-4633=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4633=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4633=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): curl-7.66.0-150200.4.45.1 curl-debuginfo-7.66.0-150200.4.45.1 curl-debugsource-7.66.0-150200.4.45.1 libcurl4-7.66.0-150200.4.45.1 libcurl4-debuginfo-7.66.0-150200.4.45.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): curl-7.66.0-150200.4.45.1 curl-debuginfo-7.66.0-150200.4.45.1 curl-debugsource-7.66.0-150200.4.45.1 libcurl-devel-7.66.0-150200.4.45.1 libcurl4-7.66.0-150200.4.45.1 libcurl4-debuginfo-7.66.0-150200.4.45.1 - openSUSE Leap 15.3 (x86_64): libcurl-devel-32bit-7.66.0-150200.4.45.1 libcurl4-32bit-7.66.0-150200.4.45.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.45.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): curl-7.66.0-150200.4.45.1 curl-debuginfo-7.66.0-150200.4.45.1 curl-debugsource-7.66.0-150200.4.45.1 libcurl-devel-7.66.0-150200.4.45.1 libcurl4-32bit-7.66.0-150200.4.45.1 libcurl4-32bit-debuginfo-7.66.0-150200.4.45.1 libcurl4-7.66.0-150200.4.45.1 libcurl4-debuginfo-7.66.0-150200.4.45.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): curl-7.66.0-150200.4.45.1 curl-debuginfo-7.66.0-150200.4.45.1 curl-debugsource-7.66.0-150200.4.45.1 libcurl4-7.66.0-150200.4.45.1 libcurl4-debuginfo-7.66.0-150200.4.45.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): curl-7.66.0-150200.4.45.1 curl-debuginfo-7.66.0-150200.4.45.1 curl-debugsource-7.66.0-150200.4.45.1 libcurl4-7.66.0-150200.4.45.1 libcurl4-debuginfo-7.66.0-150200.4.45.1 References: https://www.suse.com/security/cve/CVE-2022-43552.html https://bugzilla.suse.com/1206309 From sle-updates at lists.suse.com Wed Dec 28 14:26:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2022 15:26:56 +0100 (CET) Subject: SUSE-RU-2022:4632-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20221228142656.79B3FFD89@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4632-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: - Added data for 4_12_14-150000_150_101, 4_12_14-150000_150_104, 4_12_14-150100_197_123, 4_12_14-150100_197_126, 5_14_21-150400_24_21, 5_14_21-150400_24_28, 5_3_18-150200_24_129, 5_3_18-150200_24_134, 5_3_18-150300_59_93, 5_3_18-150300_59_98. (bsc#1020320) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4632=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4632=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-4632=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-4632=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-4632=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-4632=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-4632=1 Package List: - openSUSE Leap 15.4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.84.1 - openSUSE Leap 15.3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.84.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.84.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.84.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.84.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.84.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.84.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Wed Dec 28 14:28:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Dec 2022 15:28:01 +0100 (CET) Subject: SUSE-SU-2022:4630-1: important: Security update for systemd Message-ID: <20221228142801.BFC73FD89@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4630-1 Rating: important References: #1200723 #1203857 #1204423 #1205000 Cross-References: CVE-2022-4415 CVSS scores: CVE-2022-4415 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the "CONST{arch}" syntax (bsc#1204423). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-4630=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4630=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4630=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-4630=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-4630=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-4630=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2022-4630=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2022-4630=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-4630=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4630=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-4630=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4630=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2022-4630=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2022-4630=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4630=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nss-mymachines-246.16-150300.7.57.1 nss-mymachines-debuginfo-246.16-150300.7.57.1 nss-resolve-246.16-150300.7.57.1 nss-resolve-debuginfo-246.16-150300.7.57.1 systemd-logger-246.16-150300.7.57.1 - openSUSE Leap 15.4 (x86_64): nss-mymachines-32bit-246.16-150300.7.57.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.57.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 nss-myhostname-246.16-150300.7.57.1 nss-myhostname-debuginfo-246.16-150300.7.57.1 nss-mymachines-246.16-150300.7.57.1 nss-mymachines-debuginfo-246.16-150300.7.57.1 nss-resolve-246.16-150300.7.57.1 nss-resolve-debuginfo-246.16-150300.7.57.1 nss-systemd-246.16-150300.7.57.1 nss-systemd-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-logger-246.16-150300.7.57.1 systemd-network-246.16-150300.7.57.1 systemd-network-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - openSUSE Leap 15.3 (x86_64): libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libudev-devel-32bit-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 nss-myhostname-32bit-246.16-150300.7.57.1 nss-myhostname-32bit-debuginfo-246.16-150300.7.57.1 nss-mymachines-32bit-246.16-150300.7.57.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 - openSUSE Leap 15.3 (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Manager Server 4.2 (x86_64): libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 - SUSE Manager Server 4.2 (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Manager Retail Branch Server 4.2 (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Manager Proxy 4.2 (x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Manager Proxy 4.2 (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libsystemd0-246.16-150300.7.57.1 libsystemd0-debuginfo-246.16-150300.7.57.1 libudev-devel-246.16-150300.7.57.1 libudev1-246.16-150300.7.57.1 libudev1-debuginfo-246.16-150300.7.57.1 systemd-246.16-150300.7.57.1 systemd-container-246.16-150300.7.57.1 systemd-container-debuginfo-246.16-150300.7.57.1 systemd-coredump-246.16-150300.7.57.1 systemd-coredump-debuginfo-246.16-150300.7.57.1 systemd-debuginfo-246.16-150300.7.57.1 systemd-debugsource-246.16-150300.7.57.1 systemd-devel-246.16-150300.7.57.1 systemd-doc-246.16-150300.7.57.1 systemd-journal-remote-246.16-150300.7.57.1 systemd-journal-remote-debuginfo-246.16-150300.7.57.1 systemd-sysvinit-246.16-150300.7.57.1 udev-246.16-150300.7.57.1 udev-debuginfo-246.16-150300.7.57.1 - SUSE Enterprise Storage 7.1 (noarch): systemd-lang-246.16-150300.7.57.1 - SUSE Enterprise Storage 7.1 (x86_64): libsystemd0-32bit-246.16-150300.7.57.1 libsystemd0-32bit-debuginfo-246.16-150300.7.57.1 libudev1-32bit-246.16-150300.7.57.1 libudev1-32bit-debuginfo-246.16-150300.7.57.1 systemd-32bit-246.16-150300.7.57.1 systemd-32bit-debuginfo-246.16-150300.7.57.1 References: https://www.suse.com/security/cve/CVE-2022-4415.html https://bugzilla.suse.com/1200723 https://bugzilla.suse.com/1203857 https://bugzilla.suse.com/1204423 https://bugzilla.suse.com/1205000 From sle-updates at lists.suse.com Thu Dec 29 08:55:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 09:55:14 +0100 (CET) Subject: SUSE-CU-2022:3472-1: Security update of suse/sle15 Message-ID: <20221229085514.534AEFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3472-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.659 Container Release : 4.22.659 Severity : moderate Type : security References : 1206337 CVE-2022-46908 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). The following package changes have been done: - libsqlite3-0-3.39.3-150000.3.20.1 updated From sle-updates at lists.suse.com Thu Dec 29 09:16:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 10:16:31 +0100 (CET) Subject: SUSE-CU-2022:3473-1: Security update of suse/sle15 Message-ID: <20221229091631.56BE3FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3473-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.723 Container Release : 6.2.723 Severity : moderate Type : security References : 1206337 CVE-2022-46908 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). The following package changes have been done: - libsqlite3-0-3.39.3-150000.3.20.1 updated From sle-updates at lists.suse.com Thu Dec 29 09:30:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 10:30:38 +0100 (CET) Subject: SUSE-CU-2022:3474-1: Security update of suse/sle15 Message-ID: <20221229093038.2D4F3FD84@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3474-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.248 Container Release : 9.5.248 Severity : moderate Type : security References : 1206309 1206337 CVE-2022-43552 CVE-2022-46908 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). The following package changes have been done: - libcurl4-7.66.0-150200.4.45.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated From sle-updates at lists.suse.com Thu Dec 29 09:38:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 10:38:58 +0100 (CET) Subject: SUSE-CU-2022:3475-1: Security update of bci/bci-init Message-ID: <20221229093858.A9F14FD84@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3475-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.99 Container Release : 21.99 Severity : important Type : security References : 1200723 1203857 1204423 1205000 1206309 1206337 CVE-2022-43552 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). The following package changes have been done: - libcurl4-7.66.0-150200.4.45.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libudev1-246.16-150300.7.57.1 updated - systemd-246.16-150300.7.57.1 updated - udev-246.16-150300.7.57.1 updated - container:sles15-image-15.0.0-17.20.88 updated From sle-updates at lists.suse.com Thu Dec 29 09:46:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 10:46:48 +0100 (CET) Subject: SUSE-CU-2022:3476-1: Security update of bci/nodejs Message-ID: <20221229094648.24265FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3476-1 Container Tags : bci/node:12 , bci/node:12-17.114 , bci/nodejs:12 , bci/nodejs:12-17.114 Container Release : 17.114 Severity : important Type : security References : 1200723 1203857 1204423 1205000 1206309 1206337 CVE-2022-43552 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). The following package changes have been done: - libcurl4-7.66.0-150200.4.45.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libudev1-246.16-150300.7.57.1 updated - container:sles15-image-15.0.0-17.20.88 updated From sle-updates at lists.suse.com Thu Dec 29 09:54:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 10:54:42 +0100 (CET) Subject: SUSE-CU-2022:3477-1: Security update of bci/python Message-ID: <20221229095442.A438CFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3477-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-22.25 Container Release : 22.25 Severity : important Type : security References : 1200723 1203857 1204423 1205000 1206309 1206337 CVE-2022-43552 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). The following package changes have been done: - curl-7.66.0-150200.4.45.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libudev1-246.16-150300.7.57.1 updated - container:sles15-image-15.0.0-17.20.88 updated From sle-updates at lists.suse.com Thu Dec 29 10:05:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:05:17 +0100 (CET) Subject: SUSE-CU-2022:3478-1: Security update of suse/sle15 Message-ID: <20221229100517.1839FFD84@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3478-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.88 , suse/sle15:15.3 , suse/sle15:15.3.17.20.88 Container Release : 17.20.88 Severity : important Type : security References : 1200723 1203857 1204423 1205000 1206309 1206337 CVE-2022-43552 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4633-1 Released: Wed Dec 28 09:32:15 2022 Summary: Security update for curl Type: security Severity: moderate References: 1206309,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). The following package changes have been done: - curl-7.66.0-150200.4.45.1 updated - libcurl4-7.66.0-150200.4.45.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-246.16-150300.7.57.1 updated - libudev1-246.16-150300.7.57.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:07:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:07:50 +0100 (CET) Subject: SUSE-CU-2022:3479-1: Security update of suse/389-ds Message-ID: <20221229100750.1C380FD84@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3479-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-18.14 , suse/389-ds:latest Container Release : 18.14 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:10:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:10:18 +0100 (CET) Subject: SUSE-CU-2022:3480-1: Security update of bci/dotnet-aspnet Message-ID: <20221229101018.92B0CFD84@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3480-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-46.7 , bci/dotnet-aspnet:3.1.32 , bci/dotnet-aspnet:3.1.32-46.7 Container Release : 46.7 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:12:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:12:35 +0100 (CET) Subject: SUSE-CU-2022:3481-1: Security update of bci/dotnet-aspnet Message-ID: <20221229101235.EBC5FFD84@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3481-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.70 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.70 Container Release : 27.70 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:14:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:14:58 +0100 (CET) Subject: SUSE-CU-2022:3482-1: Security update of bci/dotnet-aspnet Message-ID: <20221229101458.9725BFD84@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3482-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-26.7 , bci/dotnet-aspnet:6.0.12 , bci/dotnet-aspnet:6.0.12-26.7 Container Release : 26.7 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:17:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:17:42 +0100 (CET) Subject: SUSE-CU-2022:3483-1: Security update of bci/dotnet-sdk Message-ID: <20221229101742.0A3B0FD84@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3483-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-51.7 , bci/dotnet-sdk:3.1.32 , bci/dotnet-sdk:3.1.32-51.7 Container Release : 51.7 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:20:08 +0100 (CET) Subject: SUSE-CU-2022:3484-1: Security update of bci/dotnet-sdk Message-ID: <20221229102008.69F85FD84@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3484-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.69 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.69 Container Release : 35.69 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:22:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:22:41 +0100 (CET) Subject: SUSE-CU-2022:3485-1: Security update of bci/dotnet-sdk Message-ID: <20221229102241.264E0FD84@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3485-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-28.7 , bci/dotnet-sdk:6.0.12 , bci/dotnet-sdk:6.0.12-28.7 Container Release : 28.7 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:25:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:25:02 +0100 (CET) Subject: SUSE-CU-2022:3486-1: Security update of bci/dotnet-runtime Message-ID: <20221229102502.58565FD84@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3486-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-52.7 , bci/dotnet-runtime:3.1.32 , bci/dotnet-runtime:3.1.32-52.7 Container Release : 52.7 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:27:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:27:23 +0100 (CET) Subject: SUSE-CU-2022:3487-1: Security update of bci/dotnet-runtime Message-ID: <20221229102723.ED056FD84@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3487-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.68 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.68 Container Release : 34.68 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:29:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:29:31 +0100 (CET) Subject: SUSE-CU-2022:3488-1: Security update of bci/dotnet-runtime Message-ID: <20221229102931.19387FD84@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3488-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-25.7 , bci/dotnet-runtime:6.0.12 , bci/dotnet-runtime:6.0.12-25.7 Container Release : 25.7 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:33:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:33:06 +0100 (CET) Subject: SUSE-CU-2022:3489-1: Security update of bci/golang Message-ID: <20221229103306.EC52CFD84@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3489-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-30.114 Container Release : 30.114 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:36:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:36:36 +0100 (CET) Subject: SUSE-CU-2022:3490-1: Security update of bci/golang Message-ID: <20221229103636.A6FA8FD84@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3490-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-29.115 Container Release : 29.115 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:39:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:39:31 +0100 (CET) Subject: SUSE-CU-2022:3491-1: Security update of bci/golang Message-ID: <20221229103931.AB2EEFD84@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3491-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.9 Container Release : 19.9 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 10:41:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 11:41:36 +0100 (CET) Subject: SUSE-CU-2022:3492-1: Security update of bci/golang Message-ID: <20221229104136.548A5FD84@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3492-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-19.8 , bci/golang:latest Container Release : 19.8 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Thu Dec 29 14:19:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 15:19:42 +0100 (CET) Subject: SUSE-SU-2022:4634-1: important: Security update for webkit2gtk3 Message-ID: <20221229141942.6FB43FD84@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4634-1 Rating: important References: #1206474 Cross-References: CVE-2022-42856 CVSS scores: CVE-2022-42856 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42856 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4634=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-4634=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-4634=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4634=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150400.4.25.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150400.4.25.1 libjavascriptcoregtk-4_1-0-2.38.3-150400.4.25.1 libjavascriptcoregtk-4_1-0-debuginfo-2.38.3-150400.4.25.1 libjavascriptcoregtk-5_0-0-2.38.3-150400.4.25.1 libjavascriptcoregtk-5_0-0-debuginfo-2.38.3-150400.4.25.1 libwebkit2gtk-4_0-37-2.38.3-150400.4.25.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150400.4.25.1 libwebkit2gtk-4_1-0-2.38.3-150400.4.25.1 libwebkit2gtk-4_1-0-debuginfo-2.38.3-150400.4.25.1 libwebkit2gtk-5_0-0-2.38.3-150400.4.25.1 libwebkit2gtk-5_0-0-debuginfo-2.38.3-150400.4.25.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150400.4.25.1 typelib-1_0-JavaScriptCore-4_1-2.38.3-150400.4.25.1 typelib-1_0-JavaScriptCore-5_0-2.38.3-150400.4.25.1 typelib-1_0-WebKit2-4_0-2.38.3-150400.4.25.1 typelib-1_0-WebKit2-4_1-2.38.3-150400.4.25.1 typelib-1_0-WebKit2-5_0-2.38.3-150400.4.25.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150400.4.25.1 typelib-1_0-WebKit2WebExtension-4_1-2.38.3-150400.4.25.1 typelib-1_0-WebKit2WebExtension-5_0-2.38.3-150400.4.25.1 webkit-jsc-4-2.38.3-150400.4.25.1 webkit-jsc-4-debuginfo-2.38.3-150400.4.25.1 webkit-jsc-4.1-2.38.3-150400.4.25.1 webkit-jsc-4.1-debuginfo-2.38.3-150400.4.25.1 webkit-jsc-5.0-2.38.3-150400.4.25.1 webkit-jsc-5.0-debuginfo-2.38.3-150400.4.25.1 webkit2gtk-4_0-injected-bundles-2.38.3-150400.4.25.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150400.4.25.1 webkit2gtk-4_1-injected-bundles-2.38.3-150400.4.25.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.38.3-150400.4.25.1 webkit2gtk-5_0-injected-bundles-2.38.3-150400.4.25.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.38.3-150400.4.25.1 webkit2gtk3-debugsource-2.38.3-150400.4.25.1 webkit2gtk3-devel-2.38.3-150400.4.25.1 webkit2gtk3-minibrowser-2.38.3-150400.4.25.1 webkit2gtk3-minibrowser-debuginfo-2.38.3-150400.4.25.1 webkit2gtk3-soup2-debugsource-2.38.3-150400.4.25.1 webkit2gtk3-soup2-devel-2.38.3-150400.4.25.1 webkit2gtk3-soup2-minibrowser-2.38.3-150400.4.25.1 webkit2gtk3-soup2-minibrowser-debuginfo-2.38.3-150400.4.25.1 webkit2gtk4-debugsource-2.38.3-150400.4.25.1 webkit2gtk4-devel-2.38.3-150400.4.25.1 webkit2gtk4-minibrowser-2.38.3-150400.4.25.1 webkit2gtk4-minibrowser-debuginfo-2.38.3-150400.4.25.1 - openSUSE Leap 15.4 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.38.3-150400.4.25.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.38.3-150400.4.25.1 libjavascriptcoregtk-4_1-0-32bit-2.38.3-150400.4.25.1 libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.38.3-150400.4.25.1 libwebkit2gtk-4_0-37-32bit-2.38.3-150400.4.25.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.38.3-150400.4.25.1 libwebkit2gtk-4_1-0-32bit-2.38.3-150400.4.25.1 libwebkit2gtk-4_1-0-32bit-debuginfo-2.38.3-150400.4.25.1 - openSUSE Leap 15.4 (noarch): WebKit2GTK-4.0-lang-2.38.3-150400.4.25.1 WebKit2GTK-4.1-lang-2.38.3-150400.4.25.1 WebKit2GTK-5.0-lang-2.38.3-150400.4.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-5_0-0-2.38.3-150400.4.25.1 libjavascriptcoregtk-5_0-0-debuginfo-2.38.3-150400.4.25.1 libwebkit2gtk-5_0-0-2.38.3-150400.4.25.1 libwebkit2gtk-5_0-0-debuginfo-2.38.3-150400.4.25.1 typelib-1_0-JavaScriptCore-5_0-2.38.3-150400.4.25.1 typelib-1_0-WebKit2-5_0-2.38.3-150400.4.25.1 webkit2gtk-5_0-injected-bundles-2.38.3-150400.4.25.1 webkit2gtk-5_0-injected-bundles-debuginfo-2.38.3-150400.4.25.1 webkit2gtk4-debugsource-2.38.3-150400.4.25.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_1-0-2.38.3-150400.4.25.1 libjavascriptcoregtk-4_1-0-debuginfo-2.38.3-150400.4.25.1 libwebkit2gtk-4_1-0-2.38.3-150400.4.25.1 libwebkit2gtk-4_1-0-debuginfo-2.38.3-150400.4.25.1 typelib-1_0-JavaScriptCore-4_1-2.38.3-150400.4.25.1 typelib-1_0-WebKit2-4_1-2.38.3-150400.4.25.1 typelib-1_0-WebKit2WebExtension-4_1-2.38.3-150400.4.25.1 webkit2gtk-4_1-injected-bundles-2.38.3-150400.4.25.1 webkit2gtk-4_1-injected-bundles-debuginfo-2.38.3-150400.4.25.1 webkit2gtk3-debugsource-2.38.3-150400.4.25.1 webkit2gtk3-devel-2.38.3-150400.4.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150400.4.25.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150400.4.25.1 libwebkit2gtk-4_0-37-2.38.3-150400.4.25.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150400.4.25.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150400.4.25.1 typelib-1_0-WebKit2-4_0-2.38.3-150400.4.25.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150400.4.25.1 webkit2gtk-4_0-injected-bundles-2.38.3-150400.4.25.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150400.4.25.1 webkit2gtk3-soup2-debugsource-2.38.3-150400.4.25.1 webkit2gtk3-soup2-devel-2.38.3-150400.4.25.1 References: https://www.suse.com/security/cve/CVE-2022-42856.html https://bugzilla.suse.com/1206474 From sle-updates at lists.suse.com Thu Dec 29 17:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 18:19:22 +0100 (CET) Subject: SUSE-SU-2022:4635-1: moderate: Security update for conmon Message-ID: <20221229171922.8DB58FD84@maintenance.suse.de> SUSE Security Update: Security update for conmon ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4635-1 Rating: moderate References: #1200285 Cross-References: CVE-2022-1708 CVSS scores: CVE-2022-1708 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1708 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for conmon fixes the following issues: conmon was updated to version 2.1.5: * don't leak syslog_identifier * logging: do not read more that the buf size * logging: fix error handling * Makefile: Fix install for FreeBSD * signal: Track changes to get_signal_descriptor in the FreeBSD version * Packit: initial enablement Update to version 2.1.4: * Fix a bug where conmon crashed when it got a SIGCHLD update to 2.1.3: * Stop using g_unix_signal_add() to avoid threads * Rename CLI optionlog-size-global-max to log-global-size-max Update to version 2.1.2: * add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285) * journald: print tag and name if both are specified * drop some logs to debug level Update to version 2.1.0 * logging: buffer partial messages to journald * exit: close all fds >= 3 * fix: cgroup: Free memory_cgroup_file_path if open fails. Update to version 2.0.32 * Fix: Avoid mainfd_std{in,out} sharing the same file descriptor. * exit_command: Fix: unset subreaper attribute before running exit command Update to version 2.0.31 * logging: new mode -l passthrough * ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald * conmon: Fix: free userdata files before exec cleanup Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4635=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4635=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-4635=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4635=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): conmon-2.1.5-150400.3.3.1 conmon-debuginfo-2.1.5-150400.3.3.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): conmon-2.1.5-150400.3.3.1 conmon-debuginfo-2.1.5-150400.3.3.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): conmon-2.1.5-150400.3.3.1 conmon-debuginfo-2.1.5-150400.3.3.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): conmon-2.1.5-150400.3.3.1 conmon-debuginfo-2.1.5-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-1708.html https://bugzilla.suse.com/1200285 From sle-updates at lists.suse.com Thu Dec 29 17:20:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 18:20:08 +0100 (CET) Subject: SUSE-SU-2022:4636-1: moderate: Security update for MozillaThunderbird Message-ID: <20221229172008.21F09FD84@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4636-1 Rating: moderate References: #1206653 Cross-References: CVE-2022-46874 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaThunderbird fixes the following issues: Update to version 102.6.1 * fixed: Remote content did not load in user-defined signatures * fixed: Addons that added new action buttons were not shown for addon upgrades, requiring removal and reinstall * fixed: Various stability improvements * CVE-2022-46874: Drag and Dropped Filenames could have been truncated to malicious extensions (bsc#1206653) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4636=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-4636=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4636=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-102.6.1-150200.8.99.1 MozillaThunderbird-debuginfo-102.6.1-150200.8.99.1 MozillaThunderbird-debugsource-102.6.1-150200.8.99.1 MozillaThunderbird-translations-common-102.6.1-150200.8.99.1 MozillaThunderbird-translations-other-102.6.1-150200.8.99.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-102.6.1-150200.8.99.1 MozillaThunderbird-debuginfo-102.6.1-150200.8.99.1 MozillaThunderbird-debugsource-102.6.1-150200.8.99.1 MozillaThunderbird-translations-common-102.6.1-150200.8.99.1 MozillaThunderbird-translations-other-102.6.1-150200.8.99.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-102.6.1-150200.8.99.1 MozillaThunderbird-debuginfo-102.6.1-150200.8.99.1 MozillaThunderbird-debugsource-102.6.1-150200.8.99.1 MozillaThunderbird-translations-common-102.6.1-150200.8.99.1 MozillaThunderbird-translations-other-102.6.1-150200.8.99.1 References: https://www.suse.com/security/cve/CVE-2022-46874.html https://bugzilla.suse.com/1206653 From sle-updates at lists.suse.com Thu Dec 29 20:19:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 21:19:06 +0100 (CET) Subject: SUSE-RU-2022:4638-1: important: Recommended update for drbd Message-ID: <20221229201906.C78D2FD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4638-1 Rating: important References: #1203931 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issues: - Fix regression slowing down full resync (bsc#1203931) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-4638=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): drbd-9.0.14+git.62f906cf-11.24.1 drbd-debugsource-9.0.14+git.62f906cf-11.24.1 drbd-kmp-default-9.0.14+git.62f906cf_k4.12.14_122.139-11.24.1 drbd-kmp-default-debuginfo-9.0.14+git.62f906cf_k4.12.14_122.139-11.24.1 References: https://bugzilla.suse.com/1203931 From sle-updates at lists.suse.com Thu Dec 29 20:19:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Dec 2022 21:19:45 +0100 (CET) Subject: SUSE-RU-2022:4637-1: important: Recommended update for python-parallax Message-ID: <20221229201945.F255DFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-parallax ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4637-1 Rating: important References: #1174894 #1200833 #1205116 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python-parallax fixes the following issues: - Don't call ssh for a command running on a local host (bsc#1200833) - Fix parallax file descriptor leakage (bsc#1205116) - Fix copy command for ipv6 compatibility (bsc#1174894) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-4637=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-4637=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): python3-parallax-1.0.8-2.17.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): python3-parallax-1.0.8-2.17.1 References: https://bugzilla.suse.com/1174894 https://bugzilla.suse.com/1200833 https://bugzilla.suse.com/1205116 From sle-updates at lists.suse.com Fri Dec 30 08:24:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:24:28 +0100 (CET) Subject: SUSE-CU-2022:3493-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20221230082428.835DBFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3493-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.60 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.60 Severity : important Type : security References : 1200723 1204779 1205000 1205797 1206028 1206071 1206072 1206075 1206077 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2022-4415 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). The following package changes have been done: - systemd-249.12-150400.8.16.1 updated - vim-data-common-9.0.1040-150000.5.31.1 updated - vim-9.0.1040-150000.5.31.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:25:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:25:06 +0100 (CET) Subject: SUSE-CU-2022:3494-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20221230082506.D4926FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3494-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.26 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.26 Severity : important Type : security References : 1200723 1204779 1205000 1205797 1206028 1206071 1206072 1206075 1206077 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2022-4415 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). The following package changes have been done: - systemd-249.12-150400.8.16.1 updated - vim-data-common-9.0.1040-150000.5.31.1 updated - vim-9.0.1040-150000.5.31.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:28:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:28:13 +0100 (CET) Subject: SUSE-CU-2022:3492-1: Security update of bci/golang Message-ID: <20221230082813.16DEBFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3492-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-19.8 , bci/golang:latest Container Release : 19.8 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:30:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:30:48 +0100 (CET) Subject: SUSE-CU-2022:3495-1: Security update of bci/bci-init Message-ID: <20221230083048.86248FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3495-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.24.60 , bci/bci-init:latest Container Release : 24.60 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsystemd0-249.12-150400.8.16.1 updated - systemd-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:33:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:33:26 +0100 (CET) Subject: SUSE-CU-2022:3496-1: Security update of bci/nodejs Message-ID: <20221230083326.4B290FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3496-1 Container Tags : bci/node:14 , bci/node:14-36.9 , bci/nodejs:14 , bci/nodejs:14-36.9 Container Release : 36.9 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:35:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:35:17 +0100 (CET) Subject: SUSE-CU-2022:3497-1: Security update of bci/nodejs Message-ID: <20221230083517.8DA31FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3497-1 Container Tags : bci/node:16 , bci/node:16-12.9 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-12.9 , bci/nodejs:latest Container Release : 12.9 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:40:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:40:08 +0100 (CET) Subject: SUSE-CU-2022:3498-1: Security update of bci/openjdk-devel Message-ID: <20221230084008.2BAD7FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3498-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.20 Container Release : 38.20 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated - container:bci-openjdk-11-15.4.11-34.10 updated From sle-updates at lists.suse.com Fri Dec 30 08:43:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:43:39 +0100 (CET) Subject: SUSE-CU-2022:3499-1: Security update of bci/openjdk Message-ID: <20221230084339.184BAFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3499-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.10 Container Release : 34.10 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:44:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:44:14 +0100 (CET) Subject: SUSE-CU-2022:3500-1: Security update of bci/openjdk-devel Message-ID: <20221230084414.2D95DFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3500-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-12.17 , bci/openjdk-devel:latest Container Release : 12.17 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated - container:bci-openjdk-17-15.4.17-11.8 updated From sle-updates at lists.suse.com Fri Dec 30 08:44:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:44:41 +0100 (CET) Subject: SUSE-CU-2022:3501-1: Security update of bci/openjdk Message-ID: <20221230084441.2983DFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3501-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-11.8 , bci/openjdk:latest Container Release : 11.8 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:47:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:47:56 +0100 (CET) Subject: SUSE-CU-2022:3502-1: Security update of suse/pcp Message-ID: <20221230084756.AA229FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3502-1 Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-11.119 , suse/pcp:latest Container Release : 11.119 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated - systemd-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:49:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:49:45 +0100 (CET) Subject: SUSE-CU-2022:3503-1: Security update of bci/python Message-ID: <20221230084945.340B2FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3503-1 Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-10.7 , bci/python:latest Container Release : 10.7 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:51:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:51:47 +0100 (CET) Subject: SUSE-CU-2022:3504-1: Security update of bci/python Message-ID: <20221230085147.94609FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3504-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-33.7 Container Release : 33.7 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:55:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:55:44 +0100 (CET) Subject: SUSE-CU-2022:3505-1: Security update of bci/ruby Message-ID: <20221230085544.7E79FFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3505-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-32.7 , bci/ruby:latest Container Release : 32.7 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libudev1-249.12-150400.8.16.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated - sqlite3-devel-3.39.3-150000.3.20.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:56:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:56:27 +0100 (CET) Subject: SUSE-CU-2022:3506-1: Security update of bci/rust Message-ID: <20221230085627.83217FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3506-1 Container Tags : bci/rust:1.64 , bci/rust:1.64-4.7 Container Release : 4.7 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:56:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:56:44 +0100 (CET) Subject: SUSE-CU-2022:3507-1: Security update of bci/rust Message-ID: <20221230085644.D1E2DFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3507-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-12.7 , bci/rust:latest Container Release : 12.7 Severity : important Type : security References : 1200723 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsystemd0-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 08:58:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 09:58:37 +0100 (CET) Subject: SUSE-CU-2022:3508-1: Security update of suse/sle15 Message-ID: <20221230085837.8F1FDFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3508-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.26 , suse/sle15:15.4 , suse/sle15:15.4.27.14.26 Container Release : 27.14.26 Severity : important Type : security References : 1200723 1205000 1206337 CVE-2022-4415 CVE-2022-46908 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). The following package changes have been done: - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated - libudev1-249.12-150400.8.16.1 updated From sle-updates at lists.suse.com Fri Dec 30 09:00:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 10:00:46 +0100 (CET) Subject: SUSE-CU-2022:3509-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20221230090046.DC8FFFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3509-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.335 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.335 Severity : important Type : security References : 1200723 1203857 1204423 1204779 1205000 1205797 1206028 1206071 1206072 1206075 1206077 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2022-4415 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). The following package changes have been done: - systemd-246.16-150300.7.57.1 updated - udev-246.16-150300.7.57.1 updated - vim-data-common-9.0.1040-150000.5.31.1 updated - vim-9.0.1040-150000.5.31.1 updated From sle-updates at lists.suse.com Fri Dec 30 09:09:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 10:09:53 +0100 (CET) Subject: SUSE-CU-2022:3511-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20221230090953.9F5B9FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:3511-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.156 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.156 Severity : important Type : security References : 1200723 1203857 1204423 1204779 1205000 1205797 1206028 1206071 1206072 1206075 1206077 CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2022-4415 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4630-1 Released: Wed Dec 28 09:25:18 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1203857,1204423,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). The following package changes have been done: - systemd-246.16-150300.7.57.1 updated - udev-246.16-150300.7.57.1 updated - vim-data-common-9.0.1040-150000.5.31.1 updated - vim-9.0.1040-150000.5.31.1 updated From sle-updates at lists.suse.com Fri Dec 30 14:19:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 15:19:48 +0100 (CET) Subject: SUSE-RU-2022:4640-1: Recommended update for drbd-utils Message-ID: <20221230141948.3C8ADFD84@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4640-1 Rating: low References: #1204276 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd-utils fixes the following issue: - Remove crm-fence-peer.sh for drbd8 to avoid confusion with v9 (bsc#1204276) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2022-4640=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4640=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-4640=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2022-4640=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-4640=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): drbd-utils-9.19.0-150400.3.6.1 drbd-utils-debuginfo-9.19.0-150400.3.6.1 drbd-utils-debugsource-9.19.0-150400.3.6.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): drbd-utils-9.19.0-150400.3.6.1 drbd-utils-debuginfo-9.19.0-150400.3.6.1 drbd-utils-debugsource-9.19.0-150400.3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64): drbd-utils-9.19.0-150400.3.6.1 drbd-utils-debuginfo-9.19.0-150400.3.6.1 drbd-utils-debugsource-9.19.0-150400.3.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): drbd-utils-9.19.0-150400.3.6.1 drbd-utils-debuginfo-9.19.0-150400.3.6.1 drbd-utils-debugsource-9.19.0-150400.3.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): drbd-utils-9.19.0-150400.3.6.1 drbd-utils-debuginfo-9.19.0-150400.3.6.1 drbd-utils-debugsource-9.19.0-150400.3.6.1 References: https://bugzilla.suse.com/1204276 From sle-updates at lists.suse.com Fri Dec 30 14:20:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 15:20:32 +0100 (CET) Subject: SUSE-SU-2022:4639-1: Security update for polkit-default-privs Message-ID: <20221230142032.1D4F8FD84@maintenance.suse.de> SUSE Security Update: Security update for polkit-default-privs ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4639-1 Rating: low References: #1206414 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for polkit-default-privs fixes the following issues: Update to version 13.2+20221216.a0c29e6: - backport usbguard actions (bsc#1206414). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4639=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4639=1 Package List: - openSUSE Leap 15.4 (noarch): polkit-default-privs-13.2+20221216.a0c29e6-150400.3.3.1 polkit-whitelisting-13.2+20221216.a0c29e6-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): polkit-default-privs-13.2+20221216.a0c29e6-150400.3.3.1 References: https://bugzilla.suse.com/1206414 From sle-updates at lists.suse.com Fri Dec 30 14:21:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 15:21:42 +0100 (CET) Subject: SUSE-SU-2022:4641-1: important: Security update for webkit2gtk3 Message-ID: <20221230142142.C1EF3FD84@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4641-1 Rating: important References: #1206474 #1206750 Cross-References: CVE-2022-42852 CVE-2022-42856 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVSS scores: CVE-2022-42852 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42852 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42856 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42856 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42863 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42863 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42867 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42867 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46691 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46691 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46692 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-46692 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-46698 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-46698 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-46699 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46699 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46700 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed an arbitrary code execution caused by memory corruption. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4641=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-4641=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4641=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-4641=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4641=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-4641=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4641=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2022-4641=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4641=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2022-4641=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4641=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2022-4641=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2022-4641=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2022-4641=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4641=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-4641=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4641=1 Package List: - openSUSE Leap 15.4 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 - SUSE Manager Server 4.2 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Manager Server 4.1 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 - SUSE Manager Retail Branch Server 4.2 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Manager Retail Branch Server 4.1 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Manager Proxy 4.2 (x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 - SUSE Manager Proxy 4.2 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Manager Proxy 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Manager Proxy 4.1 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Enterprise Storage 7.1 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150200.57.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-2.38.3-150200.57.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150200.57.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2-4_0-2.38.3-150200.57.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-2.38.3-150200.57.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150200.57.1 webkit2gtk3-debugsource-2.38.3-150200.57.1 webkit2gtk3-devel-2.38.3-150200.57.1 - SUSE Enterprise Storage 7 (noarch): libwebkit2gtk3-lang-2.38.3-150200.57.1 References: https://www.suse.com/security/cve/CVE-2022-42852.html https://www.suse.com/security/cve/CVE-2022-42856.html https://www.suse.com/security/cve/CVE-2022-42863.html https://www.suse.com/security/cve/CVE-2022-42867.html https://www.suse.com/security/cve/CVE-2022-46691.html https://www.suse.com/security/cve/CVE-2022-46692.html https://www.suse.com/security/cve/CVE-2022-46698.html https://www.suse.com/security/cve/CVE-2022-46699.html https://www.suse.com/security/cve/CVE-2022-46700.html https://bugzilla.suse.com/1206474 https://bugzilla.suse.com/1206750 From sle-updates at lists.suse.com Fri Dec 30 17:19:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Dec 2022 18:19:01 +0100 (CET) Subject: SUSE-SU-2022:4642-1: important: Security update for webkit2gtk3 Message-ID: <20221230171901.EA770FD84@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4642-1 Rating: important References: #1206474 #1206750 Cross-References: CVE-2022-42852 CVE-2022-42856 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVSS scores: CVE-2022-42852 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42852 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42856 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42856 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42863 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42863 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42867 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42867 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46691 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46691 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46692 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-46692 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-46698 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-46698 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-46699 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46699 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46700 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3: - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed an arbitrary code execution caused by memory corruption. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4642=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4642=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4642=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4642=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150000.3.125.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150000.3.125.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150000.3.125.1 webkit2gtk3-debugsource-2.38.3-150000.3.125.1 webkit2gtk3-devel-2.38.3-150000.3.125.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libwebkit2gtk3-lang-2.38.3-150000.3.125.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150000.3.125.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150000.3.125.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150000.3.125.1 webkit2gtk3-debugsource-2.38.3-150000.3.125.1 webkit2gtk3-devel-2.38.3-150000.3.125.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.38.3-150000.3.125.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150000.3.125.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150000.3.125.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150000.3.125.1 webkit2gtk3-debugsource-2.38.3-150000.3.125.1 webkit2gtk3-devel-2.38.3-150000.3.125.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libwebkit2gtk3-lang-2.38.3-150000.3.125.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150000.3.125.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150000.3.125.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150000.3.125.1 webkit2gtk3-debugsource-2.38.3-150000.3.125.1 webkit2gtk3-devel-2.38.3-150000.3.125.1 - SUSE Enterprise Storage 6 (noarch): libwebkit2gtk3-lang-2.38.3-150000.3.125.1 - SUSE CaaS Platform 4.0 (noarch): libwebkit2gtk3-lang-2.38.3-150000.3.125.1 - SUSE CaaS Platform 4.0 (x86_64): libjavascriptcoregtk-4_0-18-2.38.3-150000.3.125.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-2.38.3-150000.3.125.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-150000.3.125.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2-4_0-2.38.3-150000.3.125.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-2.38.3-150000.3.125.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-150000.3.125.1 webkit2gtk3-debugsource-2.38.3-150000.3.125.1 webkit2gtk3-devel-2.38.3-150000.3.125.1 References: https://www.suse.com/security/cve/CVE-2022-42852.html https://www.suse.com/security/cve/CVE-2022-42856.html https://www.suse.com/security/cve/CVE-2022-42863.html https://www.suse.com/security/cve/CVE-2022-42867.html https://www.suse.com/security/cve/CVE-2022-46691.html https://www.suse.com/security/cve/CVE-2022-46692.html https://www.suse.com/security/cve/CVE-2022-46698.html https://www.suse.com/security/cve/CVE-2022-46699.html https://www.suse.com/security/cve/CVE-2022-46700.html https://bugzilla.suse.com/1206474 https://bugzilla.suse.com/1206750 From sle-updates at lists.suse.com Sat Dec 31 20:21:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 31 Dec 2022 21:21:27 +0100 (CET) Subject: SUSE-RU-2022:4645-1: moderate: Security update for postgresql14, postgresql15 Message-ID: <20221231202127.86D63FD84@maintenance.suse.de> SUSE Recommended Update: Security update for postgresql14, postgresql15 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:4645-1 Rating: moderate References: #1205300 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql14, postgresql15 fixes the following issues: postgresql15 is shipped in version 15.1. * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/15/release-15-1.html Update to 15.0: * https://www.postgresql.org/about/news/p-2526/ * https://www.postgresql.org/docs/15/release-15.html postgresql14 was updated to 14.6. (bsc#1205300) * https://www.postgresql.org/about/news/2543/ * https://www.postgresql.org/docs/14/release-14-6.html The libpq5 and libecpg6 libraries are now provided by postgresql15. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4645=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4645=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4645=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4645=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4645=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4645=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4645=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4645=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-4645=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-4645=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-4645=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-4645=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-4645=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-4645=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4645=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4645=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4645=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4645=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-llvmjit-14.6-150200.5.20.2 postgresql14-llvmjit-debuginfo-14.6-150200.5.20.2 postgresql14-llvmjit-devel-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 postgresql14-test-14.6-150200.5.20.2 postgresql15-15.1-150200.5.3.2 postgresql15-contrib-15.1-150200.5.3.2 postgresql15-contrib-debuginfo-15.1-150200.5.3.2 postgresql15-debuginfo-15.1-150200.5.3.2 postgresql15-debugsource-15.1-150200.5.3.2 postgresql15-devel-15.1-150200.5.3.2 postgresql15-devel-debuginfo-15.1-150200.5.3.2 postgresql15-llvmjit-15.1-150200.5.3.2 postgresql15-llvmjit-debuginfo-15.1-150200.5.3.2 postgresql15-llvmjit-devel-15.1-150200.5.3.2 postgresql15-plperl-15.1-150200.5.3.2 postgresql15-plperl-debuginfo-15.1-150200.5.3.2 postgresql15-plpython-15.1-150200.5.3.2 postgresql15-plpython-debuginfo-15.1-150200.5.3.2 postgresql15-pltcl-15.1-150200.5.3.2 postgresql15-pltcl-debuginfo-15.1-150200.5.3.2 postgresql15-server-15.1-150200.5.3.2 postgresql15-server-debuginfo-15.1-150200.5.3.2 postgresql15-server-devel-15.1-150200.5.3.2 postgresql15-server-devel-debuginfo-15.1-150200.5.3.2 postgresql15-test-15.1-150200.5.3.2 - openSUSE Leap 15.4 (x86_64): libecpg6-32bit-15.1-150200.5.3.2 libecpg6-32bit-debuginfo-15.1-150200.5.3.2 libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 - openSUSE Leap 15.4 (noarch): postgresql-15-150400.4.6.2 postgresql-contrib-15-150400.4.6.2 postgresql-devel-15-150400.4.6.2 postgresql-docs-15-150400.4.6.2 postgresql-llvmjit-15-150400.4.6.2 postgresql-llvmjit-devel-15-150300.10.12.2 postgresql-plperl-15-150400.4.6.2 postgresql-plpython-15-150400.4.6.2 postgresql-pltcl-15-150400.4.6.2 postgresql-server-15-150400.4.6.2 postgresql-server-devel-15-150400.4.6.2 postgresql-test-15-150400.4.6.2 postgresql14-docs-14.6-150200.5.20.2 postgresql15-docs-15.1-150200.5.3.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-llvmjit-14.6-150200.5.20.2 postgresql14-llvmjit-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 postgresql14-test-14.6-150200.5.20.2 postgresql15-15.1-150200.5.3.2 postgresql15-contrib-15.1-150200.5.3.2 postgresql15-contrib-debuginfo-15.1-150200.5.3.2 postgresql15-debuginfo-15.1-150200.5.3.2 postgresql15-debugsource-15.1-150200.5.3.2 postgresql15-devel-15.1-150200.5.3.2 postgresql15-devel-debuginfo-15.1-150200.5.3.2 postgresql15-llvmjit-15.1-150200.5.3.2 postgresql15-llvmjit-debuginfo-15.1-150200.5.3.2 postgresql15-llvmjit-devel-15.1-150200.5.3.2 postgresql15-plperl-15.1-150200.5.3.2 postgresql15-plperl-debuginfo-15.1-150200.5.3.2 postgresql15-plpython-15.1-150200.5.3.2 postgresql15-plpython-debuginfo-15.1-150200.5.3.2 postgresql15-pltcl-15.1-150200.5.3.2 postgresql15-pltcl-debuginfo-15.1-150200.5.3.2 postgresql15-server-15.1-150200.5.3.2 postgresql15-server-debuginfo-15.1-150200.5.3.2 postgresql15-server-devel-15.1-150200.5.3.2 postgresql15-server-devel-debuginfo-15.1-150200.5.3.2 postgresql15-test-15.1-150200.5.3.2 - openSUSE Leap 15.3 (noarch): postgresql-15-150300.10.12.2 postgresql-contrib-15-150300.10.12.2 postgresql-devel-15-150300.10.12.2 postgresql-docs-15-150300.10.12.2 postgresql-llvmjit-15-150300.10.12.2 postgresql-plperl-15-150300.10.12.2 postgresql-plpython-15-150300.10.12.2 postgresql-pltcl-15-150300.10.12.2 postgresql-server-15-150300.10.12.2 postgresql-server-devel-15-150300.10.12.2 postgresql-test-15-150300.10.12.2 postgresql14-docs-14.6-150200.5.20.2 postgresql15-docs-15.1-150200.5.3.2 - openSUSE Leap 15.3 (x86_64): libecpg6-32bit-15.1-150200.5.3.2 libecpg6-32bit-debuginfo-15.1-150200.5.3.2 libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 - SUSE Manager Server 4.1 (noarch): postgresql-15-150200.4.18.6 postgresql-contrib-15-150200.4.18.6 postgresql-devel-15-150200.4.18.6 postgresql-docs-15-150200.4.18.6 postgresql-plperl-15-150200.4.18.6 postgresql-plpython-15-150200.4.18.6 postgresql-pltcl-15-150200.4.18.6 postgresql-server-15-150200.4.18.6 postgresql-server-devel-15-150200.4.18.6 postgresql14-docs-14.6-150200.5.20.2 - SUSE Manager Server 4.1 (x86_64): libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 - SUSE Manager Retail Branch Server 4.1 (noarch): postgresql-15-150200.4.18.6 postgresql-contrib-15-150200.4.18.6 postgresql-devel-15-150200.4.18.6 postgresql-docs-15-150200.4.18.6 postgresql-plperl-15-150200.4.18.6 postgresql-plpython-15-150200.4.18.6 postgresql-pltcl-15-150200.4.18.6 postgresql-server-15-150200.4.18.6 postgresql-server-devel-15-150200.4.18.6 postgresql14-docs-14.6-150200.5.20.2 - SUSE Manager Proxy 4.1 (x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 - SUSE Manager Proxy 4.1 (noarch): postgresql-15-150200.4.18.6 postgresql-contrib-15-150200.4.18.6 postgresql-devel-15-150200.4.18.6 postgresql-docs-15-150200.4.18.6 postgresql-plperl-15-150200.4.18.6 postgresql-plpython-15-150200.4.18.6 postgresql-pltcl-15-150200.4.18.6 postgresql-server-15-150200.4.18.6 postgresql-server-devel-15-150200.4.18.6 postgresql14-docs-14.6-150200.5.20.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): postgresql-15-150200.4.18.6 postgresql-contrib-15-150200.4.18.6 postgresql-devel-15-150200.4.18.6 postgresql-docs-15-150200.4.18.6 postgresql-plperl-15-150200.4.18.6 postgresql-plpython-15-150200.4.18.6 postgresql-pltcl-15-150200.4.18.6 postgresql-server-15-150200.4.18.6 postgresql-server-devel-15-150200.4.18.6 postgresql14-docs-14.6-150200.5.20.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): postgresql-15-150200.4.18.6 postgresql-contrib-15-150200.4.18.6 postgresql-devel-15-150200.4.18.6 postgresql-docs-15-150200.4.18.6 postgresql-plperl-15-150200.4.18.6 postgresql-plpython-15-150200.4.18.6 postgresql-pltcl-15-150200.4.18.6 postgresql-server-15-150200.4.18.6 postgresql-server-devel-15-150200.4.18.6 postgresql14-docs-14.6-150200.5.20.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): postgresql-15-150200.4.18.6 postgresql-contrib-15-150200.4.18.6 postgresql-devel-15-150200.4.18.6 postgresql-docs-15-150200.4.18.6 postgresql-plperl-15-150200.4.18.6 postgresql-plpython-15-150200.4.18.6 postgresql-pltcl-15-150200.4.18.6 postgresql-server-15-150200.4.18.6 postgresql-server-devel-15-150200.4.18.6 postgresql14-docs-14.6-150200.5.20.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 postgresql15-contrib-15.1-150200.5.3.2 postgresql15-contrib-debuginfo-15.1-150200.5.3.2 postgresql15-debuginfo-15.1-150200.5.3.2 postgresql15-debugsource-15.1-150200.5.3.2 postgresql15-devel-15.1-150200.5.3.2 postgresql15-devel-debuginfo-15.1-150200.5.3.2 postgresql15-plperl-15.1-150200.5.3.2 postgresql15-plperl-debuginfo-15.1-150200.5.3.2 postgresql15-plpython-15.1-150200.5.3.2 postgresql15-plpython-debuginfo-15.1-150200.5.3.2 postgresql15-pltcl-15.1-150200.5.3.2 postgresql15-pltcl-debuginfo-15.1-150200.5.3.2 postgresql15-server-15.1-150200.5.3.2 postgresql15-server-debuginfo-15.1-150200.5.3.2 postgresql15-server-devel-15.1-150200.5.3.2 postgresql15-server-devel-debuginfo-15.1-150200.5.3.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (ppc64le): postgresql15-15.1-150200.5.3.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): postgresql-contrib-15-150400.4.6.2 postgresql-devel-15-150400.4.6.2 postgresql-docs-15-150400.4.6.2 postgresql-plperl-15-150400.4.6.2 postgresql-plpython-15-150400.4.6.2 postgresql-pltcl-15-150400.4.6.2 postgresql-server-15-150400.4.6.2 postgresql-server-devel-15-150400.4.6.2 postgresql14-docs-14.6-150200.5.20.2 postgresql15-docs-15.1-150200.5.3.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 postgresql15-contrib-15.1-150200.5.3.2 postgresql15-contrib-debuginfo-15.1-150200.5.3.2 postgresql15-debuginfo-15.1-150200.5.3.2 postgresql15-debugsource-15.1-150200.5.3.2 postgresql15-devel-15.1-150200.5.3.2 postgresql15-devel-debuginfo-15.1-150200.5.3.2 postgresql15-plperl-15.1-150200.5.3.2 postgresql15-plperl-debuginfo-15.1-150200.5.3.2 postgresql15-plpython-15.1-150200.5.3.2 postgresql15-plpython-debuginfo-15.1-150200.5.3.2 postgresql15-pltcl-15.1-150200.5.3.2 postgresql15-pltcl-debuginfo-15.1-150200.5.3.2 postgresql15-server-15.1-150200.5.3.2 postgresql15-server-debuginfo-15.1-150200.5.3.2 postgresql15-server-devel-15.1-150200.5.3.2 postgresql15-server-devel-debuginfo-15.1-150200.5.3.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql-contrib-15-150300.10.12.2 postgresql-devel-15-150300.10.12.2 postgresql-docs-15-150300.10.12.2 postgresql-plperl-15-150300.10.12.2 postgresql-plpython-15-150300.10.12.2 postgresql-pltcl-15-150300.10.12.2 postgresql-server-15-150300.10.12.2 postgresql-server-devel-15-150300.10.12.2 postgresql14-docs-14.6-150200.5.20.2 postgresql15-docs-15.1-150200.5.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): postgresql14-llvmjit-14.6-150200.5.20.2 postgresql14-llvmjit-debuginfo-14.6-150200.5.20.2 postgresql14-llvmjit-devel-14.6-150200.5.20.2 postgresql14-test-14.6-150200.5.20.2 postgresql15-llvmjit-15.1-150200.5.3.2 postgresql15-llvmjit-debuginfo-15.1-150200.5.3.2 postgresql15-llvmjit-devel-15.1-150200.5.3.2 postgresql15-test-15.1-150200.5.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): postgresql-15-150400.4.6.2 postgresql-contrib-15-150400.4.6.2 postgresql-devel-15-150400.4.6.2 postgresql-docs-15-150400.4.6.2 postgresql-llvmjit-15-150400.4.6.2 postgresql-llvmjit-devel-15-150400.4.6.2 postgresql-plperl-15-150400.4.6.2 postgresql-plpython-15-150400.4.6.2 postgresql-pltcl-15-150400.4.6.2 postgresql-server-15-150400.4.6.2 postgresql-server-devel-15-150400.4.6.2 postgresql-test-15-150400.4.6.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql14-llvmjit-14.6-150200.5.20.2 postgresql14-llvmjit-debuginfo-14.6-150200.5.20.2 postgresql15-llvmjit-15.1-150200.5.3.2 postgresql15-llvmjit-debuginfo-15.1-150200.5.3.2 postgresql15-llvmjit-devel-15.1-150200.5.3.2 postgresql15-test-15.1-150200.5.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): postgresql-15-150300.10.12.2 postgresql-contrib-15-150300.10.12.2 postgresql-devel-15-150300.10.12.2 postgresql-docs-15-150300.10.12.2 postgresql-llvmjit-15-150300.10.12.2 postgresql-llvmjit-devel-15-150300.10.12.2 postgresql-plperl-15-150300.10.12.2 postgresql-plpython-15-150300.10.12.2 postgresql-pltcl-15-150300.10.12.2 postgresql-server-15-150300.10.12.2 postgresql-server-devel-15-150300.10.12.2 postgresql-test-15-150300.10.12.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): postgresql14-test-14.6-150200.5.20.2 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (noarch): postgresql-llvmjit-15-150400.4.6.2 postgresql-llvmjit-devel-15-150300.10.12.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql15-15.1-150200.5.3.2 postgresql15-debuginfo-15.1-150200.5.3.2 postgresql15-debugsource-15.1-150200.5.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): postgresql-15-150400.4.6.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql15-15.1-150200.5.3.2 postgresql15-debuginfo-15.1-150200.5.3.2 postgresql15-debugsource-15.1-150200.5.3.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): postgresql-15-150300.10.12.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): postgresql-15-150200.4.18.6 postgresql-contrib-15-150200.4.18.6 postgresql-devel-15-150200.4.18.6 postgresql-docs-15-150200.4.18.6 postgresql-plperl-15-150200.4.18.6 postgresql-plpython-15-150200.4.18.6 postgresql-pltcl-15-150200.4.18.6 postgresql-server-15-150200.4.18.6 postgresql-server-devel-15-150200.4.18.6 postgresql14-docs-14.6-150200.5.20.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): postgresql-15-150200.4.18.6 postgresql-contrib-15-150200.4.18.6 postgresql-devel-15-150200.4.18.6 postgresql-docs-15-150200.4.18.6 postgresql-plperl-15-150200.4.18.6 postgresql-plpython-15-150200.4.18.6 postgresql-pltcl-15-150200.4.18.6 postgresql-server-15-150200.4.18.6 postgresql-server-devel-15-150200.4.18.6 postgresql14-docs-14.6-150200.5.20.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libecpg6-15.1-150200.5.3.2 libecpg6-debuginfo-15.1-150200.5.3.2 libpq5-15.1-150200.5.3.2 libpq5-debuginfo-15.1-150200.5.3.2 postgresql14-14.6-150200.5.20.2 postgresql14-contrib-14.6-150200.5.20.2 postgresql14-contrib-debuginfo-14.6-150200.5.20.2 postgresql14-debuginfo-14.6-150200.5.20.2 postgresql14-debugsource-14.6-150200.5.20.2 postgresql14-devel-14.6-150200.5.20.2 postgresql14-devel-debuginfo-14.6-150200.5.20.2 postgresql14-plperl-14.6-150200.5.20.2 postgresql14-plperl-debuginfo-14.6-150200.5.20.2 postgresql14-plpython-14.6-150200.5.20.2 postgresql14-plpython-debuginfo-14.6-150200.5.20.2 postgresql14-pltcl-14.6-150200.5.20.2 postgresql14-pltcl-debuginfo-14.6-150200.5.20.2 postgresql14-server-14.6-150200.5.20.2 postgresql14-server-debuginfo-14.6-150200.5.20.2 postgresql14-server-devel-14.6-150200.5.20.2 postgresql14-server-devel-debuginfo-14.6-150200.5.20.2 - SUSE Enterprise Storage 7 (x86_64): libpq5-32bit-15.1-150200.5.3.2 libpq5-32bit-debuginfo-15.1-150200.5.3.2 - SUSE Enterprise Storage 7 (noarch): postgresql-15-150200.4.18.6 postgresql-contrib-15-150200.4.18.6 postgresql-devel-15-150200.4.18.6 postgresql-docs-15-150200.4.18.6 postgresql-plperl-15-150200.4.18.6 postgresql-plpython-15-150200.4.18.6 postgresql-pltcl-15-150200.4.18.6 postgresql-server-15-150200.4.18.6 postgresql-server-devel-15-150200.4.18.6 postgresql14-docs-14.6-150200.5.20.2 References: https://bugzilla.suse.com/1205300